selfcert

package
v1.0.93 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 18, 2024 License: BSD-3-Clause Imports: 31 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var DefaultEncryptionParameters = EncryptionParameters{
	Iterations:  12,
	Memory:      256 * 1024,
	Threads:     1,
	KeyLength:   32,
	CipherSuite: "AES-GCM",
}

DefaultEncryptionParameters provides default settings for Argon2id and encryption.

Functions

func GenerateED25519Key

func GenerateED25519Key(privateKeyPath string, verbose, encrypt bool, name string) (ed25519.PrivateKey, error)

GenerateED25519Key generates an ED25519 key pair and saves the private key to a specified file.

func ListAgentKeys added in v1.0.56

func ListAgentKeys(a agent.Agent) error

ListAgentKeys lists all the keys stored in the SSH agent

func LoadEncryptedEd25519PrivateKey added in v1.0.37

func LoadEncryptedEd25519PrivateKey(path string) (decryptedPrivateKey []byte, err error)

asks for password

func LoadPrivateKey added in v1.0.56

func LoadPrivateKey(path string) (ed25519.PrivateKey, error)

also exported

func RetrieveCAKeysFromAgent added in v1.0.56

func RetrieveCAKeysFromAgent(a agent.Agent) ([]ssh.PublicKey, error)

RetrieveCAKeysFromAgent retrieves all keys from the ssh-agent that can be used as Certificate Authorities (CAs)

func RetrieveKeyByComment added in v1.0.56

func RetrieveKeyByComment(a agent.Agent, comment string) (*agent.Key, error)

RetrieveKeyByComment retrieves a key based on its comment from the SSH agent

func SavePrivateKeyToPathUnderPassphrase added in v1.0.37

func SavePrivateKeyToPathUnderPassphrase(privateKey []byte, path string) error

func Step1_MakeCertificatAuthority

func Step1_MakeCertificatAuthority(pathCA string, verbose bool, encrypt bool) (ed25519.PrivateKey, error)

pathCA "my-keep-private-dir" is the default. return the un-encrypted key to be used in subsequent signing steps without having to request the passphrase again.

func Step2_MakeEd25519PrivateKey added in v1.0.37

func Step2_MakeEd25519PrivateKey(name string, odirCert string, verbose, encrypt bool) (privKey ed25519.PrivateKey, err error)

name might be "client" or "node"; odirCert default might be "static/certs/client".

func Step3_MakeCertSigningRequest added in v1.0.37

func Step3_MakeCertSigningRequest(privKey ed25519.PrivateKey, name string, email string, odirCert string)

func Step4_MakeCertificate added in v1.0.37

func Step4_MakeCertificate(caPrivKey ed25519.PrivateKey, odirCA string, name string, odirCerts string, verbose bool)

if caPrivKey is provided (to avoid asking for pw), then odirCA/ca.key is assummed to be encrypted and we will use caPrivKey instead.

func Step5_ViewCertificate

func Step5_ViewCertificate(path string) (cert *x509.Certificate, err error, wasPrivKey bool)

optional

func Step6_LoadKeyPair

func Step6_LoadKeyPair(privateKeyPath, certPath string)

optional, for further use of keys.

typcially:

privateKeyPath = "static/certs/server/node.key"
certKeyPath = "static/certs/server/node.crt"

func StoreEd25519PrivateKey added in v1.0.56

func StoreEd25519PrivateKey(a agent.Agent, privateKey ed25519.PrivateKey, comment string) error

StoreEd25519PrivateKey stores the private key in the SSH agent

func VerifyClientCertificate added in v1.0.56

func VerifyClientCertificate(caKeys []ssh.PublicKey) func([][]byte, [][]*x509.Certificate) error

VerifyClientCertificate uses CA keys from the ssh-agent to verify incoming QUIC client certificates

Types

type EncryptionParameters added in v1.0.37

type EncryptionParameters struct {
	Iterations  uint32 // Number of iterations
	Memory      uint32 // Memory usage in KB
	Threads     uint8  // Degree of parallelism
	KeyLength   uint32 // Length of the derived key in bytes
	Salt        []byte // Random salt
	Nonce       []byte // Nonce used in AES-GCM
	CipherSuite string // Cipher suite used (e.g., AES-GCM)
}

EncryptionParameters holds the Argon2id parameters used for key derivation.

type SSHAgentSigner added in v1.0.56

type SSHAgentSigner struct {
	// contains filtered or unexported fields
}

SSHAgentSigner represents a signer that uses the ssh-agent for signing operations

func NewSSHAgentSigner added in v1.0.56

func NewSSHAgentSigner(a agent.Agent, key ssh.PublicKey) *SSHAgentSigner

NewSSHAgentSigner initializes a new SSHAgentSigner

func (*SSHAgentSigner) Public added in v1.0.56

func (s *SSHAgentSigner) Public() crypto.PublicKey

Public returns the public key of the signer

func (*SSHAgentSigner) Sign added in v1.0.56

func (s *SSHAgentSigner) Sign(rand io.Reader, data []byte, opts crypto.SignerOpts) (signature []byte, err error)

Sign signs the given data using the private key stored in the ssh-agent

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL