keys

package
v0.2.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 10, 2024 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Overview

Package keys provides context and management types for key signing and certificates.

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrNoContext is the error that operations requiring a keys.Context will return when the
	// given context does not have a keys.Context.
	ErrNoContext = errors.New("context does not have keys.Context")
	// ErrNoCertificateAuthority is returned when keys.Context's CA is nil but shouldn't be.
	ErrNoCertificateAuthority = errors.New("keys.Context does not have a certificate authority")
	// ErrNoSigner is returned when keys.Context's Signer is nil but shouldn't be.
	ErrNoSigner = errors.New("keys.Context does not have a signer")
	// ErrNoManager is returned when keys.Context's Manager is nil but shouldn't be.
	ErrNoManager = errors.New("keys.Context does not have a key manager")
)

Functions

func NewContext 

func NewContext(ctx context.Context, c *Context) context.Context

NewContext returns a context extended with a given keys.Context.

Types

type Context 

type Context struct {
	// CA is a CertificateAuthority implementation.
	CA styp.CertificateAuthority
	// Signer is used to sign certificates.
	Signer styp.Signer
	// Random is a source of randomness for certificate signatures.
	Random io.Reader
	// Manager implements the key management operations of ManagerInterface
	Manager ManagerInterface
}

Context encapsulates abstractions for key signing and certificate authority behavior for use in key subcommands.

func FromContext 

func FromContext(ctx context.Context) (*Context, error)

FromContext returns the context's rotate.Context if it exists.

type ManagerInterface 

type ManagerInterface interface {
	// CreateFirstSigningKey is called during CA bootstrapping to create the first signing key that
	// can be used for endorse.
	CreateFirstSigningKey(ctx context.Context) (string, error)
	// CreateNewSigningKeyVersion is callable after CreateNewSigningKey, and is meant for key
	// rotation. The signing key's name ought to be available from the context.
	CreateNewSigningKeyVersion(ctx context.Context) (string, error)
	// CreateNewRootKey establishes a new key for use as the root CA key.
	CreateNewRootKey(ctx context.Context) (string, error)
	// CertificateTemplate returns a certificate template that will be used for signing.
	CertificateTemplate(ctx context.Context, issuer *x509.Certificate, subjectPubKey any) (*x509.Certificate, error)

	// DestroyKeyVersion destroys a single key version.
	DestroyKeyVersion(ctx context.Context, keyVersionName string) error
	// Wipeout destroys all keys managed by this manager.
	Wipeout(ctx context.Context) error
}

ManagerInterface provides an abstraction over key creation, rotation, which includes granting certificates. It furthermore has the "wipeout" option to eliminate all keys it has created.

Source Files

View all Source files

Directories

Path Synopsis
Package gcpkms implements keys.ManagerInterface with a Google Cloud Platform Key Management Service (GCP KMS) client.
 Package gcpkms implements keys.ManagerInterface with a Google Cloud Platform Key Management Service (GCP KMS) client.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.