Documentation
¶
Overview ¶
Package crypto provides signing functionality for Trillian.
Index ¶
- func SignatureAlgorithm(k gocrypto.PublicKey) sigpb.DigitallySigned_SignatureAlgorithm
- func Verify(pub crypto.PublicKey, hasher crypto.Hash, data, sig []byte) error
- func VerifySignedLogRoot(pub crypto.PublicKey, hash crypto.Hash, r *trillian.SignedLogRoot) (*types.LogRootV1, error)
- func VerifySignedMapRoot(pub crypto.PublicKey, hash crypto.Hash, smr *trillian.SignedMapRoot) (*types.MapRootV1, error)
- type Signer
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func SignatureAlgorithm ¶
func SignatureAlgorithm(k gocrypto.PublicKey) sigpb.DigitallySigned_SignatureAlgorithm
SignatureAlgorithm returns the algorithm used for this public key. Only ECDSA and RSA keys are supported. Other key types will return sigpb.DigitallySigned_ANONYMOUS.
func VerifySignedLogRoot ¶ added in v1.0.8
func VerifySignedLogRoot(pub crypto.PublicKey, hash crypto.Hash, r *trillian.SignedLogRoot) (*types.LogRootV1, error)
VerifySignedLogRoot verifies the SignedLogRoot and returns its contents.
func VerifySignedMapRoot ¶ added in v1.1.0
func VerifySignedMapRoot(pub crypto.PublicKey, hash crypto.Hash, smr *trillian.SignedMapRoot) (*types.MapRootV1, error)
VerifySignedMapRoot verifies the signature on the SignedMapRoot. VerifySignedMapRoot returns MapRootV1 to encourage safe API use. It should be the only function available to clients that returns MapRootV1.
Types ¶
type Signer ¶
type Signer struct {
KeyHint []byte
// If Hash is noHash (zero), the signer expects to be given the full message not a hashed digest.
Hash crypto.Hash
Signer crypto.Signer
}
Signer is responsible for signing log-related data and producing the appropriate application specific signature objects.
func NewSHA256Signer ¶
NewSHA256Signer creates a new SHA256 based Signer and a KeyID of 0. TODO(gbelvin): remove
func NewSigner ¶ added in v1.1.0
NewSigner returns a new signer. The signer will set the KeyHint field, when available, with KeyID.
func (*Signer) Sign ¶
Sign obtains a signature over the input data; this typically (but not always) involves first hashing the input data.
func (*Signer) SignLogRoot ¶ added in v1.0.5
SignLogRoot returns a complete SignedLogRoot (including signature).
func (*Signer) SignMapRoot ¶ added in v1.0.5
SignMapRoot hashes and signs the supplied (to-be) SignedMapRoot and returns a signature.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package keys provides access to public and private keys for signing and verification of signatures.
|
Package keys provides access to public and private keys for signing and verification of signatures. |
|
der/proto
Package proto registers a DER keys.ProtoHandler using keys.RegisterHandler.
|
Package proto registers a DER keys.ProtoHandler using keys.RegisterHandler. |
|
pem/proto
Package proto registers a PEM keys.ProtoHandler using keys.RegisterHandler.
|
Package proto registers a PEM keys.ProtoHandler using keys.RegisterHandler. |
|
pkcs11
Package pkcs11 provides access to private keys using a PKCS#11 interface.
|
Package pkcs11 provides access to private keys using a PKCS#11 interface. |
|
pkcs11/proto
Package proto registers a PKCS#11 keys.ProtoHandler using keys.RegisterHandler.
|
Package proto registers a PKCS#11 keys.ProtoHandler using keys.RegisterHandler. |
|
testonly
Package testonly contains code and data that should only be used by tests.
|
Package testonly contains code and data that should only be used by tests. |