Documentation
¶
Index ¶
- Constants
- type LocalKMS
- func (l *LocalKMS) Create(kt kms.KeyType) (string, interface{}, error)
- func (l *LocalKMS) ExportPubKeyBytes(id string) ([]byte, error)
- func (l *LocalKMS) Get(keyID string) (interface{}, error)
- func (l *LocalKMS) ImportPrivateKey(privKey interface{}, kt kms.KeyType, opts ...PrivateKeyOpts) (string, *keyset.Handle, error)
- func (l *LocalKMS) PubKeyBytesToHandle(pubKey []byte, kt kms.KeyType) (*keyset.Handle, error)
- func (l *LocalKMS) Rotate(kt kms.KeyType, keyID string) (string, interface{}, error)
- type PrivateKeyOpts
- type PubKeyWriter
Constants ¶
const (
// Namespace is the keystore's DB storage namespace
Namespace = "kmsdb"
)
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type LocalKMS ¶
type LocalKMS struct {
// contains filtered or unexported fields
}
LocalKMS implements kms.KeyManager to provide key management capabilities using a local db. It uses an underlying secret lock service (default local secretLock) to wrap (encrypt) keys prior to storing them.
func (*LocalKMS) Create ¶
Create a new key/keyset for key type kt, store it and return its stored ID and key handle
func (*LocalKMS) ExportPubKeyBytes ¶ added in v0.1.3
ExportPubKeyBytes will fetch a key referenced by id then gets its public key in raw bytes and returns it. The key must be an asymmetric key it returns an error if it fails to export the public key bytes
func (*LocalKMS) ImportPrivateKey ¶ added in v0.1.3
func (l *LocalKMS) ImportPrivateKey(privKey interface{}, kt kms.KeyType, opts ...PrivateKeyOpts) (string, *keyset.Handle, error)
ImportPrivateKey will import privKey into the KMS storage for the given keyType then returns the new key id and the newly stored keyset.Handle privKey possible types are: *ecdsa.PrivateKey and ed25519.PrivateKey kt possible types are signing key types only (ECDSA keys or Ed25519) opts allows setting the keysetID of the imported key using WithKeyID() option. If the ID is already used, then an error is returned.
It returns an error if importing the key fails (key empty, invalid, doesn't match keyType or storing key failed)
func (*LocalKMS) PubKeyBytesToHandle ¶ added in v0.1.3
PubKeyBytesToHandle will create and return a key handle for pubKey of type kt it returns an error if it failed creating the key handle Note: The key handle created is not stored in the KMS, it's only useful to execute the crypto primitive associated with it.
type PrivateKeyOpts ¶ added in v0.1.3
type PrivateKeyOpts func(opts *privateKeyOpts)
PrivateKeyOpts are the import private key option.
func WithKeyID ¶ added in v0.1.3
func WithKeyID(keyID string) PrivateKeyOpts
WithKeyID option is for importing a private key with a specified KeyID.
type PubKeyWriter ¶ added in v0.1.3
type PubKeyWriter struct {
// contains filtered or unexported fields
}
PubKeyWriter will write the raw bytes of a Tink KeySet's primary public key The keyset must be one of the keyURLs defined above Note: Only signing public keys can be exported through this PubKeyWriter. ECHDES has its own Writer to export its public keys due to cyclic dependency.
func NewWriter ¶ added in v0.1.3
func NewWriter(w io.Writer) *PubKeyWriter
NewWriter creates a new PubKeyWriter instance
func (*PubKeyWriter) Write ¶ added in v0.1.3
func (p *PubKeyWriter) Write(keyset *tinkpb.Keyset) error
Write writes the public keyset to the underlying w.Writer
func (*PubKeyWriter) WriteEncrypted ¶ added in v0.1.3
func (p *PubKeyWriter) WriteEncrypted(keyset *tinkpb.EncryptedKeyset) error
WriteEncrypted writes the encrypted keyset to the underlying w.Writer
Source Files
Directories