encrypt

package
v0.10.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 12, 2024 License: Apache-2.0 Imports: 33 Imported by: 1

Documentation

Overview

Copyright 2023 IBM Corp.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2022 IBM Corp.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2022 IBM Corp.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2022 IBM Corp.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2022 IBM Corp.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2022 IBM Corp. Licensed under the Apache License, Version 2.0 (the "License");

you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2022 IBM Corp.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

This section is empty.

Variables

View Source 
var (

	// PrivToRsaKey decodes a pkcs file into a private key
	PrivToRsaKey = F.Flow2(
		pemDecodeE,
		E.Chain(parsePrivateKeyE),
	)

	// CryptoCertFingerprint computes the fingerprint of a certificate using the crypto library
	CryptoCertFingerprint = F.Flow5(
		pemDecodeE,
		E.Chain(parseCertificateE),
		E.Map[error](rawFromCertificate),
		E.Map[error](sha256.Sum256),
		E.Map[error](shaToBytes),
	)

	// CryptoPrivKeyFingerprint computes the fingerprint of a private key using the crypto library
	CryptoPrivKeyFingerprint = F.Flow7(
		pemDecodeE,
		E.Chain(parsePrivateKeyE),
		E.Map[error](privToPub),
		E.Map[error](pubToAny),
		E.Chain(marshalPKIXPublicKeyE),
		E.Map[error](sha256.Sum256),
		E.Map[error](shaToBytes),
	)

	// CryptoVerifyDigest verifies the signature of the input data against a signature
	CryptoVerifyDigest = F.Flow2(
		pubToRsaKey,
		E.Fold(errorValidator, verifyPKCS1v15),
	)

	// CryptoPublicKey extracts the public key from a private key
	CryptoPublicKey = F.Flow6(
		pemDecodeE,
		E.Chain(parsePrivateKeyE),
		E.Map[error](privToPub),
		E.Map[error](pubToAny),
		E.Chain(marshalPKIXPublicKeyE),
		E.Map[error](func(data []byte) []byte {
			return pem.EncodeToMemory(
				&pem.Block{
					Type:  "PUBLIC KEY",
					Bytes: data,
				},
			)
		}),
	)
)
View Source 
var (
	// name of the environment variable carrying the openSSL binary
	KeyEnvOpenSSL = "OPENSSL_BIN"

	// OpenSSLSignDigest signs the sha256 digest using a private key
	OpenSSLSignDigest = handle(signDigest)

	OpenSSLAsymmetricEncryptPub = handle(asymmetricEncryptPub)

	OpenSSLAsymmetricEncryptCert = handle(asymmetricEncryptCert)

	OpenSSLAsymmetricDecrypt = handle(asymmetricDecrypt)

	OpenSSLSymmetricEncrypt = handle(symmetricEncrypt)

	// OpenSSLPublicKey gets the public key from a private key
	OpenSSLPublicKey = F.Flow2(
		OpenSSL("rsa", "-pubout"),
		mapStdout,
	)

	// CertSerial gets the serial number from a certificate
	CertSerial = F.Flow2(
		OpenSSL("x509", "-serial", "-noout"),
		mapStdout,
	)

	// OpenSSLCertFingerprint gets the fingerprint of a certificate
	OpenSSLCertFingerprint = F.Flow4(
		OpenSSL("x509", "--outform", "DER"),
		mapStdout,
		E.Chain(OpenSSL("sha256", "--binary")),
		mapStdout,
	)

	// gets the fingerprint of the private key
	OpenSSLPrivKeyFingerprint = F.Flow4(
		OpenSSL("rsa", "-pubout", "-outform", "DER"),
		mapStdout,
		E.Chain(OpenSSL("sha256", "--binary")),
		mapStdout,
	)
)
View Source 
var CryptoAsymmetricDecrypt = cryptoAsymmetricDecrypt(PrivToRsaKey)

CryptoAsymmetricDecrypt decrypts a piece of text using a private key

View Source 
var CryptoAsymmetricEncryptCert = cryptoAsymmetricEncrypt(certToRsaKey)

CryptoAsymmetricEncryptCert encrypts a piece of text using a certificate

View Source 
var CryptoAsymmetricEncryptPub = cryptoAsymmetricEncrypt(pubToRsaKey)

// CryptoAsymmetricEncryptPub encrypts a piece of text using a public key

Functions

func CreateCert added in v0.5.0 

func CreateCert(csrPath, caCertPath, caKeyPath string, expiryDays int) (string, error)

func CreateSigningCert added in v0.5.0 

func CreateSigningCert(privateKey, cacert, cakey, csrData, csrPemData string, expiryDays int) (string, error)

CreateSigningCert - function to generate Signing Certificate

func CreateTempFile added in v0.5.0 

func CreateTempFile(data string) (string, error)

CreateTempFile - Function to create temp file

func CryptoDecryptBasic added in v0.1.6 

func CryptoDecryptBasic(privKey []byte) func(string) E.Either[error, []byte]

OpenSSLDecryptBasic implements basic decryption using golang crypto libraries given the private key

func CryptoEncryptBasic 

func CryptoEncryptBasic(cert []byte) func([]byte) E.Either[error, string]

CryptoEncryptBasic implements basic encryption using golang crypto libraries given the certificate

func CryptoPrivateKey 

func CryptoPrivateKey() E.Either[error, []byte]

CryptoPrivateKey generates a private key

func CryptoRandomPassword 

func CryptoRandomPassword(count int) func() E.Either[error, []byte]

CryptoRandomPassword creates a random password of given length using characters from the base64 alphabet only

func CryptoSignDigest 

func CryptoSignDigest(privKey []byte) func([]byte) E.Either[error, []byte]

CryptoSignDigest generates a signature across the sha256

func CryptoSymmetricDecrypt added in v0.1.6 

func CryptoSymmetricDecrypt(srcText string) func([]byte) E.Either[error, []byte]

CryptoSymmetricDecrypt encrypts a set of bytes using a password

func CryptoSymmetricEncrypt 

func CryptoSymmetricEncrypt(srcPlainBytes []byte) func([]byte) E.Either[error, string]

CryptoSymmetricEncrypt encrypts a set of bytes using a password

func DecryptBasic 

func DecryptBasic(
	asymmDecrypt func(string) E.Either[error, []byte],
	symmDecrypt func(string) func([]byte) E.Either[error, []byte],
) func(string) E.Either[error, []byte]

func EncodeToBase64 added in v0.5.0 

func EncodeToBase64(input string) string

EncodeToBase64 - function to encode string as base64

func EncryptBasic 

func EncryptBasic(
	genPwd func() E.Either[error, []byte],
	asymmEncrypt func([]byte) E.Either[error, string],
	symmEncrypt func([]byte) func([]byte) E.Either[error, string],
) func([]byte) E.Either[error, string]

EncryptBasic implements the basic encryption operations

func EncryptContract added in v0.5.0 

func EncryptContract(password string, section map[string]interface{}) (string, error)

EncryptContract - function to encrypt contract

func EncryptFinalStr added in v0.5.0 

func EncryptFinalStr(encryptedPassword, encryptedContract string) string

EncryptFinalStr - function to get final encrypted section

func EncryptPassword added in v0.5.0 

func EncryptPassword(password, cert string) (string, error)

EncryptPassword - function to encrypt password

func GenFinalSignedContract added in v0.5.0 

func GenFinalSignedContract(workload, env, workloadEnvSig string) (string, error)

GenFinalSignedContract - function to generate the final contract

func KeyValueInjector added in v0.5.0 

func KeyValueInjector(contract map[string]interface{}, key, value string) (string, error)

KeyValueInjector - function to inject key value pair in YAML

func MapToYaml added in v0.5.0 

func MapToYaml(m map[string]interface{}) (string, error)

MapToYaml - function to convert string map to YAML

func OpenSSL 

func OpenSSL(args ...string) func([]byte) E.Either[error, common.CommandOutput]

func OpenSSLDecryptBasic 

func OpenSSLDecryptBasic(privKey []byte) func(string) E.Either[error, []byte]

OpenSSLDecryptBasic implements basic decryption using openSSL given the private key

func OpenSSLEncryptBasic 

func OpenSSLEncryptBasic(cert []byte) func([]byte) E.Either[error, string]

OpenSSLEncryptBasic implements basic encryption using openSSL given the certificate

func OpenSSLPrivateKey 

func OpenSSLPrivateKey() E.Either[error, []byte]

OpenSSLPrivateKey generates a private key

func OpenSSLRandomPassword 

func OpenSSLRandomPassword(count int) func() E.Either[error, []byte]

OpenSSLRandomPassword creates a random password of given length using characters from the base64 alphabet only

func OpenSSLSymmetricDecrypt added in v0.1.6 

func OpenSSLSymmetricDecrypt(token string) func([]byte) E.Either[error, []byte]

func OpenSSLVerifyDigest 

func OpenSSLVerifyDigest(pubKey []byte) func([]byte) func([]byte) O.Option[error]

OpenSSLVerifyDigest verifies the signature of the input data against a signature

func OpensslCheck added in v0.5.0 

func OpensslCheck() error

OpensslCheck - function to check if openssl exists

func RandomPasswordGenerator added in v0.5.0 

func RandomPasswordGenerator() (string, error)

RandomPasswordGenerator - function to generate random password

func SignContract added in v0.5.0 

func SignContract(encryptedWorkload, encryptedEnv, privateKey string) (string, error)

SignContract - function to sign encrypted contract

func SignatureTest 

func SignatureTest(
	privateKey func() E.Either[error, []byte],
	pubKey func([]byte) E.Either[error, []byte],
	randomData func() E.Either[error, []byte],
	signer func([]byte) func([]byte) E.Either[error, []byte],
	validator func([]byte) func([]byte) func([]byte) O.Option[error],
) func(t *testing.T)

func SimpleExecCommand added in v0.5.0 

func SimpleExecCommand(name string, stdinInput string, args ...string) (string, error)

SimpleExecCommand - function to run os commands

Types

type Decryption added in v0.1.6 

type Decryption struct {
	// DecryptBasic implements basic decryption given the private key
	DecryptBasic func(privKey []byte) func(string) E.Either[error, []byte]
}

Decryption captures the crypto functions required to implement the source providers

func DefaultDecryption added in v0.1.6 

func DefaultDecryption() Decryption

// DefaultDecryption detects the decryption environment

type Encryption 

type Encryption struct {
	// EncryptBasic implements basic encryption given the certificate
	EncryptBasic func([]byte) func([]byte) E.Either[error, string]
	// CertFingerprint computes the fingerprint of a certificate
	CertFingerprint func([]byte) E.Either[error, []byte]
	// PrivKeyFingerprint computes the fingerprint of a private key
	PrivKeyFingerprint func([]byte) E.Either[error, []byte]
	// PrivKey computes a new private key
	PrivKey func() E.Either[error, []byte]
	// PubKey computes a public key from a private key
	PubKey func([]byte) E.Either[error, []byte]
	// SignDigest computes the sha256 signature using a private key
	SignDigest func([]byte) func([]byte) E.Either[error, []byte]
}

Encryption captures the crypto functions required to implement the source providers

func DefaultEncryption 

func DefaultEncryption() Encryption

DefaultEncryption detects the encryption environment

type OpenSSLVersion 

type OpenSSLVersion = T.Tuple2[string, string]

OpenSSLVersion represents the openSSL version, including the path to the binary

type SplitToken 

type SplitToken = T.Tuple2[string, string]

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.