Documentation ¶
Index ¶
- Variables
- type KeyChain
- func (keychain *KeyChain) Close()
- func (keychain *KeyChain) Decrypter(attrs *keystore.KeyAttributes) (crypto.Decrypter, error)
- func (keychain *KeyChain) Delete(attrs *keystore.KeyAttributes) error
- func (keychain *KeyChain) GenerateECDSA(attrs *keystore.KeyAttributes) (keystore.OpaqueKey, error)
- func (keychain *KeyChain) GenerateEd25519(attrs *keystore.KeyAttributes) (keystore.OpaqueKey, error)
- func (keychain *KeyChain) GenerateKey(attrs *keystore.KeyAttributes) (keystore.OpaqueKey, error)
- func (keychain *KeyChain) GenerateRSA(attrs *keystore.KeyAttributes) (keystore.OpaqueKey, error)
- func (keychain *KeyChain) Key(attrs *keystore.KeyAttributes) (keystore.OpaqueKey, error)
- func (keychain *KeyChain) PKCS11() keystore.KeyStorer
- func (keychain *KeyChain) PKCS8() keystore.KeyStorer
- func (keychain *KeyChain) Password(attrs *keystore.KeyAttributes) (keystore.Password, error)
- func (keychain *KeyChain) Signer(attrs *keystore.KeyAttributes) (crypto.Signer, error)
- func (keychain *KeyChain) Stores() []keystore.KeyStorer
- func (keychain *KeyChain) TPM2() keystore.KeyStorer
- func (keychain *KeyChain) Verifier(attrs *keystore.KeyAttributes, opts *keystore.VerifyOpts) keystore.Verifier
- type KeyChainConfig
Constants ¶
This section is empty.
Variables ¶
var ( ErrInvalidKeyChainCN = errors.New("keychain: invalid configuration, missing CN") ErrInvalidPlatformKeyStore = errors.New("keychain: invalid platform key store") )
Functions ¶
This section is empty.
Types ¶
type KeyChain ¶
The KeyChain provides access to all of the underlying Key Store Modules through a common API that abstracts away the implementation details of the underlying store. The KeyChain also implements the key store interface itself, using the StoreType property in the KeyAttributes to route the operation to the correct Key Store Module.
func NewKeyChain ¶
func NewKeyChain( logger *logging.Logger, debugSecrets bool, rootDir string, random io.Reader, config *KeyChainConfig, keyBackend keystore.KeyBackend, blobStore blob.BlobStorer, signerStore keystore.SignerStorer, tpm tpm2.TrustedPlatformModule, platformKS tpm2ks.PlatformKeyStorer, soPIN keystore.Password, userPIN keystore.Password) (keychain *KeyChain, err error)
Generates a new keychain using the provided configuration to instantiate the underlying key store modules.
func (*KeyChain) Close ¶
func (keychain *KeyChain) Close()
Calls close on each of the key stores and deletes the store from the internal store map.
func (*KeyChain) Delete ¶
func (keychain *KeyChain) Delete(attrs *keystore.KeyAttributes) error
Deletes the key pair associated with the provided key attributes
func (*KeyChain) GenerateECDSA ¶
Returns an ECDSA OpaqueKey for the provided key attributes. The underlying Key Store Module must support the algorithm.
func (*KeyChain) GenerateEd25519 ¶
func (keychain *KeyChain) GenerateEd25519( attrs *keystore.KeyAttributes) (keystore.OpaqueKey, error)
Returns an Ed25519 OpaqueKey for the provided key attributes. The underlying Key Store Module must support the algorithm.
func (*KeyChain) GenerateKey ¶
Generates a new key pair using the provided key attributes and returns an OpaqueKey implementing crypto.Signer and crypto.Decrypter backed by the underlying Key Store Module.
func (*KeyChain) GenerateRSA ¶
Returns a RSA OpaqueKey for the provided key attributes. The underlying Key Store Module must support the algorithm.
func (*KeyChain) Password ¶
Returns a sealed key password from the TPM using the platform PCR authorization policy. The returned secret object performs just-in-time retrieval using a PCR session policy instead of caching it on the heap. If the key doesn't have any data sealed, ErrPasswordRequired is returned so the password may be provided by the user.
func (*KeyChain) Verifier ¶
func (keychain *KeyChain) Verifier( attrs *keystore.KeyAttributes, opts *keystore.VerifyOpts) keystore.Verifier
Returns a software runtime verifier to perform signature verifications. The verifier supports RSA PKCS1v15, RSA-PSS, ECDSA, and Ed25519.
type KeyChainConfig ¶
type KeyChainConfig struct { CN string `yaml:"cn" json:"cn" mapstructure:"cn"` PKCS8Config *pkcs8.Config `yaml:"pkcs8" json:"pkcs8" mapstructure:"pkcs8"` PKCS11Config *pkcs11.Config `yaml:"pkcs11" json:"pkcs11" mapstructure:"pkcs11"` TPMConfig *tpm2.KeyStoreConfig `yaml:"tpm2" json:"tpm2" mapstructure:"tpm2"` }