platform

package
v0.0.6-alpha.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 3, 2024 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrInvalidKeyringCN        = errors.New("keyring: invalid configuration, missing CN")
	ErrInvalidPlatformKeyStore = errors.New("keyring: invalid platform key store")
	ErrInvalidStoreType        = errors.New("keyring: invalid store type")
)

Functions

This section is empty.

Types

type Keyring 

type Keyring struct {
	keystore.KeyStorer
	// contains filtered or unexported fields
}

The Keyring provides access to all of the underlying Key Store Modules through a common API that abstracts away the implementation details of the underlying store. The Keyring also implements the key store interface itself, using the StoreType property in the KeyAttributes to route the operation to the correct Key Store Module.

func NewKeyring 

func NewKeyring(
	logger *logging.Logger,
	debugSecrets bool,
	fs afero.Fs,
	rootDir string,
	random io.Reader,
	config *KeyringConfig,
	keyBackend keystore.KeyBackend,
	blobStore blob.BlobStorer,
	signerStore keystore.SignerStorer,
	tpm tpm2.TrustedPlatformModule,
	platformKS tpm2ks.PlatformKeyStorer,
	soPIN keystore.Password,
	userPIN keystore.Password) (*Keyring, error)

Generates a new Keyring using the provided configuration to instantiate the underlying key store modules.

func (*Keyring) Backend 

func (keyring *Keyring) Backend() keystore.KeyBackend

Returns the backend used by the key store modules in the keyring.

func (*Keyring) Close 

func (keyring *Keyring) Close()

Calls close on each of the key stores and deletes the store from the internal store map.

func (*Keyring) Decrypter 

func (keyring *Keyring) Decrypter(
	attrs *keystore.KeyAttributes) (crypto.Decrypter, error)

Returns a crypto.Decrypter for the provided key attributes

func (*Keyring) Delete 

func (keyring *Keyring) Delete(attrs *keystore.KeyAttributes) error

Deletes the key pair associated with the provided key attributes

func (*Keyring) GenerateECDSA 

func (keyring *Keyring) GenerateECDSA(
	attrs *keystore.KeyAttributes) (keystore.OpaqueKey, error)

Returns an ECDSA OpaqueKey for the provided key attributes. The underlying Key Store Module must support the algorithm.

func (*Keyring) GenerateEd25519 

func (keyring *Keyring) GenerateEd25519(
	attrs *keystore.KeyAttributes) (keystore.OpaqueKey, error)

Returns an Ed25519 OpaqueKey for the provided key attributes. The underlying Key Store Module must support the algorithm.

func (*Keyring) GenerateKey 

func (keyring *Keyring) GenerateKey(
	attrs *keystore.KeyAttributes) (keystore.OpaqueKey, error)

Generates a new key pair using the provided key attributes and returns an OpaqueKey implementing crypto.Signer and crypto.Decrypter backed by the underlying Key Store Module.

func (*Keyring) GenerateRSA 

func (keyring *Keyring) GenerateRSA(
	attrs *keystore.KeyAttributes) (keystore.OpaqueKey, error)

Returns a RSA OpaqueKey for the provided key attributes. The underlying Key Store Module must support the algorithm.

func (*Keyring) Key 

func (keyring *Keyring) Key(
	attrs *keystore.KeyAttributes) (keystore.OpaqueKey, error)

Returns an OpaqueKey for the provided key attributes

func (*Keyring) PKCS11 

func (keyring *Keyring) PKCS11() keystore.KeyStorer

Returns the PKCS #11 key store

func (*Keyring) PKCS8 

func (keyring *Keyring) PKCS8() keystore.KeyStorer

Returns the PKCS #8 key store

func (*Keyring) Password 

func (keyring *Keyring) Password(
	attrs *keystore.KeyAttributes) (keystore.Password, error)

Returns a sealed key password from the TPM using the platform PCR authorization policy. The returned secret object performs just-in-time retrieval using a PCR session policy instead of caching it on the heap. If the key doesn't have any data sealed, ErrPasswordRequired is returned so the password may be provided by the user.

func (*Keyring) RotateKey 

func (keyring *Keyring) RotateKey(
	attrs *keystore.KeyAttributes) (crypto.Signer, error)

Rotates a key by overwriting the existing key with a newly generated key.

func (*Keyring) Signer 

func (keyring *Keyring) Signer(
	attrs *keystore.KeyAttributes) (crypto.Signer, error)

Returns a crypto.Signer for the provided key attributes

func (*Keyring) Store 

func (keyring *Keyring) Store(storeType string) (keystore.KeyStorer, error)

Returns the requested Key Store Module

func (*Keyring) Stores 

func (keyring *Keyring) Stores() []keystore.KeyStorer

Returns the configured key stores in the key chain

func (*Keyring) TPM2 

func (keyring *Keyring) TPM2() keystore.KeyStorer

Returns the TPM 2.0 key store

func (*Keyring) Verifier 

func (keyring *Keyring) Verifier(
	attrs *keystore.KeyAttributes,
	opts *keystore.VerifyOpts) keystore.Verifier

Returns a software runtime verifier to perform signature verifications. The verifier supports RSA PKCS1v15, RSA-PSS, ECDSA, and Ed25519.

type KeyringConfig 

type KeyringConfig struct {
	CN           string               `yaml:"cn" json:"cn" mapstructure:"cn"`
	PKCS8Config  *pkcs8.Config        `yaml:"pkcs8" json:"pkcs8" mapstructure:"pkcs8"`
	PKCS11Config *pkcs11.Config       `yaml:"pkcs11" json:"pkcs11" mapstructure:"pkcs11"`
	TPMConfig    *tpm2.KeyStoreConfig `yaml:"tpm2" json:"tpm2" mapstructure:"tpm2"`
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.