Documentation
¶
Overview ¶
Package keyconf defines basic primitives for key configuration.
Type Key allows decoding and encoding PEM files that contain the key with attached metadata. The PEM files have special file names based on the type, usage, and version of the key. See the encoding and filename example for more information.
Index ¶
Examples ¶
Constants ¶
const ( IssSigKeyFile = "core-sig.seed" // TODO(roosd): rename "core-sig.key" -> "iss-sig.key" DecKeyFile = "as-decrypt.key" OffKeyFile = "offline-root.seed" OnKeyFile = "online-root.seed" SigKeyFile = "as-sig.seed" MasterKey0 = "master0.key" MasterKey1 = "master1.key" ASSigKeyFile = "as-signing.key" ASDecKeyFile = "as-decrypt.key" ASRevKeyFile = "as-revocation.key" IssuerRevKeyFile = "issuer-revocation.key" IssuerCertKeyFile = "issuer-cert-signing.key" TRCOnlineKeyFile = "trc-online.key" TRCOfflineKeyFile = "trc-offline.key" TRCIssuingKeyFile = "trc-issuing.key" RawKey = "raw" )
const ( ErrOpen common.ErrMsg = "Unable to load key" ErrParse common.ErrMsg = "Unable to parse key file" ErrUnknown common.ErrMsg = "Unknown algorithm" )
Errors
Variables ¶
var ( // ErrNoAlgorithm indicates no algorithm was provided. ErrNoAlgorithm = serrors.New("no algorithm") // ErrNoKey indicates no key was provided. ErrNoKey = serrors.New("no key") // ErrUnsupportedUsage indicates the key usage is not known. ErrUnsupportedUsage = serrors.New("unsupported key usage") // ErrUnsupportedType indicates the key type is not known. ErrUnsupportedType = serrors.New("unsupported key type") // ErrWildcardIA indicates the IA contains a wildcard. ErrWildcardIA = serrors.New("wildcard IA") )
Functions ¶
func PrivateKeyFile ¶
func PrivateKeyFile(usage Usage, version scrypto.KeyVersion) string
PrivateKeyFile returns the file name for the private key with the provided intended usage and version.
func PublicKeyFile ¶
PublicKeyFile returns the file name for the public key with the provided intended usage and version.
Types ¶
type Conf ¶
type Conf struct {
// IssSigKey is the AS issuer signing Key.
IssSigKey common.RawBytes
// DecryptKey is the AS decryption key.
DecryptKey common.RawBytes
// OffRootKey is the AS offline root key.
OffRootKey common.RawBytes
// OnRootKey is the AS online root key.
OnRootKey common.RawBytes
// SignKey is the AS signing key.
SignKey common.RawBytes
// Master contains the AS master keys.
Master Master
}
type Key ¶
type Key struct {
Type Type
Usage Usage
Algorithm string
Validity scrypto.Validity
Version scrypto.KeyVersion
IA addr.IA
Bytes []byte
}
Key contains the key with additional metada.
On disk, the key is encoded in PEM with a file name specific to the type, usage, and version of the key. The IA is prepended to public key filenames to avoid collisions.
To see the resulting filename, check the example.
Example (Encoding) ¶
k := Key{
Type: PublicKey,
Usage: ASSigKeyFile,
Algorithm: scrypto.Ed25519,
Validity: scrypto.Validity{
NotBefore: util.UnixTime{Time: util.SecsToTime(1560000000)},
NotAfter: util.UnixTime{Time: util.SecsToTime(1600000000)},
},
Version: 2,
IA: xtest.MustParseIA("1-ff00:0:110"),
Bytes: make([]byte, ed25519.PublicKeySize),
}
block := k.PEM()
fmt.Println(string(pem.EncodeToMemory(&block)))
Output: -----BEGIN PUBLIC KEY----- algorithm: ed25519 ia: 1-ff00:0:110 not_after: 2020-09-13 12:26:40+0000 not_before: 2019-06-08 13:20:00+0000 usage: as-signing.key version: 2 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= -----END PUBLIC KEY-----
Example (Filename) ¶
publicKey := Key{
Type: PublicKey,
Usage: ASSigningKey,
Version: 2,
IA: xtest.MustParseIA("1-ff00:0:110"),
}
privateKey := Key{
Type: PrivateKey,
Usage: ASRevocationKey,
Version: 10,
IA: xtest.MustParseIA("1-ff00:0:110"),
}
fmt.Println("Public key: ", publicKey.File())
fmt.Println("Private key:", privateKey.File())
Output: Public key: ISD1-ASff00_0_110-as-signing-v2.pub Private key: as-revocation-v10.key
type Master ¶
func LoadMaster ¶
type Type ¶
type Type string
Type indicates the key type. (public|private|symmetric)
const ( PublicKey Type = "PUBLIC KEY" PrivateKey Type = "PRIVATE KEY" SymmetricKey Type = "SYMMETRIC KEY" )
Supported key types.
func (*Type) UnmarshalText ¶
UnmarshalText assigns the key type if it is known. Otherwise ErrUnsupportedType.
type Usage ¶
type Usage string
Usage describes how the key is intended to be used.
const ( ASDecryptionKey Usage = "as-decrypt" ASRevocationKey Usage = "as-revocation" ASSigningKey Usage = "as-signing" IssCertSigningKey Usage = "issuer-cert-signing" IssRevocationKey Usage = "issuer-revocation" TRCIssuingKey Usage = "trc-issuing" TRCVotingOfflineKey Usage = "trc-voting-offline" TRCVotingOnlineKey Usage = "trc-voting-online" )
All supported key usages.
func (*Usage) UnmarshalText ¶
UnmarshalText assigns the key usage if it is known. Otherwise ErrUnsupportedUsage.
Source Files