keyutils

package
v0.0.0-...-3c7cc97 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 12, 2024 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Overview

Package keyutils serves as a utility to parse, encrypt and decrypt PKCS#1 and PKCS#8 private keys based on current FIPS mode status, supporting only EC type keys. It always allows PKCS#8 private keys and disallow PKCS#1 private keys in FIPS-mode.

Index

Constants

This section is empty.

Variables

View Source
var ErrFIPSUnsupportedKeyFormat = errors.New("unsupported key format due to FIPS compliance")

ErrFIPSUnsupportedKeyFormat is returned when encryption/decryption operations are attempted on a PKCS1 key when FIPS mode is enabled.

Functions

func IsEncryptedPEMBlock

func IsEncryptedPEMBlock(block *pem.Block) bool

IsEncryptedPEMBlock checks if a PKCS#1 or PKCS#8 PEM-block is encrypted or not

func IsPKCS8

func IsPKCS8(derBytes []byte) bool

IsPKCS8 returns true if the provided der bytes is encrypted/unencrypted PKCS#8 key

Types

type Formatter

type Formatter interface {
	ParsePrivateKeyPEMWithPassword(pemBytes, password []byte) (crypto.Signer, error)
	DecryptPEMBlock(block *pem.Block, password []byte) ([]byte, error)
	EncryptPEMBlock(data, password []byte) (*pem.Block, error)
}

Formatter provides an interface for converting keys to the right format, and encrypting and decrypting keys

var Default Formatter = &utils{fips: false}

Default is the default key util, where FIPS is not required

var FIPS Formatter = &utils{fips: true}

FIPS is the key utility which enforces FIPS compliance

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL