cloudkms

package

v1.3.0 Latest Latest Go to latest Published: Dec 3, 2024 License: Apache-2.0 Imports: 10 Imported by: 11

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/onflow/flow-go-sdk

Links

Open Source Insights

Documentation ¶

Overview ¶

Package cloudkms provides a Google Cloud Key Management Service (KMS) implementation of the crypto.Signer interface.

The documentation for Google Cloud KMS can be found here: https://cloud.google.com/kms/docs

Index ¶

type Client
- func NewClient(ctx context.Context, opts ...option.ClientOption) (*Client, error)
type Key
- func KeyFromResourceID(resourceID string) (Key, error)
- func (k Key) ResourceID() string
type Signer
- func (s *Signer) PublicKey() crypto.PublicKey
- func (s *Signer) Sign(message []byte) ([]byte, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Client ¶

type Client struct {
	// contains filtered or unexported fields
}

Client is a client for interacting with the Google Cloud KMS API using types native to the Flow Go SDK.

func NewClient ¶

func NewClient(ctx context.Context, opts ...option.ClientOption) (*Client, error)

NewClient creates a new KMS client.

func (*Client) GetPublicKey ¶

func (c *Client) GetPublicKey(ctx context.Context, key Key) (crypto.PublicKey, crypto.HashAlgorithm, error)

GetPublicKey fetches the public key portion of a KMS asymmetric signing key version.

KMS keys of the type `CryptoKeyVersion_EC_SIGN_P256_SHA256` and `CryptoKeyVersion_EC_SIGN_SECP256K1_SHA256` are the only keys supported by the SDK.

Ref: https://cloud.google.com/kms/docs/retrieve-public-key

func (*Client) KMSClient ¶ added in v0.25.0

func (c *Client) KMSClient() *kms.KeyManagementClient

KMSClient gives access to the KeyManagementClient, e.g. for closing the connection to the Google KMS API

func (*Client) SignerForKey ¶

func (c *Client) SignerForKey(
	ctx context.Context,
	key Key,
) (*Signer, error)

SignerForKey returns a new Google Cloud KMS signer for an asymmetric signing key version.

Only ECDSA keys on P-256 and secp256k1 curves and SHA2-256 are supported.

type Key ¶

type Key struct {
	ProjectID  string `json:"projectId"`
	LocationID string `json:"locationId"`
	KeyRingID  string `json:"keyRingId"`
	KeyID      string `json:"keyId"`
	KeyVersion string `json:"keyVersion"`
}

Key is a reference to a Google Cloud KMS asymmetric signing key version.

Ref: https://cloud.google.com/kms/docs/creating-asymmetric-keys#create_an_asymmetric_signing_key

func KeyFromResourceID ¶

func KeyFromResourceID(resourceID string) (Key, error)

KeyFromResourceID returns a `Key` from a resource ID.

func (Key) ResourceID ¶

func (k Key) ResourceID() string

ResourceID returns the resource ID for this KMS key version.

Ref: https://cloud.google.com/kms/docs/getting-resource-ids

type Signer ¶

type Signer struct {
	// contains filtered or unexported fields
}

Signer is a Google Cloud KMS implementation of crypto.Signer.

func (*Signer) PublicKey ¶ added in v0.25.0

func (s *Signer) PublicKey() crypto.PublicKey

func (*Signer) Sign ¶

func (s *Signer) Sign(message []byte) ([]byte, error)

Sign signs the given message using the KMS signing key for this signer.

Reference: https://cloud.google.com/kms/docs/create-validate-signatures

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL