awskms

package
v0.36.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 13, 2023 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Overview

Package awskms provides a AWS Key Management Service (KMS) implementation of the crypto.Signer interface.

The documentation for AWS KMS can be found here: https://docs.aws.amazon.com/kms/index.html

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Client

type Client struct {
	// contains filtered or unexported fields
}

Client is a client for interacting with the AWS KMS API using types native to the Flow Go SDK.

func NewClient

func NewClient(cfg aws.Config) *Client

NewClient creates a new AWS KMS client.

func (*Client) GetPublicKey

func (c *Client) GetPublicKey(ctx context.Context, key Key) (crypto.PublicKey, crypto.HashAlgorithm, error)

GetPublicKey fetches the public key portion of a KMS asymmetric signing key.

KMS keys of the type `KeySpecEccNistP256` and `KeySpecEccSecgP256k1` are the only keys supported by the SDK.

Ref: https://github.com/aws/aws-sdk-go-v2/blob/main/service/kms/api_op_GetPublicKey.go

func (*Client) KMSClient

func (c *Client) KMSClient() *kms.Client

KMSClient gives access to the kms.Client

func (*Client) SignerForKey

func (c *Client) SignerForKey(
	ctx context.Context,
	key Key,
) (*Signer, error)

SignerForKey returns a new AWS KMS signer for an asymmetric signing key version.

Only ECDSA keys on P-256 and secp256k1 curves and SHA2-256 are supported.

type Key

type Key struct {
	Region  string `json:"region"`
	Account string `json:"account"`
	KeyID   string `json:"keyId"`
}

Key is a reference to a AWS KMS asymmetric signing key.

func KeyFromResourceARN

func KeyFromResourceARN(resourceARN string) (Key, error)

Example ARN format: "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"

func (Key) ARN

func (k Key) ARN() string

ARN returns the KMS arn for this KMS key. For cross account key access, you need to pass the arn instead of just the keyID.

type Signer

type Signer struct {
	// contains filtered or unexported fields
}

Signer is a AWS KMS implementation of crypto.Signer.

func (*Signer) PublicKey

func (s *Signer) PublicKey() crypto.PublicKey

func (*Signer) Sign

func (s *Signer) Sign(message []byte) ([]byte, error)

Sign signs the given message using the KMS signing key for this signer.

Reference: https://github.com/aws/aws-sdk-go-v2/blob/main/service/kms/api_op_Sign.go

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL