Documentation ¶
Index ¶
- Constants
- Variables
- type CertificateAuthority
- type PrivKey
- type PubKey
- type RSAPrivKey
- func (k *RSAPrivKey) CSR(role, commonName string, hostList, ipList []string) ([]byte, error)
- func (k *RSAPrivKey) Deserialize(key []byte) error
- func (k *RSAPrivKey) PKCS12(cert *x509.Certificate, ca *CertificateAuthority) ([]byte, error)
- func (k *RSAPrivKey) Pem() []byte
- func (k *RSAPrivKey) Public() PubKey
- func (k *RSAPrivKey) Scheme() string
- func (k *RSAPrivKey) Serialize() ([]byte, error)
- func (k *RSAPrivKey) Signature(payload []byte) (string, error)
- func (k *RSAPrivKey) Signer() crypto.Signer
- func (k *RSAPrivKey) Type() string
- type RSAPubKey
- type Serializable
Constants ¶
const ( // KeyTypeRSA represents the RSA type of keys KeyTypeRSA = "rsa" // KeySchemeRSASSAPSSSHA256 represents rsassa-pss-sha256 scheme KeySchemeRSASSAPSSSHA256 = "rsassa-pss-sha256" // PKCS12Password is a hard-coded password for PKCS#12 file, it is by // intend to use pre-defined string instead of generated every time, // as the encryption of PKCS#12 it self is weak. The key should be // protected by other means. PKCS12Password = "gemix" )
const RSAKeyLength = 2048
RSAKeyLength define the length of RSA keys
Variables ¶
var ( // ErrorKeyUninitialized will be present when key is used before Deserialize called ErrorKeyUninitialized = errors.New("key not initialized, call Deserialize first") // ErrorDeserializeKey means the key format is not valid ErrorDeserializeKey = errors.New("error on deserialize key, check if the key is valid") // ErrorUnsupportedKeyType means we don't supported this type of key ErrorUnsupportedKeyType = errors.New("provided key type not supported") // ErrorUnsupportedKeySchema means we don't support this schema ErrorUnsupportedKeySchema = errors.New("provided schema not supported") )
Functions ¶
This section is empty.
Types ¶
type CertificateAuthority ¶
type CertificateAuthority struct { ClusterName string Cert *x509.Certificate Key PrivKey }
CertificateAuthority holds the CA of a cluster
func NewCA ¶
func NewCA(clsName string) (*CertificateAuthority, error)
NewCA generates a new CertificateAuthority object
func ReadCA ¶
func ReadCA(clsName, certPath, keyPath string) (*CertificateAuthority, error)
ReadCA reads an existing CA certificate from disk
type PrivKey ¶
type PrivKey interface { Serializable // Type returns the type of the key, e.g. RSA Type() string // Scheme returns the scheme of signature algorithm, e.g. rsassa-pss-sha256 Scheme() string // Signature sign a signature with the key for payload Signature(payload []byte) (string, error) // Signer returns the signer of the private key Signer() crypto.Signer // Public returns public key of the PrivKey Public() PubKey // Pem returns the raw private key in PEM format Pem() []byte // CSR creates a new CSR from the private key CSR(role, commonName string, hostList []string, IPList []string) ([]byte, error) // PKCS12 encodes the certificate to a pfxData PKCS12(cert *x509.Certificate, ca *CertificateAuthority) ([]byte, error) }
PrivKey is the private key that provide signature method
func NewKeyPair ¶
NewKeyPair return a pair of key
type PubKey ¶
type PubKey interface { Serializable // Type returns the type of the key, e.g. RSA Type() string // Scheme returns the scheme of signature algorithm, e.g. rsassa-pss-sha256 Scheme() string // Key returns the raw public key Key() crypto.PublicKey // VerifySignature check the signature is right VerifySignature(payload []byte, sig string) error }
PubKey is a public key available to gemix
type RSAPrivKey ¶
type RSAPrivKey struct {
// contains filtered or unexported fields
}
RSAPrivKey represents the private key of RSA
func (*RSAPrivKey) CSR ¶
func (k *RSAPrivKey) CSR(role, commonName string, hostList, ipList []string) ([]byte, error)
CSR generates a new CSR from given private key
func (*RSAPrivKey) Deserialize ¶
func (k *RSAPrivKey) Deserialize(key []byte) error
Deserialize generate a private key from pem format
func (*RSAPrivKey) PKCS12 ¶
func (k *RSAPrivKey) PKCS12(cert *x509.Certificate, ca *CertificateAuthority) ([]byte, error)
PKCS12 encodes the private and certificate to a PKCS#12 pfxData
func (*RSAPrivKey) Pem ¶
func (k *RSAPrivKey) Pem() []byte
Pem returns the raw private key im PEM format
func (*RSAPrivKey) Public ¶
func (k *RSAPrivKey) Public() PubKey
Public returns public key of the PrivKey
func (*RSAPrivKey) Scheme ¶
func (k *RSAPrivKey) Scheme() string
Scheme returns the scheme of signature algorithm, e.g. rsassa-pss-sha256
func (*RSAPrivKey) Serialize ¶
func (k *RSAPrivKey) Serialize() ([]byte, error)
Serialize generate the pem format for a key
func (*RSAPrivKey) Signature ¶
func (k *RSAPrivKey) Signature(payload []byte) (string, error)
Signature sign a signature with the key for payload
func (*RSAPrivKey) Signer ¶
func (k *RSAPrivKey) Signer() crypto.Signer
Signer returns the signer of the private key
func (*RSAPrivKey) Type ¶
func (k *RSAPrivKey) Type() string
Type returns the type of the key, e.g. RSA
type RSAPubKey ¶
type RSAPubKey struct {
// contains filtered or unexported fields
}
RSAPubKey represents the public key of RSA
func (*RSAPubKey) Deserialize ¶
Deserialize generate a public key from pem format