Documentation ¶
Index ¶
- Constants
- type Config
- type CryptoProvider
- type Error
- type KeyPairInfo
- type StandardConfig
- type StandardCrypto
- func (s StandardCrypto) Close()
- func (s StandardCrypto) ECCertificate(kid string) (string, error)
- func (s StandardCrypto) ECPublicKey(kid string) (string, error)
- func (s StandardCrypto) FindKID(alg string) string
- func (s StandardCrypto) GenerateEphemeralKasKeys() (any, []byte, error)
- func (s StandardCrypto) GenerateNanoTDFSessionKey(privateKey any, ephemeralPublicKeyPEM []byte) ([]byte, error)
- func (s StandardCrypto) GenerateNanoTDFSymmetricKey(kasKID string, ephemeralPublicKeyBytes []byte, curve elliptic.Curve) ([]byte, error)
- func (s StandardCrypto) RSADecrypt(_ crypto.Hash, kid string, _ string, ciphertext []byte) ([]byte, error)
- func (s StandardCrypto) RSAPublicKey(kid string) (string, error)
- func (s StandardCrypto) RSAPublicKeyAsJSON(kid string) (string, error)
- type StandardECCrypto
- type StandardKeyInfo
- type StandardRSACrypto
Constants ¶
View Source
const ( // Key agreement along P-256 AlgorithmECP256R1 = "ec:secp256r1" // Used for encryption with RSA of the KAO AlgorithmRSA2048 = "rsa:2048" )
View Source
const ( ErrCertNotFound = Error("not found") ErrNoKeys = Error("keys not found") ErrKeyPairInfoNotFound = Error("key pair info not found") ErrKeyPairInfoMalformed = Error("key pair info malformed") ErrCertificateEncode = Error("certificate encode error") ErrPublicKeyMarshal = Error("public key marshal error") ErrHSMUnexpected = Error("hsm unexpected") ErrHSMDecrypt = Error("hsm decrypt error") ErrHSMNotFound = Error("hsm unavailable") ErrKeyConfig = Error("key configuration error") ErrUnknownHashFunction = Error("unknown hash function") )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct { Type string `mapstructure:"type" json:"type" default:"standard"` // StandardConfig is the configuration for the standard key provider StandardConfig StandardConfig `mapstructure:"standard" json:"standard"` }
type CryptoProvider ¶
type CryptoProvider interface { // Gets some KID associated with a given algorithm. // Returns empty string if none are found. FindKID(alg string) string RSAPublicKey(keyID string) (string, error) RSAPublicKeyAsJSON(keyID string) (string, error) RSADecrypt(hash crypto.Hash, keyID string, keyLabel string, ciphertext []byte) ([]byte, error) ECPublicKey(keyID string) (string, error) ECCertificate(keyID string) (string, error) GenerateNanoTDFSymmetricKey(kasKID string, ephemeralPublicKeyBytes []byte, curve elliptic.Curve) ([]byte, error) GenerateEphemeralKasKeys() (any, []byte, error) GenerateNanoTDFSessionKey(privateKeyHandle any, ephemeralPublicKey []byte) ([]byte, error) Close() }
func NewCryptoProvider ¶
func NewCryptoProvider(cfg Config) (CryptoProvider, error)
type KeyPairInfo ¶ added in v0.4.7
type KeyPairInfo struct { // Valid algorithm. May be able to be derived from Private but it is better to just say it. Algorithm string `mapstructure:"alg" json:"alg"` // Key identifier. Should be short KID string `mapstructure:"kid" json:"kid"` // Implementation specific locator for private key; // for 'standard' crypto service this is the path to a PEM file Private string `mapstructure:"private" json:"private"` // Optional locator for the corresponding certificate. // If not found, only public key (derivable from Private) is available. Certificate string `mapstructure:"cert" json:"cert"` // Optional enumeration of intended usages of keypair Usage string `mapstructure:"usage" json:"usage"` // Optional long form description of key pair including purpose and life cycle information Purpose string `mapstructure:"purpose" json:"purpose"` }
type StandardConfig ¶
type StandardConfig struct { Keys []KeyPairInfo `mapstructure:"keys" json:"keys"` // Deprecated RSAKeys map[string]StandardKeyInfo `mapstructure:"rsa,omitempty" json:"rsa,omitempty"` // Deprecated ECKeys map[string]StandardKeyInfo `mapstructure:"ec,omitempty" json:"ec,omitempty"` }
type StandardCrypto ¶
type StandardCrypto struct {
// contains filtered or unexported fields
}
func NewStandardCrypto ¶
func NewStandardCrypto(cfg StandardConfig) (*StandardCrypto, error)
NewStandardCrypto Create a new instance of standard crypto
func (StandardCrypto) Close ¶
func (s StandardCrypto) Close()
func (StandardCrypto) ECCertificate ¶ added in v0.4.4
func (s StandardCrypto) ECCertificate(kid string) (string, error)
func (StandardCrypto) ECPublicKey ¶
func (s StandardCrypto) ECPublicKey(kid string) (string, error)
func (StandardCrypto) FindKID ¶ added in v0.4.7
func (s StandardCrypto) FindKID(alg string) string
func (StandardCrypto) GenerateEphemeralKasKeys ¶
func (s StandardCrypto) GenerateEphemeralKasKeys() (any, []byte, error)
func (StandardCrypto) GenerateNanoTDFSessionKey ¶
func (s StandardCrypto) GenerateNanoTDFSessionKey(privateKey any, ephemeralPublicKeyPEM []byte) ([]byte, error)
func (StandardCrypto) GenerateNanoTDFSymmetricKey ¶
func (StandardCrypto) RSADecrypt ¶
func (StandardCrypto) RSAPublicKey ¶
func (s StandardCrypto) RSAPublicKey(kid string) (string, error)
func (StandardCrypto) RSAPublicKeyAsJSON ¶
func (s StandardCrypto) RSAPublicKeyAsJSON(kid string) (string, error)
type StandardECCrypto ¶
type StandardECCrypto struct { KeyPairInfo // contains filtered or unexported fields }
type StandardKeyInfo ¶
type StandardRSACrypto ¶
type StandardRSACrypto struct { KeyPairInfo // contains filtered or unexported fields }
Click to show internal directories.
Click to hide internal directories.