Affected by 
Documentation
¶
Overview ¶
Package hpke contains functions for working with Hybrid Public Key Encryption.
Index ¶
- Constants
- func EncryptURLValues(senderPrivateKey *PrivateKey, receiverPublicKey *PublicKey, values url.Values) (encrypted url.Values, err error)
- func IsEncryptedURL(values url.Values) bool
- func Open(receiverPrivateKey *PrivateKey, senderPublicKey *PublicKey, sealed []byte) (message []byte, err error)
- func Seal(senderPrivateKey *PrivateKey, receiverPublicKey *PublicKey, message []byte) (sealed []byte, err error)
- type JWK
- type KeyFetcher
- type PrivateKey
- type PublicKey
- func DecryptURLValues(receiverPrivateKey *PrivateKey, encrypted url.Values) (senderPublicKey *PublicKey, values url.Values, err error)
- func FetchPublicKey(ctx context.Context, client *http.Client, endpoint string) (*PublicKey, error)
- func PublicKeyFromBytes(raw []byte) (*PublicKey, error)
- func PublicKeyFromString(raw string) (*PublicKey, error)
Constants ¶
const ( ParamSenderPublicKey = "pomerium_hpke_sender_pub" ParamQuery = "pomerium_hpke_query" )
URL Parameters
Variables ¶
This section is empty.
Functions ¶
func EncryptURLValues ¶
func EncryptURLValues( senderPrivateKey *PrivateKey, receiverPublicKey *PublicKey, values url.Values, ) (encrypted url.Values, err error)
EncryptURLValues encrypts URL values using the Seal method.
func IsEncryptedURL ¶
IsEncryptedURL returns true if the url.Values contain an HPKE encrypted query.
Types ¶
type JWK ¶
type JWK struct {
Type string `json:"kty"`
ID string `json:"kid"`
Curve string `json:"crv"`
X string `json:"x"`
D string `json:"d,omitempty"`
}
JWK is the JSON Web Key representation of an HPKE key. Defined in RFC8037.
type KeyFetcher ¶
A KeyFetcher fetches public keys.
func NewKeyFetcher ¶
func NewKeyFetcher(endpoint string, transport http.RoundTripper) KeyFetcher
NewKeyFetcher returns a new KeyFetcher which fetches keys using an in-memory HTTP cache.
type PrivateKey ¶
type PrivateKey struct {
// contains filtered or unexported fields
}
PrivateKey is an HPKE private key.
func DerivePrivateKey ¶
func DerivePrivateKey(seed []byte) *PrivateKey
DerivePrivateKey derives a private key from a seed. The same seed will always result in the same private key.
func GeneratePrivateKey ¶
func GeneratePrivateKey() (*PrivateKey, error)
GeneratePrivateKey generates an HPKE private key.
func PrivateKeyFromString ¶
func PrivateKeyFromString(raw string) (*PrivateKey, error)
PrivateKeyFromString takes a string and returns a PrivateKey.
func (*PrivateKey) MarshalJSON ¶
func (key *PrivateKey) MarshalJSON() ([]byte, error)
MarshalJSON returns the JSON Web Key representation of the private key.
func (*PrivateKey) PublicKey ¶
func (key *PrivateKey) PublicKey() *PublicKey
PublicKey returns the public key for the private key.
func (*PrivateKey) String ¶
func (key *PrivateKey) String() string
String converts the private key into a string.
type PublicKey ¶
type PublicKey struct {
// contains filtered or unexported fields
}
PublicKey is an HPKE public key.
func DecryptURLValues ¶
func DecryptURLValues( receiverPrivateKey *PrivateKey, encrypted url.Values, ) (senderPublicKey *PublicKey, values url.Values, err error)
DecryptURLValues decrypts URL values using the Open method.
func FetchPublicKey ¶ added in v0.21.3
FetchPublicKey fetches the HPKE public key from the hpke-public-key endpoint.
func PublicKeyFromBytes ¶ added in v0.21.3
PublicKeyFromBytes converts raw bytes into a public key.
func PublicKeyFromString ¶
PublicKeyFromString converts a string into a public key.
func (*PublicKey) MarshalJSON ¶
MarshalJSON returns the JSON Web Key representation of the public key.
Source Files