crypto

package
v5.0.0-...-ad4f444 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 7, 2025 License: AGPL-3.0 Imports: 36 Imported by: 0

Documentation

Overview

Package crypto provides tools for data encryption and certificates management

Index

Constants

View Source
const (
	AESGCMAuthTagSize = 16
	AESGCMNonceSize   = 12
)
View Source
const (
	KeyCertStoreName    = "tlsCertStoreName"
	KeyCertInsecureHost = "tlsCertInsecureHost"
	KeyCertUUID         = "tlsCertUUID"
	KeyCertKeyUUID      = "tlsCertKeyUUID"
	KeyCertCAUUID       = "tlsCertCAUUID"
)

Variables

View Source
var (
	// ErrNotFound is the expected error if the secret isn't found in the
	// keyring.
	ErrNotFound = fmt.Errorf("secret not found in keyring")
)
View Source
var (
	KeyringContextKey = keyringKey{}
)
View Source
var SALT = []byte{224, 32, 00, 33, 78, 3, 25, 56, 54, 5, 54, 9, 79, 76, 189, 8}

Functions

func CreateRsaKey

func CreateRsaKey() (*rsa.PrivateKey, error)

CreateRsaKey generates a new private key.

func DeleteKeyringPassword

func DeleteKeyringPassword(service string, user string) error

DeleteKeyringPassword removes all key that matches "service" and "user".

func EncodePrivate

func EncodePrivate(password []byte, key crypto.PrivateKey) ([]byte, error)

func GenerateCACertificate

func GenerateCACertificate(t *Template) (*x509.Certificate, error)

GenerateCACertificate generates a certificate for a CA.

func GenerateServiceCertificate

func GenerateServiceCertificate(t *Template) (*x509.Certificate, error)

GenerateServiceCertificate generates a certificate for a service.

func GetKeyringPassword

func GetKeyringPassword(service string, user string, createIfNotExist bool) ([]byte, error)

GetKeyringPassword retrieves a password from the keyring. If no key matches "service" and "user" and if createIfNotExist flag is set, a new key is generated and returned.

func GetSignature

func GetSignature(key *ecdsa.PrivateKey, data []byte) (string, error)

func KeyFromPassword

func KeyFromPassword(password []byte, l int) []byte

func LoadCertificate

func LoadCertificate(file string) (*x509.Certificate, error)

LoadCertificate loads file contenant and decodes it into a x509.Certificate.

func LoadPrivateKey

func LoadPrivateKey(password []byte, file string) (crypto.PrivateKey, error)

LoadPrivateKey loads the encrypted private key from the passed file and decrypts it.

func Md5

func Md5(data []byte) []byte

func NewEcdsaPrivateKey

func NewEcdsaPrivateKey(alg string) (*ecdsa.PrivateKey, error)

func NewLegacyAESGCMMaterials

func NewLegacyAESGCMMaterials(info *encryption.NodeInfo) *legacyReadMaterials

NewLegacyAESGCMMaterials creates an encryption materials that uses legacy material

func Open

func Open(key []byte, nonce []byte, cipherData []byte) ([]byte, error)

func ParsePrivate

func ParsePrivate(password []byte, bytes []byte) (crypto.PrivateKey, error)

func PublicKeyFromRsaKey

func PublicKeyFromRsaKey(privateKey *rsa.PrivateKey) rsa.PublicKey

PublicKeyFromRsaKey extracts the public key.

func RandomBytes

func RandomBytes(size int) ([]byte, error)

func RsaKeyFromPEM

func RsaKeyFromPEM(pemString string) (*rsa.PrivateKey, error)

RsaKeyFromPEM parses a PEM string.

func RsaKeyFromPEMFile

func RsaKeyFromPEMFile(filename string) (*rsa.PrivateKey, error)

RsaKeyFromPEMFile loads a PEM file and parses the private key.

func RsaKeyToPEM

func RsaKeyToPEM(key *rsa.PrivateKey, filename ...string) (string, error)

RsaKeyToPEM encodes the private key in PEM format.

func RsaPublicKeyToPEM

func RsaPublicKeyToPEM(pubKey rsa.PublicKey, filename ...string) (string, error)

RsaPublicKeyToPEM encodes the public key to PEM format.

func Seal

func Seal(key []byte, data []byte) ([]byte, error)

func SealWithNonce

func SealWithNonce(key []byte, nonce []byte, data []byte) ([]byte, error)

func SetKeyringPassword

func SetKeyringPassword(service string, user string, password []byte) error

SetKeyringPassword base64-encodes password and stores it.

func StoreCertificate

func StoreCertificate(cert *x509.Certificate, file string, perm os.FileMode) error

StoreCertificate encodes certificate and stores the result in file.

func StorePrivateKey

func StorePrivateKey(key crypto.PrivateKey, password []byte, file string) error

StorePrivateKey encrypts the private key and stores it in the returned file.

func TLSConfigFromURL

func TLSConfigFromURL(u *url.URL) (*tls.Config, error)

func VerifySignature

func VerifySignature(data []byte, key *ecdsa.PublicKey, signature string) bool

Types

type AESGCMEncryptionMaterials

type AESGCMEncryptionMaterials struct {
	// contains filtered or unexported fields
}

AESGCMEncryptionMaterials implements AES-GCM encryption

func NewAESGCMMaterials

func NewAESGCMMaterials(info *encryption.NodeInfo, blockHandler BlockHandler) *AESGCMEncryptionMaterials

NewAESGCMMaterials creates an encryption materials that use AES GCM.

func (*AESGCMEncryptionMaterials) CalculateOutputSize

func (m *AESGCMEncryptionMaterials) CalculateOutputSize(plainSize int64, user string) int64

func (*AESGCMEncryptionMaterials) Close

func (m *AESGCMEncryptionMaterials) Close() error

func (*AESGCMEncryptionMaterials) ExtractedMeta

func (m *AESGCMEncryptionMaterials) ExtractedMeta() (map[string]string, bool)

ExtractedMeta implements common.ReaderMetaExtractor interface for underlying readers

func (*AESGCMEncryptionMaterials) Read

func (m *AESGCMEncryptionMaterials) Read(b []byte) (int, error)

func (*AESGCMEncryptionMaterials) SetPlainRange

func (m *AESGCMEncryptionMaterials) SetPlainRange(offset, length int64)

func (*AESGCMEncryptionMaterials) SetupDecryptMode

func (m *AESGCMEncryptionMaterials) SetupDecryptMode(workingKey []byte, stream io.Reader) error

func (*AESGCMEncryptionMaterials) SetupEncryptMode

func (m *AESGCMEncryptionMaterials) SetupEncryptMode(workingKey []byte, stream io.Reader) error

type BlockHandler

type BlockHandler interface {
	SendKey(key *encryption.NodeKey) error
	SendBlock(block *encryption.Block) error
	Close() error
}

type EncryptedBlock

type EncryptedBlock struct {
	Header     *EncryptedBlockHeader
	HeaderSize uint32
	Payload    []byte
}

EncryptedBlock describes block

func (*EncryptedBlock) GetPayloadLength

func (b *EncryptedBlock) GetPayloadLength() uint32

func (*EncryptedBlock) Read

func (b *EncryptedBlock) Read(reader io.Reader) (int, error)

func (*EncryptedBlock) SetPayload

func (b *EncryptedBlock) SetPayload(payload []byte) error

func (*EncryptedBlock) Write

func (b *EncryptedBlock) Write(writer io.Writer) (int, error)

type EncryptedBlockHeader

type EncryptedBlockHeader struct {
	Options *Options
	Nonce   []byte
	// contains filtered or unexported fields
}

EncryptedBlockHeader describes headers

func (*EncryptedBlockHeader) GetDataLength

func (h *EncryptedBlockHeader) GetDataLength() uint32

func (*EncryptedBlockHeader) Read

func (h *EncryptedBlockHeader) Read(reader io.Reader) (int, error)

func (*EncryptedBlockHeader) String

func (h *EncryptedBlockHeader) String() string

func (*EncryptedBlockHeader) Write

func (h *EncryptedBlockHeader) Write(writer io.Writer) (int, error)

type EncryptedBlockHeaderOption

type EncryptedBlockHeaderOption struct {
	// contains filtered or unexported fields
}

EncryptedBlockHeaderOption describes header

func (*EncryptedBlockHeaderOption) GetID

func (op *EncryptedBlockHeaderOption) GetID() uint8

func (*EncryptedBlockHeaderOption) GetValue

func (op *EncryptedBlockHeaderOption) GetValue() []byte

func (*EncryptedBlockHeaderOption) HasValue

func (op *EncryptedBlockHeaderOption) HasValue() bool

func (*EncryptedBlockHeaderOption) IsTheLast

func (op *EncryptedBlockHeaderOption) IsTheLast() bool

func (*EncryptedBlockHeaderOption) Read

func (op *EncryptedBlockHeaderOption) Read(reader io.Reader) (int, error)

func (*EncryptedBlockHeaderOption) SetId

func (op *EncryptedBlockHeaderOption) SetId(id uint8) error

func (*EncryptedBlockHeaderOption) SetIsTheLast

func (op *EncryptedBlockHeaderOption) SetIsTheLast(last bool)

func (*EncryptedBlockHeaderOption) SetValue

func (op *EncryptedBlockHeaderOption) SetValue(value []byte) error

func (*EncryptedBlockHeaderOption) Write

func (op *EncryptedBlockHeaderOption) Write(writer io.Writer) (int, error)

type Keyring

type Keyring interface {
	Get(string, string) (string, error)
	Set(string, string, string) error
	Delete(string, string) error
}

func NewAutoKeyring

func NewAutoKeyring(base Keyring, logger func(string)) Keyring

func NewConfigKeyring

func NewConfigKeyring(store config.Store, opt ...KeyringOption) Keyring

NewConfigKeyring places the keyring in a config store

func NewStdKeyring

func NewStdKeyring() Keyring

NewStdKeyring places the keyring in a config store

type KeyringOption

type KeyringOption func(*KeyringOptions)

func WithAutoCreate

func WithAutoCreate(b bool, logger func(string)) KeyringOption

type KeyringOptions

type KeyringOptions struct {
	Auto       bool
	AutoLogger func(string)
}

type Options

type Options struct {
	Position int16
	PartId   int16
	Key      []byte
	UserId   string
}

Options EncryptedBlockHeaderOptions

func (*Options) Read

func (opts *Options) Read(reader io.Reader) (int, error)

func (*Options) Write

func (opts *Options) Write(writer io.Writer) (int, error)

type Template

type Template struct {
	Name              string
	Domains           []string
	IPs               []net.IP
	Expiry            time.Duration
	PublicKey         crypto.PublicKey
	SignerPrivateKey  crypto.PrivateKey
	SignerCertificate *x509.Certificate
}

Template specs for generating a certificate.

type VaultCipher

type VaultCipher struct {
	// contains filtered or unexported fields
}

VaultCipher encrypts/decrypts with master key

func NewVaultCipher

func NewVaultCipher(master string) (VaultCipher, error)

func (VaultCipher) Decrypt

func (e VaultCipher) Decrypt(s string) ([]byte, error)

func (VaultCipher) Encrypt

func (e VaultCipher) Encrypt(b []byte) (string, error)

Directories

Path Synopsis
Package storage provide an URLOpener for certmagic.Storage interfaces
Package storage provide an URLOpener for certmagic.Storage interfaces

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL