Documentation ¶
Overview ¶
Package crypto provides tools for data encryption and certificates management
Index ¶
- Constants
- Variables
- func CreateRsaKey() (*rsa.PrivateKey, error)
- func DeleteKeyringPassword(service string, user string) error
- func EncodePrivate(password []byte, key crypto.PrivateKey) ([]byte, error)
- func GenerateCACertificate(t *Template) (*x509.Certificate, error)
- func GenerateServiceCertificate(t *Template) (*x509.Certificate, error)
- func GetKeyringPassword(service string, user string, createIfNotExist bool) ([]byte, error)
- func GetSignature(key *ecdsa.PrivateKey, data []byte) (string, error)
- func KeyFromPassword(password []byte, l int) []byte
- func LoadCertificate(file string) (*x509.Certificate, error)
- func LoadPrivateKey(password []byte, file string) (crypto.PrivateKey, error)
- func Md5(data []byte) []byte
- func NewEcdsaPrivateKey(alg string) (*ecdsa.PrivateKey, error)
- func NewLegacyAESGCMMaterials(info *encryption.NodeInfo) *legacyReadMaterials
- func Open(key []byte, nonce []byte, cipherData []byte) ([]byte, error)
- func ParsePrivate(password []byte, bytes []byte) (crypto.PrivateKey, error)
- func PublicKeyFromRsaKey(privateKey *rsa.PrivateKey) rsa.PublicKey
- func RandomBytes(size int) ([]byte, error)
- func RsaKeyFromPEM(pemString string) (*rsa.PrivateKey, error)
- func RsaKeyFromPEMFile(filename string) (*rsa.PrivateKey, error)
- func RsaKeyToPEM(key *rsa.PrivateKey, filename ...string) (string, error)
- func RsaPublicKeyToPEM(pubKey rsa.PublicKey, filename ...string) (string, error)
- func Seal(key []byte, data []byte) ([]byte, error)
- func SealWithNonce(key []byte, nonce []byte, data []byte) ([]byte, error)
- func SetKeyringPassword(service string, user string, password []byte) error
- func StoreCertificate(cert *x509.Certificate, file string, perm os.FileMode) error
- func StorePrivateKey(key crypto.PrivateKey, password []byte, file string) error
- func TLSConfigFromURL(u *url.URL) (*tls.Config, error)
- func VerifySignature(data []byte, key *ecdsa.PublicKey, signature string) bool
- type AESGCMEncryptionMaterials
- func (m *AESGCMEncryptionMaterials) CalculateOutputSize(plainSize int64, user string) int64
- func (m *AESGCMEncryptionMaterials) Close() error
- func (m *AESGCMEncryptionMaterials) ExtractedMeta() (map[string]string, bool)
- func (m *AESGCMEncryptionMaterials) Read(b []byte) (int, error)
- func (m *AESGCMEncryptionMaterials) SetPlainRange(offset, length int64)
- func (m *AESGCMEncryptionMaterials) SetupDecryptMode(workingKey []byte, stream io.Reader) error
- func (m *AESGCMEncryptionMaterials) SetupEncryptMode(workingKey []byte, stream io.Reader) error
- type BlockHandler
- type EncryptedBlock
- type EncryptedBlockHeader
- type EncryptedBlockHeaderOption
- func (op *EncryptedBlockHeaderOption) GetID() uint8
- func (op *EncryptedBlockHeaderOption) GetValue() []byte
- func (op *EncryptedBlockHeaderOption) HasValue() bool
- func (op *EncryptedBlockHeaderOption) IsTheLast() bool
- func (op *EncryptedBlockHeaderOption) Read(reader io.Reader) (int, error)
- func (op *EncryptedBlockHeaderOption) SetId(id uint8) error
- func (op *EncryptedBlockHeaderOption) SetIsTheLast(last bool)
- func (op *EncryptedBlockHeaderOption) SetValue(value []byte) error
- func (op *EncryptedBlockHeaderOption) Write(writer io.Writer) (int, error)
- type Keyring
- type KeyringOption
- type KeyringOptions
- type Options
- type Template
- type VaultCipher
Constants ¶
const ( AESGCMAuthTagSize = 16 AESGCMNonceSize = 12 )
const ( KeyCertStoreName = "tlsCertStoreName" KeyCertInsecureHost = "tlsCertInsecureHost" KeyCertUUID = "tlsCertUUID" KeyCertKeyUUID = "tlsCertKeyUUID" KeyCertCAUUID = "tlsCertCAUUID" )
Variables ¶
var ( // ErrNotFound is the expected error if the secret isn't found in the // keyring. ErrNotFound = fmt.Errorf("secret not found in keyring") )
var (
KeyringContextKey = keyringKey{}
)
var SALT = []byte{224, 32, 00, 33, 78, 3, 25, 56, 54, 5, 54, 9, 79, 76, 189, 8}
Functions ¶
func CreateRsaKey ¶
func CreateRsaKey() (*rsa.PrivateKey, error)
CreateRsaKey generates a new private key.
func DeleteKeyringPassword ¶
DeleteKeyringPassword removes all key that matches "service" and "user".
func EncodePrivate ¶
func EncodePrivate(password []byte, key crypto.PrivateKey) ([]byte, error)
func GenerateCACertificate ¶
func GenerateCACertificate(t *Template) (*x509.Certificate, error)
GenerateCACertificate generates a certificate for a CA.
func GenerateServiceCertificate ¶
func GenerateServiceCertificate(t *Template) (*x509.Certificate, error)
GenerateServiceCertificate generates a certificate for a service.
func GetKeyringPassword ¶
GetKeyringPassword retrieves a password from the keyring. If no key matches "service" and "user" and if createIfNotExist flag is set, a new key is generated and returned.
func GetSignature ¶
func GetSignature(key *ecdsa.PrivateKey, data []byte) (string, error)
func KeyFromPassword ¶
func LoadCertificate ¶
func LoadCertificate(file string) (*x509.Certificate, error)
LoadCertificate loads file contenant and decodes it into a x509.Certificate.
func LoadPrivateKey ¶
func LoadPrivateKey(password []byte, file string) (crypto.PrivateKey, error)
LoadPrivateKey loads the encrypted private key from the passed file and decrypts it.
func NewEcdsaPrivateKey ¶
func NewEcdsaPrivateKey(alg string) (*ecdsa.PrivateKey, error)
func NewLegacyAESGCMMaterials ¶
func NewLegacyAESGCMMaterials(info *encryption.NodeInfo) *legacyReadMaterials
NewLegacyAESGCMMaterials creates an encryption materials that uses legacy material
func ParsePrivate ¶
func ParsePrivate(password []byte, bytes []byte) (crypto.PrivateKey, error)
func PublicKeyFromRsaKey ¶
func PublicKeyFromRsaKey(privateKey *rsa.PrivateKey) rsa.PublicKey
PublicKeyFromRsaKey extracts the public key.
func RandomBytes ¶
func RsaKeyFromPEM ¶
func RsaKeyFromPEM(pemString string) (*rsa.PrivateKey, error)
RsaKeyFromPEM parses a PEM string.
func RsaKeyFromPEMFile ¶
func RsaKeyFromPEMFile(filename string) (*rsa.PrivateKey, error)
RsaKeyFromPEMFile loads a PEM file and parses the private key.
func RsaKeyToPEM ¶
func RsaKeyToPEM(key *rsa.PrivateKey, filename ...string) (string, error)
RsaKeyToPEM encodes the private key in PEM format.
func RsaPublicKeyToPEM ¶
RsaPublicKeyToPEM encodes the public key to PEM format.
func SetKeyringPassword ¶
SetKeyringPassword base64-encodes password and stores it.
func StoreCertificate ¶
StoreCertificate encodes certificate and stores the result in file.
func StorePrivateKey ¶
func StorePrivateKey(key crypto.PrivateKey, password []byte, file string) error
StorePrivateKey encrypts the private key and stores it in the returned file.
Types ¶
type AESGCMEncryptionMaterials ¶
type AESGCMEncryptionMaterials struct {
// contains filtered or unexported fields
}
AESGCMEncryptionMaterials implements AES-GCM encryption
func NewAESGCMMaterials ¶
func NewAESGCMMaterials(info *encryption.NodeInfo, blockHandler BlockHandler) *AESGCMEncryptionMaterials
NewAESGCMMaterials creates an encryption materials that use AES GCM.
func (*AESGCMEncryptionMaterials) CalculateOutputSize ¶
func (m *AESGCMEncryptionMaterials) CalculateOutputSize(plainSize int64, user string) int64
func (*AESGCMEncryptionMaterials) Close ¶
func (m *AESGCMEncryptionMaterials) Close() error
func (*AESGCMEncryptionMaterials) ExtractedMeta ¶
func (m *AESGCMEncryptionMaterials) ExtractedMeta() (map[string]string, bool)
ExtractedMeta implements common.ReaderMetaExtractor interface for underlying readers
func (*AESGCMEncryptionMaterials) Read ¶
func (m *AESGCMEncryptionMaterials) Read(b []byte) (int, error)
func (*AESGCMEncryptionMaterials) SetPlainRange ¶
func (m *AESGCMEncryptionMaterials) SetPlainRange(offset, length int64)
func (*AESGCMEncryptionMaterials) SetupDecryptMode ¶
func (m *AESGCMEncryptionMaterials) SetupDecryptMode(workingKey []byte, stream io.Reader) error
func (*AESGCMEncryptionMaterials) SetupEncryptMode ¶
func (m *AESGCMEncryptionMaterials) SetupEncryptMode(workingKey []byte, stream io.Reader) error
type BlockHandler ¶
type BlockHandler interface { SendKey(key *encryption.NodeKey) error SendBlock(block *encryption.Block) error Close() error }
type EncryptedBlock ¶
type EncryptedBlock struct { Header *EncryptedBlockHeader HeaderSize uint32 Payload []byte }
EncryptedBlock describes block
func (*EncryptedBlock) GetPayloadLength ¶
func (b *EncryptedBlock) GetPayloadLength() uint32
func (*EncryptedBlock) SetPayload ¶
func (b *EncryptedBlock) SetPayload(payload []byte) error
type EncryptedBlockHeader ¶
type EncryptedBlockHeader struct { Options *Options Nonce []byte // contains filtered or unexported fields }
EncryptedBlockHeader describes headers
func (*EncryptedBlockHeader) GetDataLength ¶
func (h *EncryptedBlockHeader) GetDataLength() uint32
func (*EncryptedBlockHeader) Read ¶
func (h *EncryptedBlockHeader) Read(reader io.Reader) (int, error)
func (*EncryptedBlockHeader) String ¶
func (h *EncryptedBlockHeader) String() string
type EncryptedBlockHeaderOption ¶
type EncryptedBlockHeaderOption struct {
// contains filtered or unexported fields
}
EncryptedBlockHeaderOption describes header
func (*EncryptedBlockHeaderOption) GetID ¶
func (op *EncryptedBlockHeaderOption) GetID() uint8
func (*EncryptedBlockHeaderOption) GetValue ¶
func (op *EncryptedBlockHeaderOption) GetValue() []byte
func (*EncryptedBlockHeaderOption) HasValue ¶
func (op *EncryptedBlockHeaderOption) HasValue() bool
func (*EncryptedBlockHeaderOption) IsTheLast ¶
func (op *EncryptedBlockHeaderOption) IsTheLast() bool
func (*EncryptedBlockHeaderOption) Read ¶
func (op *EncryptedBlockHeaderOption) Read(reader io.Reader) (int, error)
func (*EncryptedBlockHeaderOption) SetId ¶
func (op *EncryptedBlockHeaderOption) SetId(id uint8) error
func (*EncryptedBlockHeaderOption) SetIsTheLast ¶
func (op *EncryptedBlockHeaderOption) SetIsTheLast(last bool)
func (*EncryptedBlockHeaderOption) SetValue ¶
func (op *EncryptedBlockHeaderOption) SetValue(value []byte) error
type Keyring ¶
type Keyring interface { Get(string, string) (string, error) Set(string, string, string) error Delete(string, string) error }
func NewAutoKeyring ¶
func NewConfigKeyring ¶
func NewConfigKeyring(store config.Store, opt ...KeyringOption) Keyring
NewConfigKeyring places the keyring in a config store
func NewStdKeyring ¶
func NewStdKeyring() Keyring
NewStdKeyring places the keyring in a config store
type KeyringOption ¶
type KeyringOption func(*KeyringOptions)
func WithAutoCreate ¶
func WithAutoCreate(b bool, logger func(string)) KeyringOption
type KeyringOptions ¶
type Template ¶
type Template struct { Name string Domains []string IPs []net.IP Expiry time.Duration PublicKey crypto.PublicKey SignerPrivateKey crypto.PrivateKey SignerCertificate *x509.Certificate }
Template specs for generating a certificate.
type VaultCipher ¶
type VaultCipher struct {
// contains filtered or unexported fields
}
VaultCipher encrypts/decrypts with master key
func NewVaultCipher ¶
func NewVaultCipher(master string) (VaultCipher, error)