Documentation
¶
Index ¶
- Constants
- type CryptoServiceIndex
- type GormPrivateKey
- type KeyDBStore
- func (s *KeyDBStore) AddKey(name, alias string, privKey data.PrivateKey) error
- func (s *KeyDBStore) ExportKey(name string) ([]byte, error)
- func (s *KeyDBStore) GetKey(name string) (data.PrivateKey, string, error)
- func (s *KeyDBStore) HealthCheck() error
- func (s *KeyDBStore) ImportKey(pemBytes []byte, alias string) error
- func (s *KeyDBStore) ListKeys() map[string]string
- func (s *KeyDBStore) RemoveKey(name string) error
- func (s *KeyDBStore) RotateKeyPassphrase(name, newPassphraseAlias string) error
- type KeyManager
- type NotarySigner
- func (trust *NotarySigner) CheckHealth(timeout time.Duration) error
- func (trust *NotarySigner) Create(role, algorithm string) (data.PublicKey, error)
- func (trust *NotarySigner) GetKey(keyid string) data.PublicKey
- func (trust *NotarySigner) GetPrivateKey(keyid string) (data.PrivateKey, string, error)
- func (trust *NotarySigner) ListKeys(role string) []string
- func (trust *NotarySigner) RemoveKey(keyid string) error
- func (trust *NotarySigner) Sign(keyIDs []string, toSign []byte) ([]data.Signature, error)
- type Signer
- type SigningService
Constants ¶
const ( EncryptionAlg = jose.A256GCM KeywrapAlg = jose.PBES2_HS256_A128KW )
Constants
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CryptoServiceIndex ¶
type CryptoServiceIndex map[string]signed.CryptoService
CryptoServiceIndex represents a mapping between a service algorithm string and a CryptoService
type GormPrivateKey ¶
type GormPrivateKey struct {
gorm.Model
KeyID string `sql:"not null;unique;index:key_id_idx"`
EncryptionAlg string `sql:"not null"`
KeywrapAlg string `sql:"not null"`
Algorithm string `sql:"not null"`
PassphraseAlias string `sql:"not null"`
Public string `sql:"not null"`
Private string `sql:"not null"`
}
GormPrivateKey represents a PrivateKey in the database
func (GormPrivateKey) TableName ¶
func (g GormPrivateKey) TableName() string
TableName sets a specific table name for our GormPrivateKey
type KeyDBStore ¶
KeyDBStore persists and manages private keys on a SQL database
func NewKeyDBStore ¶
func NewKeyDBStore(passphraseRetriever passphrase.Retriever, defaultPassAlias, dbType string, dbSQL *sql.DB) (*KeyDBStore, error)
NewKeyDBStore returns a new KeyDBStore backed by a SQL database
func (*KeyDBStore) AddKey ¶
func (s *KeyDBStore) AddKey(name, alias string, privKey data.PrivateKey) error
AddKey stores the contents of a private key. Both name and alias are ignored, we always use Key IDs as name, and don't support aliases
func (*KeyDBStore) ExportKey ¶
func (s *KeyDBStore) ExportKey(name string) ([]byte, error)
ExportKey is currently unimplemented and will always return an error
func (*KeyDBStore) GetKey ¶
func (s *KeyDBStore) GetKey(name string) (data.PrivateKey, string, error)
GetKey returns the PrivateKey given a KeyID
func (*KeyDBStore) HealthCheck ¶
func (s *KeyDBStore) HealthCheck() error
HealthCheck verifies that DB exists and is query-able
func (*KeyDBStore) ImportKey ¶
func (s *KeyDBStore) ImportKey(pemBytes []byte, alias string) error
ImportKey is currently unimplemented and will always return an error
func (*KeyDBStore) ListKeys ¶
func (s *KeyDBStore) ListKeys() map[string]string
ListKeys always returns nil. This method is here to satisfy the KeyStore interface
func (*KeyDBStore) RemoveKey ¶
func (s *KeyDBStore) RemoveKey(name string) error
RemoveKey removes the key from the keyfilestore
func (*KeyDBStore) RotateKeyPassphrase ¶
func (s *KeyDBStore) RotateKeyPassphrase(name, newPassphraseAlias string) error
RotateKeyPassphrase rotates the key-encryption-key
type KeyManager ¶
type KeyManager interface {
// CreateKey creates a new key and returns it's Information
CreateKey() (*pb.PublicKey, error)
// DeleteKey removes a key
DeleteKey(keyID *pb.KeyID) (*pb.Void, error)
// KeyInfo returns the public key of a particular key
KeyInfo(keyID *pb.KeyID) (*pb.PublicKey, error)
}
KeyManager is the interface to implement key management (possibly a key database)
type NotarySigner ¶
type NotarySigner struct {
// contains filtered or unexported fields
}
NotarySigner implements a RPC based Trust service that calls the Notary-signer Service
func NewNotarySigner ¶
func NewNotarySigner(hostname string, port string, tlsConfig *tls.Config) *NotarySigner
NewNotarySigner is a convinience method that returns NotarySigner
func (*NotarySigner) CheckHealth ¶
func (trust *NotarySigner) CheckHealth(timeout time.Duration) error
CheckHealth checks the health of one of the clients, since both clients run from the same GRPC server.
func (*NotarySigner) Create ¶
func (trust *NotarySigner) Create(role, algorithm string) (data.PublicKey, error)
Create creates a remote key and returns the PublicKey associated with the remote private key
func (*NotarySigner) GetKey ¶
func (trust *NotarySigner) GetKey(keyid string) data.PublicKey
GetKey retrieves a key
func (*NotarySigner) GetPrivateKey ¶
func (trust *NotarySigner) GetPrivateKey(keyid string) (data.PrivateKey, string, error)
GetPrivateKey errors in all cases
func (*NotarySigner) ListKeys ¶
func (trust *NotarySigner) ListKeys(role string) []string
ListKeys not supported for NotarySigner
func (*NotarySigner) RemoveKey ¶
func (trust *NotarySigner) RemoveKey(keyid string) error
RemoveKey deletes a key
type Signer ¶
type Signer interface {
Sign(request *pb.SignatureRequest) (*pb.Signature, error)
}
Signer is the interface that allows the signing service to return signatures
type SigningService ¶
type SigningService interface {
KeyManager
// Signer returns a Signer for a given keyID
Signer(keyID *pb.KeyID) (Signer, error)
}
SigningService is the interface to implement a key management and signing service
Source Files
Directories