localkms

package

v0.1.3-0...-617a0de Latest Latest Go to latest Published: Mar 25, 2020 License: Apache-2.0 Imports: 23 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/scoir/aries-framework-go

Documentation ¶

Index ¶

Constants
type LocalKMS
- func New(masterKeyURI string, p kms.Provider) (*LocalKMS, error)
type PubKeyWriter
- func NewWriter(w io.Writer) *PubKeyWriter
- func (p *PubKeyWriter) Write(keyset *tinkpb.Keyset) error
- func (p *PubKeyWriter) WriteEncrypted(keyset *tinkpb.EncryptedKeyset) error

Constants ¶

View Source

const (
	// Namespace is the keystore's DB storage namespace
	Namespace = "kmsdb"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type LocalKMS ¶

type LocalKMS struct {
	// contains filtered or unexported fields
}

LocalKMS implements kms.KeyManager to provide key management capabilities using a local db. It uses an underlying secret lock service (default local secretLock) to wrap (encrypt) keys prior to storing them.

func New ¶

func New(masterKeyURI string, p kms.Provider) (*LocalKMS, error)

New will create a new (local) KMS service

func (*LocalKMS) Create ¶

func (l *LocalKMS) Create(kt kms.KeyType) (string, interface{}, error)

Create a new key/keyset for key type kt, store it and return its stored ID and key handle

func (*LocalKMS) ExportPubKeyBytes ¶

func (l *LocalKMS) ExportPubKeyBytes(id string) ([]byte, error)

ExportPubKeyBytes will fetch a key referenced by id then gets its public key in raw bytes and returns it. The key must be an asymmetric key it returns an error if it fails to export the public key bytes

func (*LocalKMS) Get ¶

func (l *LocalKMS) Get(keyID string) (interface{}, error)

Get key handle for the given keyID

func (*LocalKMS) PubKeyBytesToHandle ¶

func (l *LocalKMS) PubKeyBytesToHandle(pubKey []byte, kt kms.KeyType) (*keyset.Handle, error)

PubKeyBytesToHandle will create and return a key handle for pubKey of type kt it returns an error if it failed creating the key handle Note: The key handle created is not stored in the KMS, it's only useful to execute the crypto primitive associated with it.

func (*LocalKMS) Rotate ¶

func (l *LocalKMS) Rotate(kt kms.KeyType, keyID string) (string, interface{}, error)

Rotate a key referenced by keyID and return its updated handle

type PubKeyWriter ¶

type PubKeyWriter struct {
	// contains filtered or unexported fields
}

PubKeyWriter will write the raw bytes of a Tink KeySet's primary public key The keyset must be one of the keyURLs defined above

func NewWriter ¶

func NewWriter(w io.Writer) *PubKeyWriter

NewWriter creates a new PubKeyWriter instance

func (*PubKeyWriter) Write ¶

func (p *PubKeyWriter) Write(keyset *tinkpb.Keyset) error

Write writes the public keyset to the underlying w.Writer.

func (*PubKeyWriter) WriteEncrypted ¶

func (p *PubKeyWriter) WriteEncrypted(keyset *tinkpb.EncryptedKeyset) error

WriteEncrypted writes the encrypted keyset to the underlying w.Writer.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
internal
keywrapper

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL