signer

package
v0.0.0-test Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 13, 2023 License: Apache-2.0 Imports: 41 Imported by: 1

Documentation

Index

Constants

View Source 
const FileScheme = "file"
View Source 
const KMSScheme = "kms"
View Source 
const MemoryScheme = "memory"
View Source 
const TinkScheme = "tink"

Variables

This section is empty.

Functions

func GetPrimaryKey 

func GetPrimaryKey(ctx context.Context, kmsKey, hcVaultToken string) (tink.AEAD, error)

GetPrimaryKey returns a Tink AEAD encryption key from KMS Supports GCP, AWS, and Vault

func KeyHandleToSigner 

func KeyHandleToSigner(kh *keyset.Handle) (crypto.Signer, error)

KeyHandleToSigner converts a key handle to the crypto.Signer interface. Heavily pulls from Tink's signature and subtle packages.

func NewCryptoSigner 

func NewCryptoSigner(ctx context.Context, signer, kmsKey, tinkKmsKey, tinkKeysetPath, hcVaultToken, fileSignerPath, fileSignerPasswd string) (crypto.Signer, error)

func NewTimestampingCertWithChain 

func NewTimestampingCertWithChain(signer crypto.Signer) ([]*x509.Certificate, error)

NewTimestampingCertWithChain generates an in-memory certificate chain.

func NewTinkSigner 

func NewTinkSigner(ctx context.Context, tinkKeysetPath string, primaryKey tink.AEAD) (crypto.Signer, error)

NewTinkSigner creates a signer by decrypting a local Tink keyset with a remote KMS encryption key

Types

type File 

type File struct {
	crypto.Signer
}

File returns a file-based signer and verifier, used for local testing

func NewFileSigner 

func NewFileSigner(keyPath, keyPass string) (*File, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.