cloudkms

Documentation

Index

• Constants
• func Parent(name string) (string, string)
• type CloudKMS
  • func New(ctx context.Context, opts apiv1.Options) (*CloudKMS, error)
  • func NewCloudKMS(client KeyManagementClient) *CloudKMS
  • func (k *CloudKMS) Close() error
  • func (k *CloudKMS) CreateKey(req *apiv1.CreateKeyRequest) (*apiv1.CreateKeyResponse, error)
  • func (k *CloudKMS) CreateSigner(req *apiv1.CreateSignerRequest) (crypto.Signer, error)
  • func (k *CloudKMS) GetPublicKey(req *apiv1.GetPublicKeyRequest) (crypto.PublicKey, error)
• type KeyManagementClient
• type Signer
  • func NewSigner(c KeyManagementClient, signingKey string) *Signer
  • func (s *Signer) Public() crypto.PublicKey
  • func (s *Signer) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)

Constants

const Scheme = "cloudkms"

Scheme is the scheme used in uris.

Functions

func Parent

func Parent(name string) (string, string)

Parent splits a string in the format `key/value/key2/value2` in a parent and child, for the previous string it will return `key/value` and `value2`.

Types

type CloudKMS

type CloudKMS struct {
	// contains filtered or unexported fields
}

CloudKMS implements a KMS using Google's Cloud apiv1.

func New

func New(ctx context.Context, opts apiv1.Options) (*CloudKMS, error)

New creates a new CloudKMS configured with a new client.

func NewCloudKMS

func NewCloudKMS(client KeyManagementClient) *CloudKMS

NewCloudKMS creates a CloudKMS with a given client.

func (*CloudKMS) Close

func (k *CloudKMS) Close() error

Close closes the connection of the Cloud KMS client.

func (*CloudKMS) CreateKey

func (k *CloudKMS) CreateKey(req *apiv1.CreateKeyRequest) (*apiv1.CreateKeyResponse, error)

CreateKey creates in Google's Cloud KMS a new asymmetric key for signing.

func (*CloudKMS) CreateSigner

func (k *CloudKMS) CreateSigner(req *apiv1.CreateSignerRequest) (crypto.Signer, error)

CreateSigner returns a new cloudkms signer configured with the given signing key name.

func (*CloudKMS) GetPublicKey

func (k *CloudKMS) GetPublicKey(req *apiv1.GetPublicKeyRequest) (crypto.PublicKey, error)

GetPublicKey gets from Google's Cloud KMS a public key by name. Key names follow the pattern:

projects/([^/]+)/locations/([a-zA-Z0-9_-]{1,63})/keyRings/([a-zA-Z0-9_-]{1,63})/cryptoKeys/([a-zA-Z0-9_-]{1,63})/cryptoKeyVersions/([a-zA-Z0-9_-]{1,63})

type KeyManagementClient

type KeyManagementClient interface {
	Close() error
	GetPublicKey(context.Context, *kmspb.GetPublicKeyRequest, ...gax.CallOption) (*kmspb.PublicKey, error)
	AsymmetricSign(context.Context, *kmspb.AsymmetricSignRequest, ...gax.CallOption) (*kmspb.AsymmetricSignResponse, error)
	CreateCryptoKey(context.Context, *kmspb.CreateCryptoKeyRequest, ...gax.CallOption) (*kmspb.CryptoKey, error)
	GetKeyRing(context.Context, *kmspb.GetKeyRingRequest, ...gax.CallOption) (*kmspb.KeyRing, error)
	CreateKeyRing(context.Context, *kmspb.CreateKeyRingRequest, ...gax.CallOption) (*kmspb.KeyRing, error)
	CreateCryptoKeyVersion(ctx context.Context, req *kmspb.CreateCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error)
}

KeyManagementClient defines the methods on KeyManagementClient that this package will use. This interface will be used for unit testing.

type Signer

type Signer struct {
	// contains filtered or unexported fields
}

Signer implements a crypto.Signer using Google's Cloud KMS.

func NewSigner

func NewSigner(c KeyManagementClient, signingKey string) *Signer

func (*Signer) Public

func (s *Signer) Public() crypto.PublicKey

Public returns the public key of this signer or an error.

func (*Signer) Sign

func (s *Signer) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)

Sign signs digest with the private key stored in Google's Cloud KMS.