cloudkms

package
v0.17.3-rc9 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 13, 2021 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source
const Scheme = "cloudkms"

Scheme is the scheme used in uris.

Variables

This section is empty.

Functions

func Parent

func Parent(name string) (string, string)

Parent splits a string in the format `key/value/key2/value2` in a parent and child, for the previous string it will return `key/value` and `value2`.

Types

type CloudKMS

type CloudKMS struct {
	// contains filtered or unexported fields
}

CloudKMS implements a KMS using Google's Cloud apiv1.

func New

func New(ctx context.Context, opts apiv1.Options) (*CloudKMS, error)

New creates a new CloudKMS configured with a new client.

func NewCloudKMS

func NewCloudKMS(client KeyManagementClient) *CloudKMS

NewCloudKMS creates a CloudKMS with a given client.

func (*CloudKMS) Close

func (k *CloudKMS) Close() error

Close closes the connection of the Cloud KMS client.

func (*CloudKMS) CreateKey

CreateKey creates in Google's Cloud KMS a new asymmetric key for signing.

func (*CloudKMS) CreateSigner

func (k *CloudKMS) CreateSigner(req *apiv1.CreateSignerRequest) (crypto.Signer, error)

CreateSigner returns a new cloudkms signer configured with the given signing key name.

func (*CloudKMS) GetPublicKey

func (k *CloudKMS) GetPublicKey(req *apiv1.GetPublicKeyRequest) (crypto.PublicKey, error)

GetPublicKey gets from Google's Cloud KMS a public key by name. Key names follow the pattern:

projects/([^/]+)/locations/([a-zA-Z0-9_-]{1,63})/keyRings/([a-zA-Z0-9_-]{1,63})/cryptoKeys/([a-zA-Z0-9_-]{1,63})/cryptoKeyVersions/([a-zA-Z0-9_-]{1,63})

type KeyManagementClient

KeyManagementClient defines the methods on KeyManagementClient that this package will use. This interface will be used for unit testing.

type Signer

type Signer struct {
	// contains filtered or unexported fields
}

Signer implements a crypto.Signer using Google's Cloud KMS.

func NewSigner

func NewSigner(c KeyManagementClient, signingKey string) (*Signer, error)

NewSigner creates a new crypto.Signer the given CloudKMS signing key.

func (*Signer) Public

func (s *Signer) Public() crypto.PublicKey

Public returns the public key of this signer or an error.

func (*Signer) Sign

func (s *Signer) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)

Sign signs digest with the private key stored in Google's Cloud KMS.

func (*Signer) SignatureAlgorithm added in v0.17.3

func (s *Signer) SignatureAlgorithm() x509.SignatureAlgorithm

SignatureAlgorithm returns the algorithm that must be specified in a certificate to sign. This is specially important to distinguish RSA and RSAPSS schemas.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL