Documentation
¶
Index ¶
- func CreateSigner(kms, name string, opts ...pemutil.Options) (crypto.Signer, error)
- func IsKMSSigner(signer crypto.Signer) (ok bool)
- func IsX509Signer(signer crypto.Signer) bool
- func LoadCertificate(kms, certPath string) ([]*x509.Certificate, error)
- func LoadJSONWebKey(kms, name string, opts ...jose.Option) (*jose.JSONWebKey, error)
- func PublicKey(kms, name string, opts ...pemutil.Options) (crypto.PublicKey, error)
- type Attestor
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CreateSigner ¶
CreateSigner reads a key from a file with a given name or creates a signer with the given kms and name uri.
func IsKMSSigner ¶
IsKMSSigner returns true if the given signer uses the step-kms-plugin signer.
func IsX509Signer ¶
IsX509Signer returns true if the given signer is supported by Go's crypto/x509 package to sign X509 certificates. This methods returns true for ECDSA, RSA and Ed25519 keys, but if the kms is `sshagentkms:` it will only return true for Ed25519 keys. TODO(hs): introspect the KMS key to verify that it can actually be used for signing? E.g. for Google Cloud KMS RSA keys can be used for signing or decryption, but only one of those at a time. Trying to use a signing key to decrypt data will result in an error from Cloud KMS.
func LoadCertificate ¶ added in v0.23.0
func LoadCertificate(kms, certPath string) ([]*x509.Certificate, error)
LoadCertificate returns a x509.Certificate from a kms or file
func LoadJSONWebKey ¶ added in v0.23.4
LoadJSONWebKey returns a jose.JSONWebKey from a KMS or a file.
Types ¶
type Attestor ¶ added in v0.23.0
Attestor is the interface implemented by step-kms-plugin using the key, sign, and attest commands.
func CreateAttestor ¶ added in v0.23.0
CreateAttestor creates an attestor that will use `step-kms-plugin` with the given kms and name.
Source Files