cryptoservice

package
v0.3.0-RC3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 29, 2016 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// ErrNoValidPrivateKey is returned if a key being imported doesn't
	// look like a private key
	ErrNoValidPrivateKey = errors.New("no valid private key found")

	// ErrRootKeyNotEncrypted is returned if a root key being imported is
	// unencrypted
	ErrRootKeyNotEncrypted = errors.New("only encrypted root keys may be imported")

	// ErrNoKeysFoundForGUN is returned if no keys are found for the
	// specified GUN during export
	ErrNoKeysFoundForGUN = errors.New("no keys found for specified GUN")
)

Functions

func CheckRootKeyIsEncrypted added in v0.3.0

func CheckRootKeyIsEncrypted(pemBytes []byte) error

CheckRootKeyIsEncrypted makes sure the root key is encrypted. We have internal assumptions that depend on this.

func GenerateCertificate

func GenerateCertificate(rootKey data.PrivateKey, gun string, startTime, endTime time.Time) (*x509.Certificate, error)

GenerateCertificate generates an X509 Certificate from a template, given a GUN and validity interval

Types

type CryptoService

type CryptoService struct {
	// contains filtered or unexported fields
}

CryptoService implements Sign and Create, holding a specific GUN and keystore to operate on

func NewCryptoService

func NewCryptoService(keyStores ...trustmanager.KeyStore) *CryptoService

NewCryptoService returns an instance of CryptoService

func (*CryptoService) AddKey added in v0.3.0

func (cs *CryptoService) AddKey(role, gun string, key data.PrivateKey) (err error)

AddKey adds a private key to a specified role. The GUN is inferred from the cryptoservice itself for non-root roles

func (*CryptoService) Create

func (cs *CryptoService) Create(role, gun, algorithm string) (data.PublicKey, error)

Create is used to generate keys for targets, snapshots and timestamps

func (*CryptoService) ExportAllKeys

func (cs *CryptoService) ExportAllKeys(dest io.Writer, newPassphraseRetriever passphrase.Retriever) error

ExportAllKeys exports all keys to an io.Writer in zip format. newPassphraseRetriever will be used to obtain passphrases to use to encrypt the existing keys.

func (*CryptoService) ExportKey

func (cs *CryptoService) ExportKey(dest io.Writer, keyID, role string) error

ExportKey exports the specified private key to an io.Writer in PEM format. The key's existing encryption is preserved.

func (*CryptoService) ExportKeyReencrypt

func (cs *CryptoService) ExportKeyReencrypt(dest io.Writer, keyID string, newPassphraseRetriever passphrase.Retriever) error

ExportKeyReencrypt exports the specified private key to an io.Writer in PEM format. The key is reencrypted with a new passphrase.

func (*CryptoService) ExportKeysByGUN

func (cs *CryptoService) ExportKeysByGUN(dest io.Writer, gun string, passphraseRetriever passphrase.Retriever) error

ExportKeysByGUN exports all keys associated with a specified GUN to an io.Writer in zip format. passphraseRetriever is used to select new passphrases to use to encrypt the keys.

func (*CryptoService) GetKey

func (cs *CryptoService) GetKey(keyID string) data.PublicKey

GetKey returns a key by ID

func (*CryptoService) GetKeyInfo added in v0.3.0

func (cs *CryptoService) GetKeyInfo(keyID string) (trustmanager.KeyInfo, error)

GetKeyInfo returns role and GUN info of a key by ID

func (*CryptoService) GetPrivateKey

func (cs *CryptoService) GetPrivateKey(keyID string) (k data.PrivateKey, role string, err error)

GetPrivateKey returns a private key and role if present by ID.

func (*CryptoService) ImportKeysZip

func (cs *CryptoService) ImportKeysZip(zipReader zip.Reader, retriever passphrase.Retriever) error

ImportKeysZip imports keys from a zip file provided as an zip.Reader. The keys in the root_keys directory are left encrypted, but the other keys are decrypted with the specified passphrase.

func (*CryptoService) ListAllKeys

func (cs *CryptoService) ListAllKeys() map[string]string

ListAllKeys returns a map of key IDs to role

func (*CryptoService) ListKeys

func (cs *CryptoService) ListKeys(role string) []string

ListKeys returns a list of key IDs valid for the given role

func (*CryptoService) RemoveKey

func (cs *CryptoService) RemoveKey(keyID string) (err error)

RemoveKey deletes a key by ID

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL