Documentation ¶
Index ¶
- Variables
- func CheckRootKeyIsEncrypted(pemBytes []byte) error
- func GenerateCertificate(rootKey data.PrivateKey, gun data.GUN, startTime, endTime time.Time) (*x509.Certificate, error)
- type CryptoService
- func (cs *CryptoService) AddKey(role data.RoleName, gun data.GUN, key data.PrivateKey) (err error)
- func (cs *CryptoService) Create(role data.RoleName, gun data.GUN, algorithm string) (data.PublicKey, error)
- func (cs *CryptoService) GetKey(keyID string) data.PublicKey
- func (cs *CryptoService) GetKeyInfo(keyID string) (trustmanager.KeyInfo, error)
- func (cs *CryptoService) GetPrivateKey(keyID string) (k data.PrivateKey, role data.RoleName, err error)
- func (cs *CryptoService) ListAllKeys() map[string]data.RoleName
- func (cs *CryptoService) ListKeys(role data.RoleName) []string
- func (cs *CryptoService) RemoveKey(keyID string) (err error)
Constants ¶
This section is empty.
Variables ¶
var ( // ErrNoValidPrivateKey is returned if a key being imported doesn't // look like a private key ErrNoValidPrivateKey = errors.New("no valid private key found") // ErrRootKeyNotEncrypted is returned if a root key being imported is // unencrypted ErrRootKeyNotEncrypted = errors.New("only encrypted root keys may be imported") // EmptyService is an empty crypto service EmptyService = NewCryptoService() )
Functions ¶
func CheckRootKeyIsEncrypted ¶ added in v0.3.0
CheckRootKeyIsEncrypted makes sure the root key is encrypted. We have internal assumptions that depend on this.
func GenerateCertificate ¶
func GenerateCertificate(rootKey data.PrivateKey, gun data.GUN, startTime, endTime time.Time) (*x509.Certificate, error)
GenerateCertificate generates an X509 Certificate from a template, given a GUN and validity interval
Types ¶
type CryptoService ¶
type CryptoService struct {
// contains filtered or unexported fields
}
CryptoService implements Sign and Create, holding a specific GUN and keystore to operate on
func NewCryptoService ¶
func NewCryptoService(keyStores ...trustmanager.KeyStore) *CryptoService
NewCryptoService returns an instance of CryptoService
func (*CryptoService) AddKey ¶ added in v0.3.0
func (cs *CryptoService) AddKey(role data.RoleName, gun data.GUN, key data.PrivateKey) (err error)
AddKey adds a private key to a specified role. The GUN is inferred from the cryptoservice itself for non-root roles
func (*CryptoService) Create ¶
func (cs *CryptoService) Create(role data.RoleName, gun data.GUN, algorithm string) (data.PublicKey, error)
Create is used to generate keys for targets, snapshots and timestamps
func (*CryptoService) GetKey ¶
func (cs *CryptoService) GetKey(keyID string) data.PublicKey
GetKey returns a key by ID
func (*CryptoService) GetKeyInfo ¶ added in v0.3.0
func (cs *CryptoService) GetKeyInfo(keyID string) (trustmanager.KeyInfo, error)
GetKeyInfo returns role and GUN info of a key by ID
func (*CryptoService) GetPrivateKey ¶
func (cs *CryptoService) GetPrivateKey(keyID string) (k data.PrivateKey, role data.RoleName, err error)
GetPrivateKey returns a private key and role if present by ID.
func (*CryptoService) ListAllKeys ¶
func (cs *CryptoService) ListAllKeys() map[string]data.RoleName
ListAllKeys returns a map of key IDs to role
func (*CryptoService) ListKeys ¶
func (cs *CryptoService) ListKeys(role data.RoleName) []string
ListKeys returns a list of key IDs valid for the given role
func (*CryptoService) RemoveKey ¶
func (cs *CryptoService) RemoveKey(keyID string) (err error)
RemoveKey deletes a key by ID