Documentation
¶
Overview ¶
Package kmssigner provides a note(https://pkg.go.dev/golang.org/x/mod/sumdb/note)-compatible signer which uses keys from Google Cloud Platform KMS.
TODO(jayhou): move this package to https://github.com/transparency-dev/serverless-log.
Index ¶
Constants ¶
const ( // KeyVersionNameFormat is the GCP resource identifier for a key version. // google.cloud.kms.v1.CryptoKeyVersion.name // https://cloud.google.com/php/docs/reference/cloud-kms/latest/V1.CryptoKeyVersion KeyVersionNameFormat = "projects/%s/locations/%s/keyRings/%s/cryptoKeys/%s/cryptoKeyVersions/%d" )
Variables ¶
This section is empty.
Functions ¶
func VerifierKeyString ¶
func VerifierKeyString(ctx context.Context, c *kms.KeyManagementClient, kmsKeyName, noteKeyName string) (string, error)
VerifierKeyString returns a string which can be used to create a note verifier based on a GCP KMS [Ed25519](https://pkg.go.dev/golang.org/x/mod/sumdb/note#hdr-Generating_Keys) key.
Types ¶
type Signer ¶
type Signer struct {
// contains filtered or unexported fields
}
Signer is an implementation of a [note signer](https://pkg.go.dev/golang.org/x/mod/sumdb/note#Signer) which interfaces with GCP KMS.
func New ¶
func New(ctx context.Context, c *kms.KeyManagementClient, kmsKeyName, noteKeyName string) (*Signer, error)
New creates a signer which uses keys in GCP KMS. The signing algorithm is expected to be [Ed25519](https://pkg.go.dev/golang.org/x/mod/sumdb/note#hdr-Generating_Keys). To open a note signed by this Signer, the verifier must also be Ed25519.
Source Files