Documentation
¶
Overview ¶
Package localkms contains a KMS implementation that uses Google's Tink crypto library. Private keys may intermittently reside in local memory with this implementation so keep this consideration in mind when deciding whether to use this or not.
Index ¶
Constants ¶
const ( // KeyTypeED25519 is the name recognized by the Create method for creating an ED25519 keyset. KeyTypeED25519 = kmsspi.ED25519 // KeyTypeP256 is the name recognized by the Create method for creating a P-256 keyset. KeyTypeP256 = kmsspi.ECDSAP256IEEEP1363 // KeyTypeP384 is the name recognized by the Create method for creating a P-384 keyset. KeyTypeP384 = kmsspi.ECDSAP384IEEEP1363 )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type KMS ¶
type KMS struct {
GoAPILocalKMS *goapilocalkms.LocalKMS
}
KMS is a KMS implementation that uses Google's Tink crypto library. Private keys may intermittently reside in local memory with this implementation so keep this consideration in mind when deciding whether to use this or not.
func (*KMS) Create ¶
func (k *KMS) Create(keyType string) (*api.JSONWebKey, error)
Create creates a keyset of the given keyType and then writes it to storage. The public key JWK for the newly generated keyset is returned.
func (*KMS) ExportPubKey ¶
func (k *KMS) ExportPubKey(keyID string) (*api.JSONWebKey, error)
ExportPubKey returns the public key associated with the given keyID as a JWK.
type MemKMSStore ¶
type MemKMSStore struct {
// contains filtered or unexported fields
}
MemKMSStore is a simple in-memory KMS store implementation.
func (*MemKMSStore) Get ¶
func (m *MemKMSStore) Get(keysetID string) (*Result, error)
Get retrieves the key stored under the given keysetID. The returned result indicates whether a key was found and, if so, the key bytes. If a key was not found, then Result.Found will be false and no error will be returned.
type Result ¶
type Result struct {
// Found indicates whether a key was found stored under the given keysetID.
// If this is false, then Key should be nil. If this is true, then Key should not be nil.
Found bool
// Key is the retrieved key bytes.
Key []byte
}
Result indicates the result of a key retrieval operation (see Store.Get for more info).
type Store ¶
type Store interface {
// Put stores the given key under the given keysetID.
Put(keysetID string, key []byte) error
// Get retrieves the key stored under the given keysetID.
// The returned result indicates whether a key was found and, if so, the key bytes.
// If a key was not found, then Result.Found should be set accordingly - no error should be returned in this case.
Get(keysetID string) (*Result, error)
}
Store defines the storage capability for local KMS.
Source Files