localkms

package

v0.1.0 Latest Latest Go to latest Published: Jan 11, 2023 License: Apache-2.0 Imports: 10 Imported by: 3

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

Documentation ¶

Overview ¶

Package localkms contains a KMS implementation that uses Google's Tink crypto library. Private keys may intermittently reside in local memory with this implementation so keep this consideration in mind when deciding whether to use this or not.

Index ¶

type AriesCryptoWrapper
- func NewAriesCryptoWrapper(cryptosKMS kms.KeyManager, wrappedCrypto crypto.Crypto) *AriesCryptoWrapper
- func (c *AriesCryptoWrapper) Sign(msg []byte, keyID string) ([]byte, error)
- func (c *AriesCryptoWrapper) Verify(signature, msg []byte, keyID string) error
type Config
type InMemoryStorageProvider
- func NewInMemoryStorageProvider() *InMemoryStorageProvider
- func (p *InMemoryStorageProvider) SecretLock() secretlock.Service
- func (p *InMemoryStorageProvider) StorageProvider() arieskms.Store
type InMemoryStore
- func NewInMemoryStore() *InMemoryStore
type LocalKMS
- func NewLocalKMS(cfg *Config) (*LocalKMS, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AriesCryptoWrapper ¶

type AriesCryptoWrapper struct {
	// contains filtered or unexported fields
}

AriesCryptoWrapper wraps aries crypto implementations to conform api.Crypto interface.

func NewAriesCryptoWrapper ¶

func NewAriesCryptoWrapper(cryptosKMS kms.KeyManager, wrappedCrypto crypto.Crypto) *AriesCryptoWrapper

NewAriesCryptoWrapper returns new instance of AriesCryptoWrapper.

func (*AriesCryptoWrapper) Sign ¶

func (c *AriesCryptoWrapper) Sign(msg []byte, keyID string) ([]byte, error)

Sign gets key from kms using keyID and use it to sign data.

func (*AriesCryptoWrapper) Verify ¶

func (c *AriesCryptoWrapper) Verify(signature, msg []byte, keyID string) error

Verify gets key from kms using keyID and use it to verify data.

type Config ¶

type Config struct {
	Storage arieskms.Store
}

Config is config for local kms constructor.

type InMemoryStorageProvider ¶

type InMemoryStorageProvider struct {
	Storage arieskms.Store
}

InMemoryStorageProvider represents an in-memory storage provide that can be used to satisfy the Aries KMS Provider interface.

func NewInMemoryStorageProvider ¶

func NewInMemoryStorageProvider() *InMemoryStorageProvider

NewInMemoryStorageProvider returns a new InMemoryStorageProvider.

func (*InMemoryStorageProvider) SecretLock ¶

func (p *InMemoryStorageProvider) SecretLock() secretlock.Service

SecretLock returns the Aries no-op secretlock.Service implementation.

func (*InMemoryStorageProvider) StorageProvider ¶

func (p *InMemoryStorageProvider) StorageProvider() arieskms.Store

StorageProvider returns an in-memory arieskms.Store implemenation.

type InMemoryStore ¶

type InMemoryStore struct {
	// contains filtered or unexported fields
}

InMemoryStore represents an in-memory database of keysets.

func NewInMemoryStore ¶

func NewInMemoryStore() *InMemoryStore

NewInMemoryStore returns a new InMemoryStore.

func (*InMemoryStore) Delete ¶

func (k *InMemoryStore) Delete(keysetID string) error

Delete deletes the key stored under the given keysetID.

func (*InMemoryStore) Get ¶

func (k *InMemoryStore) Get(keysetID string) ([]byte, error)

Get retrieves the key stored under the given keysetID. If no key is found, then an error is returned.

func (*InMemoryStore) Put ¶

func (k *InMemoryStore) Put(keysetID string, keyset []byte) error

Put stores the given key under the given keysetID.

type LocalKMS ¶

type LocalKMS struct {
	// contains filtered or unexported fields
}

LocalKMS is a KMS implementation that uses Google's Tink crypto library. Private keys may intermittently reside in local memory with this implementation so keep this consideration in mind when deciding whether to use this or not.

func NewLocalKMS ¶

func NewLocalKMS(cfg *Config) (*LocalKMS, error)

NewLocalKMS returns a new Local KMS.

func (*LocalKMS) Create ¶

func (k *LocalKMS) Create(keyType arieskms.KeyType) (string, []byte, error)

Create creates a keyset of the given keyType and then writes it to storage. The keyID and raw public key bytes of the newly generated keyset are returned.

func (*LocalKMS) ExportPubKey ¶

func (k *LocalKMS) ExportPubKey(string) ([]byte, error)

ExportPubKey returns the public key associated with the given keyID as raw bytes.

func (*LocalKMS) GetAriesKMS deprecated

func (k *LocalKMS) GetAriesKMS() *arieslocalkms.LocalKMS

GetAriesKMS returns the underlying Aries local KMS instance.

Deprecated: This method will be removed in a future version.

func (*LocalKMS) GetCrypto ¶

func (k *LocalKMS) GetCrypto() goapi.Crypto

GetCrypto returns Crypto instance that can perform crypto ops with keys created by this kms.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL