Documentation
¶
Index ¶
- Variables
- func GenerateCertificate(rootKey data.PrivateKey, gun string, startTime, endTime time.Time) (*x509.Certificate, error)
- func GenerateTestingCertificate(signer crypto.Signer, gun string) (*x509.Certificate, error)
- type CryptoService
- func (cs *CryptoService) Create(role, algorithm string) (data.PublicKey, error)
- func (cs *CryptoService) ExportAllKeys(dest io.Writer, newPassphraseRetriever passphrase.Retriever) error
- func (cs *CryptoService) ExportKey(dest io.Writer, keyID, role string) error
- func (cs *CryptoService) ExportKeyReencrypt(dest io.Writer, keyID string, newPassphraseRetriever passphrase.Retriever) error
- func (cs *CryptoService) ExportKeysByGUN(dest io.Writer, gun string, passphraseRetriever passphrase.Retriever) error
- func (cs *CryptoService) GetKey(keyID string) data.PublicKey
- func (cs *CryptoService) GetPrivateKey(keyID string) (k data.PrivateKey, role string, err error)
- func (cs *CryptoService) ImportKeysZip(zipReader zip.Reader) error
- func (cs *CryptoService) ImportRoleKey(pemBytes []byte, role string, newPassphraseRetriever passphrase.Retriever) error
- func (cs *CryptoService) ImportRootKey(source io.Reader) error
- func (cs *CryptoService) ListAllKeys() map[string]string
- func (cs *CryptoService) ListKeys(role string) []string
- func (cs *CryptoService) RemoveKey(keyID string) (err error)
Constants ¶
This section is empty.
Variables ¶
var ( // ErrNoValidPrivateKey is returned if a key being imported doesn't // look like a private key ErrNoValidPrivateKey = errors.New("no valid private key found") // ErrRootKeyNotEncrypted is returned if a root key being imported is // unencrypted ErrRootKeyNotEncrypted = errors.New("only encrypted root keys may be imported") // ErrNoKeysFoundForGUN is returned if no keys are found for the // specified GUN during export ErrNoKeysFoundForGUN = errors.New("no keys found for specified GUN") )
Functions ¶
func GenerateCertificate ¶
func GenerateCertificate(rootKey data.PrivateKey, gun string, startTime, endTime time.Time) (*x509.Certificate, error)
GenerateCertificate generates an X509 Certificate from a template, given a GUN and validity interval
func GenerateTestingCertificate ¶
GenerateTestingCertificate generates a non-expired X509 Certificate from a template, given a GUN. Good enough for tests where expiration does not really matter; do not use if you care about the policy.
Types ¶
type CryptoService ¶
type CryptoService struct {
// contains filtered or unexported fields
}
CryptoService implements Sign and Create, holding a specific GUN and keystore to operate on
func NewCryptoService ¶
func NewCryptoService(gun string, keyStores ...trustmanager.KeyStore) *CryptoService
NewCryptoService returns an instance of CryptoService
func (*CryptoService) Create ¶
func (cs *CryptoService) Create(role, algorithm string) (data.PublicKey, error)
Create is used to generate keys for targets, snapshots and timestamps
func (*CryptoService) ExportAllKeys ¶
func (cs *CryptoService) ExportAllKeys(dest io.Writer, newPassphraseRetriever passphrase.Retriever) error
ExportAllKeys exports all keys to an io.Writer in zip format. newPassphraseRetriever will be used to obtain passphrases to use to encrypt the existing keys.
func (*CryptoService) ExportKey ¶
func (cs *CryptoService) ExportKey(dest io.Writer, keyID, role string) error
ExportKey exports the specified private key to an io.Writer in PEM format. The key's existing encryption is preserved.
func (*CryptoService) ExportKeyReencrypt ¶
func (cs *CryptoService) ExportKeyReencrypt(dest io.Writer, keyID string, newPassphraseRetriever passphrase.Retriever) error
ExportKeyReencrypt exports the specified private key to an io.Writer in PEM format. The key is reencrypted with a new passphrase.
func (*CryptoService) ExportKeysByGUN ¶
func (cs *CryptoService) ExportKeysByGUN(dest io.Writer, gun string, passphraseRetriever passphrase.Retriever) error
ExportKeysByGUN exports all keys associated with a specified GUN to an io.Writer in zip format. passphraseRetriever is used to select new passphrases to use to encrypt the keys.
func (*CryptoService) GetKey ¶
func (cs *CryptoService) GetKey(keyID string) data.PublicKey
GetKey returns a key by ID
func (*CryptoService) GetPrivateKey ¶
func (cs *CryptoService) GetPrivateKey(keyID string) (k data.PrivateKey, role string, err error)
GetPrivateKey returns a private key and role if present by ID. It tries to get the key first without a GUN (in which case it's a root key). If that fails, try to get the key with the GUN (non-root key). If that fails, then we don't have the key.
func (*CryptoService) ImportKeysZip ¶
func (cs *CryptoService) ImportKeysZip(zipReader zip.Reader) error
ImportKeysZip imports keys from a zip file provided as an zip.Reader. The keys in the root_keys directory are left encrypted, but the other keys are decrypted with the specified passphrase.
func (*CryptoService) ImportRoleKey ¶
func (cs *CryptoService) ImportRoleKey(pemBytes []byte, role string, newPassphraseRetriever passphrase.Retriever) error
ImportRoleKey imports a private key in PEM format key from a byte array It prompts for the key's passphrase to verify the data and to determine the key ID.
func (*CryptoService) ImportRootKey ¶
func (cs *CryptoService) ImportRootKey(source io.Reader) error
ImportRootKey imports a root in PEM format key from an io.Reader It prompts for the key's passphrase to verify the data and to determine the key ID.
func (*CryptoService) ListAllKeys ¶
func (cs *CryptoService) ListAllKeys() map[string]string
ListAllKeys returns a map of key IDs to role
func (*CryptoService) ListKeys ¶
func (cs *CryptoService) ListKeys(role string) []string
ListKeys returns a list of key IDs valid for the given role
func (*CryptoService) RemoveKey ¶
func (cs *CryptoService) RemoveKey(keyID string) (err error)
RemoveKey deletes a key by ID
Source Files