cryptoservice

package
v0.0.0-...-af40d72 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 8, 2016 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// ErrNoValidPrivateKey is returned if a key being imported doesn't
	// look like a private key
	ErrNoValidPrivateKey = errors.New("no valid private key found")

	// ErrRootKeyNotEncrypted is returned if a root key being imported is
	// unencrypted
	ErrRootKeyNotEncrypted = errors.New("only encrypted root keys may be imported")

	// ErrNoKeysFoundForGUN is returned if no keys are found for the
	// specified GUN during export
	ErrNoKeysFoundForGUN = errors.New("no keys found for specified GUN")
)

Functions

func GenerateCertificate

func GenerateCertificate(rootKey data.PrivateKey, gun string, startTime, endTime time.Time) (*x509.Certificate, error)

GenerateCertificate generates an X509 Certificate from a template, given a GUN and validity interval

func GenerateTestingCertificate

func GenerateTestingCertificate(signer crypto.Signer, gun string) (*x509.Certificate, error)

GenerateTestingCertificate generates a non-expired X509 Certificate from a template, given a GUN. Good enough for tests where expiration does not really matter; do not use if you care about the policy.

Types

type CryptoService

type CryptoService struct {
	// contains filtered or unexported fields
}

CryptoService implements Sign and Create, holding a specific GUN and keystore to operate on

func NewCryptoService

func NewCryptoService(gun string, keyStores ...trustmanager.KeyStore) *CryptoService

NewCryptoService returns an instance of CryptoService

func (*CryptoService) Create

func (cs *CryptoService) Create(role, algorithm string) (data.PublicKey, error)

Create is used to generate keys for targets, snapshots and timestamps

func (*CryptoService) ExportAllKeys

func (cs *CryptoService) ExportAllKeys(dest io.Writer, newPassphraseRetriever passphrase.Retriever) error

ExportAllKeys exports all keys to an io.Writer in zip format. newPassphraseRetriever will be used to obtain passphrases to use to encrypt the existing keys.

func (*CryptoService) ExportKeysByGUN

func (cs *CryptoService) ExportKeysByGUN(dest io.Writer, gun string, passphraseRetriever passphrase.Retriever) error

ExportKeysByGUN exports all keys associated with a specified GUN to an io.Writer in zip format. passphraseRetriever is used to select new passphrases to use to encrypt the keys.

func (*CryptoService) ExportRootKey

func (cs *CryptoService) ExportRootKey(dest io.Writer, keyID string) error

ExportRootKey exports the specified root key to an io.Writer in PEM format. The key's existing encryption is preserved.

func (*CryptoService) ExportRootKeyReencrypt

func (cs *CryptoService) ExportRootKeyReencrypt(dest io.Writer, keyID string, newPassphraseRetriever passphrase.Retriever) error

ExportRootKeyReencrypt exports the specified root key to an io.Writer in PEM format. The key is reencrypted with a new passphrase.

func (*CryptoService) GetKey

func (cs *CryptoService) GetKey(keyID string) data.PublicKey

GetKey returns a key by ID

func (*CryptoService) GetPrivateKey

func (cs *CryptoService) GetPrivateKey(keyID string) (k data.PrivateKey, role string, err error)

GetPrivateKey returns a private key by ID. It tries to get the key first without a GUN (in which case it's a root key). If that fails, try to get the key with the GUN (non-root key). If that fails, then we don't have the key.

func (*CryptoService) ImportKeysZip

func (cs *CryptoService) ImportKeysZip(zipReader zip.Reader) error

ImportKeysZip imports keys from a zip file provided as an zip.Reader. The keys in the root_keys directory are left encrypted, but the other keys are decrypted with the specified passphrase.

func (*CryptoService) ImportRootKey

func (cs *CryptoService) ImportRootKey(source io.Reader) error

ImportRootKey imports a root in PEM format key from an io.Reader It prompts for the key's passphrase to verify the data and to determine the key ID.

func (*CryptoService) ListAllKeys

func (cs *CryptoService) ListAllKeys() map[string]string

ListAllKeys returns a map of key IDs to role

func (*CryptoService) ListKeys

func (cs *CryptoService) ListKeys(role string) []string

ListKeys returns a list of key IDs valid for the given role

func (*CryptoService) RemoveKey

func (cs *CryptoService) RemoveKey(keyID string) (err error)

RemoveKey deletes a key by ID

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL