keystore

package
v0.0.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 2, 2022 License: MIT Imports: 18 Imported by: 0

Documentation

Overview

keystore is a package which provides the necessary structs and functions to store and manage key pairs. It is used by the NKS to store, manage, sign, and verify keys.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func SaveCert 

func SaveCert(certPath string, cert *x509.Certificate) error

SaveCert saves the given certificate to the given path. It will return any error encountered while creating the file, or encoding the certificate to PEM.

func SaveECDSA 

func SaveECDSA(certPath string, keyPath string, cert *x509.Certificate, priv *ecdsa.PrivateKey) error

SaveECDSA saves an ECDSA certificate and private key to the given paths. It will return any error encountered while creating the file, or encoding either the certificate or key to their respective formats.

func SaveECDSAPrivateKey 

func SaveECDSAPrivateKey(keyPath string, priv *ecdsa.PrivateKey) error

SaveECDSAPrivateKey saves the given *ecdsa.PrivateKey to the given path. It will return any error encountered while creating the file, or encoding the key to whatever PEM-encoded format Golang uses for the x509.MarshalECPrivateKey function.

func SaveEd25519 

func SaveEd25519(certPath string, keyPath string, cert *x509.Certificate, priv *ed25519.PrivateKey) error

SaveEd25519 saves an Ed25519 certificate and private key to the given paths. It will return any error encountered while creating the file, or encoding either the certificate or key to their respective formats.

func SaveEd25519PrivateKey 

func SaveEd25519PrivateKey(keyPath string, priv *ed25519.PrivateKey) error

SaveEd25519PrivateKey saves the given *ed25519.PrivateKey to the given path. It will return any error encountered while creating the file, or encoding the key to PEM format.

func SavePEM 

func SavePEM(path string, block *pem.Block) error

SavePEM saves a PEM block to a file. It returns any error encountered while creating the file, or encoding the PEM data.

func SavePEMBytes 

func SavePEMBytes(path string, pemType string, data []byte) error

SavePEMBytes saves the given PEM-encoded byte slice to the given path, with the given header. It will return any error encountered while creating the file, or encoding the PEM data.

func SaveRSA 

func SaveRSA(certPath string, keyPath string, cert *x509.Certificate, priv *rsa.PrivateKey) error

SaveRSA saves an RSA certificate and private key to the given paths. It will return any error encountered while creating the file, or encoding either the certificate or key to their respective formats.

func SaveRSAPrivateKey 

func SaveRSAPrivateKey(keyPath string, priv *rsa.PrivateKey) error

SaveRSAPrivateKey saves the given *rsa.PrivateKey to the given path. It will return any error encountered while creating the file, or encoding the key to PEM-encoded PKCS1 format.

Types

type HashFuncNotSupporedError 

type HashFuncNotSupporedError struct {
	// contains filtered or unexported fields
}

HashFuncNotSupportedError is an error which is returned if a hash function is not supported by the keystore package.

func (*HashFuncNotSupporedError) Error 

func (e *HashFuncNotSupporedError) Error() string

Error returns the error message for the HashFuncNotSupporedError.

type Key 

type Key struct {
	// contains filtered or unexported fields
}

Key is the type which contains all the information about a key. It contains the certificate, algorithm, the public key, and the private key.

func NewDummyKey 

func NewDummyKey(domains []string) (*Key, error)

NewDummyKey creates a new *Key from a dummy self-signed certificate and private key for the given domains. The domains are specified as SAN entries in the certificate.

func NewDummyKeyECDSA 

func NewDummyKeyECDSA(domains []string) (*Key, error)

NewDummyKeyECDSA creates a new *Key from a dummy self-signed certificate and ECDSA private key for the given domains. The domains are specified as SAN entries in the certificate.

func NewDummyKeyEd25519 

func NewDummyKeyEd25519(domains []string) (*Key, error)

NewDummyKeyEd25519 creates a new *Key from a dummy self-signed certificate and Ed25519 private key for the given domains. The domains are specified as SAN entries in the certificate.

func NewDummyKeyRSA 

func NewDummyKeyRSA(domains []string) (*Key, error)

NewDummyKeyRSA creates a new *Key from a dummy self-signed certificate and RSA private key for the given domains. The domains are specified as SAN entries in the certificate.

func NewKeyFromBytes 

func NewKeyFromBytes(cert []byte, priv []byte) (*Key, error)

NewKeyFromBytes creates a new *Key from a given pair of PEM-encoded byte slices. It returns any error encountered during processing, along with the *Key.

func NewKeyFromECDSA 

func NewKeyFromECDSA(cert *x509.Certificate, priv *ecdsa.PrivateKey) *Key

NewKeyFromECDSA creates a new *Key from a given *x509.Certificate and *ecdsa.PrivateKey

func NewKeyFromECDSABytes 

func NewKeyFromECDSABytes(cert []byte, priv []byte) (*Key, error)

NewKeyFromPKCS8File creates a new *Key a given certificate and private key, in whatever format Golang uses for the x509.ParseECPrivateKey function.

func NewKeyFromEd25519 

func NewKeyFromEd25519(cert *x509.Certificate, priv *ed25519.PrivateKey) *Key

NewKeyFromEd25519 creates a new *Key from a given *x509.Certificate and *ed25519.PrivateKey

func NewKeyFromEd25519Bytes 

func NewKeyFromEd25519Bytes(cert []byte, priv []byte) (*Key, error)

NewKeyFromRSAFile creates a new *Key a given certificate and private key, in whatever format Golang uses for the ed25519.PrivateKey function. Though, it doesn't seem to actually have a "format", so to speak, it just stores bytes and then performs operations directly on those bytes.

func NewKeyFromFile 

func NewKeyFromFile(certFile string, privFile string) (*Key, error)

NewKeyFromFile creates a new *Key from a given pair of PEM-encoded files. It returns any error encountered during processing, along with the *Key.

func NewKeyFromPKCS8Bytes 

func NewKeyFromPKCS8Bytes(cert []byte, priv []byte) (*Key, error)

NewKeyFromPKCS8Bytes creates a new *Key a given certificate and private key, in PKCS8 format

func NewKeyFromPem 

func NewKeyFromPem(cert *pem.Block, priv *pem.Block) (*Key, error)

NewKeyFromPem creates a new *Key from a given pair of PEM blocks. It returns any error encountered during processing, along with the *Key.

func NewKeyFromRSA 

func NewKeyFromRSA(cert *x509.Certificate, priv *rsa.PrivateKey) *Key

NewKeyFromRSA creates a new *Key from a given *x509.Certificate and *rsa.PrivateKey

func NewKeyFromRSABytes 

func NewKeyFromRSABytes(cert []byte, priv []byte) (*Key, error)

NewKeyFromRSABytes creates a new *Key a given certificate and private key, in PKCS1 format

func NewKeyFromReader 

func NewKeyFromReader(cert io.Reader, priv io.Reader) (*Key, error)

NewKeyFromFile creates a new *Key from a given pair of PEM-encoded files, read through an io.Reader. It returns any error encountered during processing, along with the *Key.

func NewKeyFromTLSCertificate 

func NewKeyFromTLSCertificate(cert *tls.Certificate) *Key

NewKeyFromTLSCertificate creates a new *Key from a given *tls.Certificate

func (*Key) GetAlgorithm 

func (k *Key) GetAlgorithm() x509.PublicKeyAlgorithm

GetAlgorithm returns the x509.PublicKeyAlgorithm of the private key stored in this struct.

func (*Key) GetCertificate 

func (k *Key) GetCertificate() *x509.Certificate

GetCertificate returns the *x509.Certificate associated with the key.

func (*Key) GetPrivateKey 

func (k *Key) GetPrivateKey() crypto.PrivateKey

GetPrivateKey returns the raw crypto.PrivateKey that is stored by this struct.

func (*Key) GetPrivateKeyECDSA 

func (k *Key) GetPrivateKeyECDSA() *ecdsa.PrivateKey

GetPrivateKeyECDSA returns the raw *ecdsa.PrivateKey that is stored by this struct, if the algorithm used is ECDSA. Otherwise, it returns nil

func (*Key) GetPrivateKeyEd25519 

func (k *Key) GetPrivateKeyEd25519() *ed25519.PrivateKey

GetPrivateKeyEd25519 returns the raw *ed25519.PrivateKey that is stored by this struct, if the algorithm used is Ed25519. Otherwise, it returns nil

func (*Key) GetPrivateKeyRSA 

func (k *Key) GetPrivateKeyRSA() *rsa.PrivateKey

GetPrivateKeyRSA returns the raw *rsa.PrivateKey that is stored by this struct, if the algorithm used is RSA. Otherwise, it returns nil

func (*Key) GetPublicKey 

func (k *Key) GetPublicKey() crypto.PublicKey

GetPublicKey returns the raw crypto.PublicKey that is stored in this Key.

func (*Key) GetPublicKeyBytes 

func (k *Key) GetPublicKeyBytes() []byte

GetPublicKeyBytes gets the public key in bytes, marshelled according to the x509.MarshalPKIXPublicKey function.

func (*Key) GetPublicKeyECDSA 

func (k *Key) GetPublicKeyECDSA() *ecdsa.PublicKey

GetPublicKeyECDSA returns the raw *ecdsa.PublicKey that is stored in this Key, if the algorithm used is ECDSA. Otherwise, it returns nil

func (*Key) GetPublicKeyEd25519 

func (k *Key) GetPublicKeyEd25519() *ed25519.PublicKey

GetPublicKeyEd25519 returns the raw *ed25519.PublicKey that is stored in this Key, if the algorithm used is Ed25519. Otherwise, it returns nil

func (*Key) GetPublicKeyPEM 

func (k *Key) GetPublicKeyPEM() []byte

GetPublicKeyPEM gets the public key in PEM format.

func (*Key) GetPublicKeyRSA 

func (k *Key) GetPublicKeyRSA() *rsa.PublicKey

GetPublicKeyRSA returns the raw *rsa.PublicKey that is stored in this Key, if the algorithm used is RSA. Otherwise, it returns nil

func (*Key) GetTLSCertificate 

func (k *Key) GetTLSCertificate() *tls.Certificate

GetTLSCertificate returns the *tls.Certificate associated with the key.

func (*Key) SaveKey 

func (k *Key) SaveKey() error

SaveKey saves the Key to a randomly-generated path under the .keystore directory. It will return any error encountered while creating the file, or encoding the key's attributes to PEM format.

func (*Key) SaveKeyWithPath 

func (k *Key) SaveKeyWithPath(certPath string, keyPath string) error

SaveKeyWithPath saves the given key's certificate and private key to the given paths. It will return any errors encountered saving the two values.

func (*Key) SavePubKeyWithPath 

func (k *Key) SavePubKeyWithPath(path string) error

SavePubKeyWithPath saves the given key's public key to the given path. It will return any error encountered while saving the key.

func (*Key) Sign 

func (k *Key) Sign(hashFunc crypto.Hash, sigType netcommon.SigType, challenge []byte) ([]byte, error)

Sign is the function that computes a signature for a given challenge on the Key. Note that the challenge *must* be hashed before calling this function, as the hashFunc is only used to indicate the hash function parameter in the signature. It will return the signed data, or any error encountered.

func (*Key) Verify 

func (k *Key) Verify(hashFunc crypto.Hash, sigType netcommon.SigType, challenge []byte, signed []byte) error

Verify verifies that a provided signature is valid for a given challenge. Note that the challenge *must* be hashed before being provided. It will return any error encountered verifying the signature, or nil if the signature is valid.

type KeyAcceptor 

type KeyAcceptor func(k *x509.Certificate) bool

KeyAcceptor is a function which will return whether or not the given key should be loaded into the KeyStore based on its certificate. The private key is *not* loaded into memory unless this returns true.

type KeyNotFoundError 

type KeyNotFoundError struct {
	// contains filtered or unexported fields
}

KeyNotFoundError is an error which is returned when a key is not found in the KeyStore.

func (*KeyNotFoundError) Error 

func (e *KeyNotFoundError) Error() string

Error returns the error message for the KeyNotFoundError.

type KeyRetriever 

type KeyRetriever func(domain string) (*Key, error)

KeyRetriever returns a *Key for a given domain, or an error if there are any issues retrieving the key.

type KeyStore 

type KeyStore struct {
	// Name is the name of the KeyStore. It is only used for debugging, and is not necessary to be meaningful.
	Name string

	// KeyRetriever is a function which can be used to retrieve a key for a given domain from an external data source, which is not
	// implemented using the datastore.Datastore package.
	KeyRetriever         KeyRetriever
	VerifySentSignatures bool
	// contains filtered or unexported fields
}

KeyStore is a generic keystore which can store and manage keys. It is used by the NKS to store, manage, sign, and verify keys.

func NewKeyStore 

func NewKeyStore(name string) *KeyStore

NewKeyStore creates a new KeyStore instance with the given name. The name parameter is only used for debugging, so it can be any valid string. It returns a *KeyStore struct that can be used to store and retrieve Key structs.

func (*KeyStore) AddCert 

func (s *KeyStore) AddCert(cert *tls.Certificate)

AddCert adds a tls.Certificate to the KeyStore.

func (*KeyStore) AddKey 

func (s *KeyStore) AddKey(key *Key)

AddKey adds a Key to the KeyStore.

func (*KeyStore) DelCert 

func (s *KeyStore) DelCert(cert *x509.Certificate)

DelCert deletes any entries in the KeyStore that would support the given x509.Certificate

func (*KeyStore) GetCert 

func (s *KeyStore) GetCert(domain string) *tls.Certificate

GetCert returns the tls.Certificate for the given domain.

func (*KeyStore) GetKey 

func (s *KeyStore) GetKey(domain string) *Key

GetKey returns the Key for the given domain.

func (*KeyStore) ReadAllLocalKeys 

func (k *KeyStore) ReadAllLocalKeys(path string) error

ReadAllLocalKeys reads all keys from the given path, and adds them to the keystore.

func (*KeyStore) ReadLocalKeys 

func (k *KeyStore) ReadLocalKeys(path string, acceptor KeyAcceptor) error

ReadLocalKeys reads all keys from a given path, and adds them to the keystore if the acceptor function returns true.

func (*KeyStore) SaveLocalKeys 

func (k *KeyStore) SaveLocalKeys() error

SaveLocalKeys saves all keys in the keystore to their respective files. Note that this saves keys to disk, which might be a security risk, depending on your deployment style.

func (*KeyStore) Sign 

func (s *KeyStore) Sign(domain string, hashFunc crypto.Hash, sigType netcommon.SigType, challenge []byte) ([]byte, error)

Sign signs a challenge for a given domain, using the specified hash function and signature type. It will return the signature, or an error if the signing failed. Note that the data must be hashed *before* it is passed to this function. The hashFunc is simply to indicate the hashing algorithm used in the signature.

type NoPrivateKeyError 

type NoPrivateKeyError struct{}

NoPrivateKeyError is an error which is returned if if a private key is not loaded into the key store, and an operation was requested which requires it.

func (*NoPrivateKeyError) Error 

func (e *NoPrivateKeyError) Error() string

Error returns the error message for the NoPrivateKeyError.

type UnsupportedPairTypeError 

type UnsupportedPairTypeError struct {
	// contains filtered or unexported fields
}

UnsupportedPairTypeError is an error which is returned if a key pair specified is not supported by the keystore package.

func (*UnsupportedPairTypeError) Error 

func (e *UnsupportedPairTypeError) Error() string

Error returns the error message for the UnsupportedPairTypeError.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.