Documentation
¶
Overview ¶
Package crypto contains functionality for dealing with X509 certificates and cryptography.
Index ¶
- func DecodePEMBlockFromFile(file string, ctx context.Context) (*pem.Block, error)
- func DecryptPEMBlock(b *pem.Block, password []byte, ctx context.Context) ([]byte, error)
- func DecryptString(ciphertext, key string, ctx context.Context) (string, error)
- func EncryptPEMBlock(rand io.Reader, blockType string, data, password []byte, alg PEMCipher, ...) (*pem.Block, error)
- func EncryptString(plaintext, key string, ctx context.Context) (string, error)
- func GeneratePassword(passwordLength, minSpecialChar, minNum, minUpperCase int) string
- func IsEncryptedPEMBlock(b *pem.Block) bool
- func NewSelfSignedCertificateKeyPair(template *x509.Certificate, keyBits int, ctx context.Context) ([]byte, []byte, error)
- func ParsePEMCertificateBytes(contents []byte, ctx context.Context) ([]*x509.Certificate, error)
- func ParsePEMCertificateFile(file string, ctx context.Context) ([]*x509.Certificate, error)
- func ParsePEMPrivateKeyBytes(contents []byte, password []byte, ctx context.Context) (*rsa.PrivateKey, error)
- func ParsePEMPrivateKeyFile(file string, password []byte, ctx context.Context) (*rsa.PrivateKey, error)
- func ParsePublicKeyFromCertificate(cert *x509.Certificate, ctx context.Context) (*rsa.PublicKey, error)
- func Sign(contents []byte, privateKey *rsa.PrivateKey, ctx context.Context) ([]byte, error)
- func ValidateCertificate(cert *x509.Certificate, roots *CertificatePool, intermediates *CertificatePool, ...) error
- func Verify(contents, signature []byte, publicKey *rsa.PublicKey, ctx context.Context) error
- type CertificatePool
- type PEMCipher
- type PGPKeyPair
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DecodePEMBlockFromFile ¶
DecodePEMBlockFromFile loads a file into memory and decodes any PEM data from it.
Logging for this function is performed using either the zerolog logger supplied in the context or the global zerlog logger.
func DecryptPEMBlock ¶
DecryptPEMBlock takes a PEM block encrypted according to RFC 1423 and the password used to encrypt it and returns a slice of decrypted DER encoded bytes.
It inspects the DEK-Info header to determine the algorithm used for decryption. If no DEK-Info header is present, an error is returned. If an incorrect password is detected an IncorrectPasswordError is returned. Because of deficiencies in the format, it's not always possible to detect an incorrect password. In these cases no error will be returned but the decrypted DER bytes will be random noise.
Logging for this function is performed using either the zerolog logger supplied in the context or the global zerlog logger.
func DecryptString ¶
DecryptString decrypts the given block of ciphertext that was encrypted using the EncryptString() function.
If the string was encrypted using a random key generated by EncryptString(), leave the key empty.
Logging for this function is performed using either the zerolog logger supplied in the context or the global zerlog logger.
func EncryptPEMBlock ¶
func EncryptPEMBlock(rand io.Reader, blockType string, data, password []byte, alg PEMCipher, ctx context.Context) ( *pem.Block, error)
EncryptPEMBlock returns a PEM block of the specified type holding the given DER encoded data encrypted with the specified algorithm and password according to RFC 1423.
Logging for this function is performed using either the zerolog logger supplied in the context or the global zerlog logger.
func EncryptString ¶
EncryptString encrypts the given string using the given key.
If the key is empty, a random key is generated and stored with the ciphertext.
Logging for this function is performed using either the zerolog logger supplied in the context or the global zerlog logger.
func GeneratePassword ¶
GeneratePassword generates a random password with the given characteristics.
func IsEncryptedPEMBlock ¶
IsEncryptedPEMBlock returns whether the PEM block is password encrypted according to RFC 1423.
func NewSelfSignedCertificateKeyPair ¶
func NewSelfSignedCertificateKeyPair(template *x509.Certificate, keyBits int, ctx context.Context) ( []byte, []byte, error)
NewSelfSignedCertificateKeyPair creates a new self-signed certificate using the given template and returns the public certificate and private key, respectively, on success.
Logging for this function is performed using either the zerolog logger supplied in the context or the global zerlog logger.
func ParsePEMCertificateBytes ¶
ParsePEMCertificateBytes takes a PEM-formatted byte string and converts it into one or more X509 certificates.
Logging for this function is performed using either the zerolog logger supplied in the context or the global zerlog logger.
func ParsePEMCertificateFile ¶
ParsePEMCertificateFile takes a PEM-formatted file and converts it into one or more X509 certificates.
Logging for this function is performed using either the zerolog logger supplied in the context or the global zerlog logger.
func ParsePEMPrivateKeyBytes ¶
func ParsePEMPrivateKeyBytes(contents []byte, password []byte, ctx context.Context) (*rsa.PrivateKey, error)
ParsePEMPrivateKeyBytes takes a PEM-formatted byte string and converts it into an RSA private key.
If the private key is encrypted, be sure to include a password or else this function will return an error. If no password is required, you can safely pass nil for the password.
Logging for this function is performed using either the zerolog logger supplied in the context or the global zerlog logger.
func ParsePEMPrivateKeyFile ¶
func ParsePEMPrivateKeyFile(file string, password []byte, ctx context.Context) (*rsa.PrivateKey, error)
ParsePEMPrivateKeyFile takes a PEM-formatted file and converts it into an RSA private key.
If the private key is encrypted, be sure to include a password or else this function will return an error. If no password is required, you can safely pass nil for the password.
Logging for this function is performed using either the zerolog logger supplied in the context or the global zerlog logger.
func ParsePublicKeyFromCertificate ¶
func ParsePublicKeyFromCertificate(cert *x509.Certificate, ctx context.Context) (*rsa.PublicKey, error)
ParsePublicKeyFromCertificate parses the RSA public key portion from an X509 certificate.
Logging for this function is performed using either the zerolog logger supplied in the context or the global zerlog logger.
func Sign ¶
Sign takes the content and generates a signature using a private key certificate.
Use the DecodePEMData() function to convert a PEM-formatted certificate into a PEM block. If the private key is encrypted, use the DecryptPEMBlock() function to decrypt it first.
Use the Verify() function to verify the signature produced for the content.
Logging for this function is performed using either the zerolog logger supplied in the context or the global zerlog logger.
func ValidateCertificate ¶
func ValidateCertificate(cert *x509.Certificate, roots *CertificatePool, intermediates *CertificatePool, keyUsages []x509.ExtKeyUsage, cn string, ctx context.Context) error
ValidateCertificate verifies the given certificate is completely trusted.
If the certificate was signed with a key that is not trusted by the default system certificate pool, be sure to specify a root CA certificate pool and, if necessary, an intermediate pool containing the certificates required to verify the chain.
If you wish to match against specific X509 extended key usages such as verifying the signing key has the Code Signing key usage, pass those fields in the keyUsages parameter.
If you wish to verify the common name (CN) field of the public key passed in, specify a non-empty string for the cn parameter. This match is case-sensitive.
Logging for this function is performed using either the zerolog logger supplied in the context or the global zerlog logger.
func Verify ¶
Verify validates that the given contents have not been altered by checking them against the signature and public key provided.
Use the Sign() function to create the signature used by this function to ensure the same hashing algorithm is applied.
Logging for this function is performed using either the zerolog logger supplied in the context or the global zerlog logger.
Types ¶
type CertificatePool ¶
CertificatePool stores X509 certificates.
func NewCertificatePool ¶
func NewCertificatePool(emptyPool bool, ctx context.Context) (*CertificatePool, error)
NewCertificatePool creates a new CertificatePool object.
If empty is true, return an empty certificate pool instead of a pool containing a copy of all of the system's trusted root certificates.
Logging for this function is performed using either the zerolog logger supplied in the context or the global zerlog logger.
func (*CertificatePool) AddPEMCertificatesFromFile ¶
func (p *CertificatePool) AddPEMCertificatesFromFile(file string, ctx context.Context) error
AddPEMCertificatesFromFile adds one or more PEM-formatted certificates from a file to the certificate pool.
Logging for this function is performed using either the zerolog logger supplied in the context or the global zerlog logger.
type PEMCipher ¶
type PEMCipher int
PEMCipher is just an alias for int.
const ( PEMCipherDES PEMCipher PEMCipher3DES PEMCipherAES128 PEMCipherAES192 PEMCipherAES256 )
Possible values for the EncryptPEMBlock encryption algorithm.
type PGPKeyPair ¶
type PGPKeyPair struct {
// contains filtered or unexported fields
}
PGPKeyPair represents a PGP key pair.
func NewPGPKeyPair ¶
NewPGPKeyPair returns a new PGP key pair.
Be sure to call ClearPrivateParams on the returned key to clear memory out when finished with the object.
Logging for this function is performed using either the zerolog logger supplied in the context or the global zerlog logger.
func NewPGPKeyPairFromArmor ¶
func NewPGPKeyPairFromArmor(armoredKey, passphrase string, ctx context.Context) (*PGPKeyPair, error)
NewPGPKeyPairFromArmor returns a new PGP key pair from the given armored private key.
Be sure to call ClearPrivateParams on the returned key to clear memory out when finished with the object.
Logging for this function is performed using either the zerolog logger supplied in the context or the global zerlog logger.
func (*PGPKeyPair) ClearPrivateParams ¶
func (kp *PGPKeyPair) ClearPrivateParams()
ClearPrivateParams clears out memory attached to the private key.
func (*PGPKeyPair) GetArmoredPrivateKey ¶
func (kp *PGPKeyPair) GetArmoredPrivateKey(ctx context.Context) (string, error)
ArmoredPrivateKey returns the private key wrapped in PGP armor.
Logging for this function is performed using either the zerolog logger supplied in the context or the global zerlog logger.
func (*PGPKeyPair) GetArmoredPublicKey ¶
func (kp *PGPKeyPair) GetArmoredPublicKey(ctx context.Context) (string, error)
ArmoredPublicKey returns the public key wrapped in PGP armor.
Logging for this function is performed using either the zerolog logger supplied in the context or the global zerlog logger.