crypto

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 2, 2021 License: MIT Imports: 23 Imported by: 0

Documentation

Overview

Package crypto contains functionality for dealing with X509 certificates and cryptography.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DecodePEMBlockFromFile

func DecodePEMBlockFromFile(file string, ctx context.Context) (*pem.Block, error)

DecodePEMBlockFromFile loads a file into memory and decodes any PEM data from it.

Logging for this function is performed using either the zerolog logger supplied in the context or the global zerlog logger.

func DecryptPEMBlock

func DecryptPEMBlock(b *pem.Block, password []byte, ctx context.Context) ([]byte, error)

DecryptPEMBlock takes a PEM block encrypted according to RFC 1423 and the password used to encrypt it and returns a slice of decrypted DER encoded bytes.

It inspects the DEK-Info header to determine the algorithm used for decryption. If no DEK-Info header is present, an error is returned. If an incorrect password is detected an IncorrectPasswordError is returned. Because of deficiencies in the format, it's not always possible to detect an incorrect password. In these cases no error will be returned but the decrypted DER bytes will be random noise.

Logging for this function is performed using either the zerolog logger supplied in the context or the global zerlog logger.

func DecryptString

func DecryptString(ciphertext, key string, ctx context.Context) (string, error)

DecryptString decrypts the given block of ciphertext that was encrypted using the EncryptString() function.

If the string was encrypted using a random key generated by EncryptString(), leave the key empty.

Logging for this function is performed using either the zerolog logger supplied in the context or the global zerlog logger.

func EncryptPEMBlock

func EncryptPEMBlock(rand io.Reader, blockType string, data, password []byte, alg PEMCipher, ctx context.Context) (
	*pem.Block, error)

EncryptPEMBlock returns a PEM block of the specified type holding the given DER encoded data encrypted with the specified algorithm and password according to RFC 1423.

Logging for this function is performed using either the zerolog logger supplied in the context or the global zerlog logger.

func EncryptString

func EncryptString(plaintext, key string, ctx context.Context) (string, error)

EncryptString encrypts the given string using the given key.

If the key is empty, a random key is generated and stored with the ciphertext.

Logging for this function is performed using either the zerolog logger supplied in the context or the global zerlog logger.

func GeneratePassword

func GeneratePassword(passwordLength, minSpecialChar, minNum, minUpperCase int) string

GeneratePassword generates a random password with the given characteristics.

func IsEncryptedPEMBlock

func IsEncryptedPEMBlock(b *pem.Block) bool

IsEncryptedPEMBlock returns whether the PEM block is password encrypted according to RFC 1423.

func NewSelfSignedCertificateKeyPair

func NewSelfSignedCertificateKeyPair(template *x509.Certificate, keyBits int, ctx context.Context) (
	[]byte, []byte, error)

NewSelfSignedCertificateKeyPair creates a new self-signed certificate using the given template and returns the public certificate and private key, respectively, on success.

Logging for this function is performed using either the zerolog logger supplied in the context or the global zerlog logger.

func ParsePEMCertificateBytes

func ParsePEMCertificateBytes(contents []byte, ctx context.Context) ([]*x509.Certificate, error)

ParsePEMCertificateBytes takes a PEM-formatted byte string and converts it into one or more X509 certificates.

Logging for this function is performed using either the zerolog logger supplied in the context or the global zerlog logger.

func ParsePEMCertificateFile

func ParsePEMCertificateFile(file string, ctx context.Context) ([]*x509.Certificate, error)

ParsePEMCertificateFile takes a PEM-formatted file and converts it into one or more X509 certificates.

Logging for this function is performed using either the zerolog logger supplied in the context or the global zerlog logger.

func ParsePEMPrivateKeyBytes

func ParsePEMPrivateKeyBytes(contents []byte, password []byte, ctx context.Context) (*rsa.PrivateKey, error)

ParsePEMPrivateKeyBytes takes a PEM-formatted byte string and converts it into an RSA private key.

If the private key is encrypted, be sure to include a password or else this function will return an error. If no password is required, you can safely pass nil for the password.

Logging for this function is performed using either the zerolog logger supplied in the context or the global zerlog logger.

func ParsePEMPrivateKeyFile

func ParsePEMPrivateKeyFile(file string, password []byte, ctx context.Context) (*rsa.PrivateKey, error)

ParsePEMPrivateKeyFile takes a PEM-formatted file and converts it into an RSA private key.

If the private key is encrypted, be sure to include a password or else this function will return an error. If no password is required, you can safely pass nil for the password.

Logging for this function is performed using either the zerolog logger supplied in the context or the global zerlog logger.

func ParsePublicKeyFromCertificate

func ParsePublicKeyFromCertificate(cert *x509.Certificate, ctx context.Context) (*rsa.PublicKey, error)

ParsePublicKeyFromCertificate parses the RSA public key portion from an X509 certificate.

Logging for this function is performed using either the zerolog logger supplied in the context or the global zerlog logger.

func Sign

func Sign(contents []byte, privateKey *rsa.PrivateKey, ctx context.Context) ([]byte, error)

Sign takes the content and generates a signature using a private key certificate.

Use the DecodePEMData() function to convert a PEM-formatted certificate into a PEM block. If the private key is encrypted, use the DecryptPEMBlock() function to decrypt it first.

Use the Verify() function to verify the signature produced for the content.

Logging for this function is performed using either the zerolog logger supplied in the context or the global zerlog logger.

func ValidateCertificate

func ValidateCertificate(cert *x509.Certificate, roots *CertificatePool, intermediates *CertificatePool,
	keyUsages []x509.ExtKeyUsage, cn string, ctx context.Context) error

ValidateCertificate verifies the given certificate is completely trusted.

If the certificate was signed with a key that is not trusted by the default system certificate pool, be sure to specify a root CA certificate pool and, if necessary, an intermediate pool containing the certificates required to verify the chain.

If you wish to match against specific X509 extended key usages such as verifying the signing key has the Code Signing key usage, pass those fields in the keyUsages parameter.

If you wish to verify the common name (CN) field of the public key passed in, specify a non-empty string for the cn parameter. This match is case-sensitive.

Logging for this function is performed using either the zerolog logger supplied in the context or the global zerlog logger.

func Verify

func Verify(contents, signature []byte, publicKey *rsa.PublicKey, ctx context.Context) error

Verify validates that the given contents have not been altered by checking them against the signature and public key provided.

Use the Sign() function to create the signature used by this function to ensure the same hashing algorithm is applied.

Logging for this function is performed using either the zerolog logger supplied in the context or the global zerlog logger.

Types

type CertificatePool

type CertificatePool struct {
	*x509.CertPool
}

CertificatePool stores X509 certificates.

func NewCertificatePool

func NewCertificatePool(emptyPool bool, ctx context.Context) (*CertificatePool, error)

NewCertificatePool creates a new CertificatePool object.

If empty is true, return an empty certificate pool instead of a pool containing a copy of all of the system's trusted root certificates.

Logging for this function is performed using either the zerolog logger supplied in the context or the global zerlog logger.

func (*CertificatePool) AddPEMCertificatesFromFile

func (p *CertificatePool) AddPEMCertificatesFromFile(file string, ctx context.Context) error

AddPEMCertificatesFromFile adds one or more PEM-formatted certificates from a file to the certificate pool.

Logging for this function is performed using either the zerolog logger supplied in the context or the global zerlog logger.

type PEMCipher

type PEMCipher int

PEMCipher is just an alias for int.

const (
	PEMCipherDES PEMCipher
	PEMCipher3DES
	PEMCipherAES128
	PEMCipherAES192
	PEMCipherAES256
)

Possible values for the EncryptPEMBlock encryption algorithm.

type PGPKeyPair

type PGPKeyPair struct {
	// contains filtered or unexported fields
}

PGPKeyPair represents a PGP key pair.

func NewPGPKeyPair

func NewPGPKeyPair(name, email, keyType string, bits int, ctx context.Context) (*PGPKeyPair, error)

NewPGPKeyPair returns a new PGP key pair.

Be sure to call ClearPrivateParams on the returned key to clear memory out when finished with the object.

Logging for this function is performed using either the zerolog logger supplied in the context or the global zerlog logger.

func NewPGPKeyPairFromArmor

func NewPGPKeyPairFromArmor(armoredKey, passphrase string, ctx context.Context) (*PGPKeyPair, error)

NewPGPKeyPairFromArmor returns a new PGP key pair from the given armored private key.

Be sure to call ClearPrivateParams on the returned key to clear memory out when finished with the object.

Logging for this function is performed using either the zerolog logger supplied in the context or the global zerlog logger.

func (*PGPKeyPair) ClearPrivateParams

func (kp *PGPKeyPair) ClearPrivateParams()

ClearPrivateParams clears out memory attached to the private key.

func (*PGPKeyPair) GetArmoredPrivateKey

func (kp *PGPKeyPair) GetArmoredPrivateKey(ctx context.Context) (string, error)

ArmoredPrivateKey returns the private key wrapped in PGP armor.

Logging for this function is performed using either the zerolog logger supplied in the context or the global zerlog logger.

func (*PGPKeyPair) GetArmoredPublicKey

func (kp *PGPKeyPair) GetArmoredPublicKey(ctx context.Context) (string, error)

ArmoredPublicKey returns the public key wrapped in PGP armor.

Logging for this function is performed using either the zerolog logger supplied in the context or the global zerlog logger.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL