Documentation ¶
Index ¶
- Constants
- Variables
- func Parent(name string) (string, string)
- type CloudKMS
- func (k *CloudKMS) Close() error
- func (k *CloudKMS) CreateKey(req *apiv1.CreateKeyRequest) (*apiv1.CreateKeyResponse, error)
- func (k *CloudKMS) CreateSigner(req *apiv1.CreateSignerRequest) (crypto.Signer, error)
- func (k *CloudKMS) GetPublicKey(req *apiv1.GetPublicKeyRequest) (crypto.PublicKey, error)
- type KeyManagementClient
- type Signer
Constants ¶
const Scheme = "cloudkms"
Scheme is the scheme used in uris.
Variables ¶
var ErrTooManyRetries = errors.New("too many retries")
ErrTooManyRetries is the type of error when a method attempts too many retries.
Functions ¶
Types ¶
type CloudKMS ¶
type CloudKMS struct {
// contains filtered or unexported fields
}
CloudKMS implements a KMS using Google's Cloud apiv1.
func NewCloudKMS ¶
func NewCloudKMS(client KeyManagementClient) *CloudKMS
NewCloudKMS creates a CloudKMS with a given client.
func (*CloudKMS) CreateKey ¶
func (k *CloudKMS) CreateKey(req *apiv1.CreateKeyRequest) (*apiv1.CreateKeyResponse, error)
CreateKey creates in Google's Cloud KMS a new asymmetric key for signing.
func (*CloudKMS) CreateSigner ¶
CreateSigner returns a new cloudkms signer configured with the given signing key name.
func (*CloudKMS) GetPublicKey ¶
GetPublicKey gets from Google's Cloud KMS a public key by name. Key names follow the pattern:
projects/([^/]+)/locations/([a-zA-Z0-9_-]{1,63})/keyRings/([a-zA-Z0-9_-]{1,63})/cryptoKeys/([a-zA-Z0-9_-]{1,63})/cryptoKeyVersions/([a-zA-Z0-9_-]{1,63})
type KeyManagementClient ¶
type KeyManagementClient interface { Close() error GetPublicKey(context.Context, *kmspb.GetPublicKeyRequest, ...gax.CallOption) (*kmspb.PublicKey, error) AsymmetricSign(context.Context, *kmspb.AsymmetricSignRequest, ...gax.CallOption) (*kmspb.AsymmetricSignResponse, error) CreateCryptoKey(context.Context, *kmspb.CreateCryptoKeyRequest, ...gax.CallOption) (*kmspb.CryptoKey, error) GetKeyRing(context.Context, *kmspb.GetKeyRingRequest, ...gax.CallOption) (*kmspb.KeyRing, error) CreateKeyRing(context.Context, *kmspb.CreateKeyRingRequest, ...gax.CallOption) (*kmspb.KeyRing, error) CreateCryptoKeyVersion(ctx context.Context, req *kmspb.CreateCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error) }
KeyManagementClient defines the methods on KeyManagementClient that this package will use. This interface will be used for unit testing.
type Signer ¶
type Signer struct {
// contains filtered or unexported fields
}
Signer implements a crypto.Signer using Google's Cloud KMS.
func NewSigner ¶
func NewSigner(c KeyManagementClient, signingKey string) (*Signer, error)
NewSigner creates a new crypto.Signer the given CloudKMS signing key.
func (*Signer) SignatureAlgorithm ¶
func (s *Signer) SignatureAlgorithm() x509.SignatureAlgorithm
SignatureAlgorithm returns the algorithm that must be specified in a certificate to sign. This is specially important to distinguish RSA and RSAPSS schemas.