keyutil

package

v0.38.0 Latest Latest Go to latest Published: Nov 29, 2023 License: Apache-2.0 Imports: 18 Imported by: 37

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/smallstep/crypto

Links

Open Source Insights

Documentation ¶

Overview ¶

Package keyutil implements utilities to generate cryptographic keys.

Index ¶

Constants
Variables
func EncodedFingerprint(pub crypto.PublicKey, encoding FingerprintEncoding) (string, error)
func Equal(x, y any) bool
func ExtractKey(in interface{}) (interface{}, error)
func Fingerprint(pub crypto.PublicKey) (string, error)
func GenerateDefaultKey() (crypto.PrivateKey, error)
func GenerateDefaultKeyPair() (crypto.PublicKey, crypto.PrivateKey, error)
func GenerateDefaultSigner() (crypto.Signer, error)
func GenerateKey(kty, crv string, size int) (crypto.PrivateKey, error)
func GenerateKeyPair(kty, crv string, size int) (crypto.PublicKey, crypto.PrivateKey, error)
func GenerateSigner(kty, crv string, size int) (crypto.Signer, error)
func Insecure() (revert func())
func PublicKey(priv interface{}) (crypto.PublicKey, error)
func VerifyPair(pub crypto.PublicKey, priv crypto.PrivateKey) error
type FingerprintEncoding

Constants ¶

View Source

const (
	// DefaultFingerprint represents the base64 encoding of the fingerprint.
	DefaultFingerprint = FingerprintEncoding(0)
	// HexFingerprint represents the hex encoding of the fingerprint.
	HexFingerprint = fingerprint.HexFingerprint
	// Base64Fingerprint represents the base64 encoding of the fingerprint.
	Base64Fingerprint = fingerprint.Base64Fingerprint
	// Base64URLFingerprint represents the base64URL encoding of the fingerprint.
	Base64URLFingerprint = fingerprint.Base64URLFingerprint
	// Base64RawFingerprint represents the base64RawStd encoding of the fingerprint.
	Base64RawFingerprint = fingerprint.Base64RawFingerprint
	// Base64RawURLFingerprint represents the base64RawURL encoding of the fingerprint.
	Base64RawURLFingerprint = fingerprint.Base64RawURLFingerprint
	// EmojiFingerprint represents the emoji encoding of the fingerprint.
	EmojiFingerprint = fingerprint.EmojiFingerprint
)

Supported fingerprint encodings.

Variables ¶

View Source

var (
	// DefaultKeyType is the default type of a private key.
	DefaultKeyType = "EC"
	// DefaultKeySize is the default size (in # of bits) of a private key.
	DefaultKeySize = 2048
	// DefaultKeyCurve is the default curve of a private key.
	DefaultKeyCurve = "P-256"
	// DefaultSignatureAlgorithm is the default signature algorithm used on a
	// certificate with the default key type.
	DefaultSignatureAlgorithm = x509.ECDSAWithSHA256
	// MinRSAKeyBytes is the minimum acceptable size (in bytes) for RSA keys
	// signed by the authority.
	MinRSAKeyBytes = 256
)

Functions ¶

func EncodedFingerprint ¶ added in v0.25.0

func EncodedFingerprint(pub crypto.PublicKey, encoding FingerprintEncoding) (string, error)

EncodedFingerprint returns the SHA-256 hash of the certificate using the specified encoding.

The fingerprint is calculated from the encoding of the key according to RFC 5280 section 4.2.1.2, but using SHA-256 instead of SHA-1.

func Equal ¶ added in v0.26.0

func Equal(x, y any) bool

Equal reports if x and y are the same key.

func ExtractKey ¶

func ExtractKey(in interface{}) (interface{}, error)

ExtractKey returns the given public or private key or extracts the public key if a x509.Certificate or x509.CertificateRequest is given.

func Fingerprint ¶ added in v0.25.0

func Fingerprint(pub crypto.PublicKey) (string, error)

Fingerprint returns the SHA-256 fingerprint of an public key.

The fingerprint is calculated from the encoding of the key according to RFC 5280 section 4.2.1.2, but using SHA-256 instead of SHA-1.

func GenerateDefaultKey ¶

func GenerateDefaultKey() (crypto.PrivateKey, error)

GenerateDefaultKey generates a public/private key pair using sane defaults for key type, curve, and size.

func GenerateDefaultKeyPair ¶

func GenerateDefaultKeyPair() (crypto.PublicKey, crypto.PrivateKey, error)

GenerateDefaultKeyPair generates a public/private key pair using configured default values for key type, curve, and size.

func GenerateDefaultSigner ¶ added in v0.8.0

func GenerateDefaultSigner() (crypto.Signer, error)

GenerateDefaultSigner returns an asymmetric crypto key that implements crypto.Signer using sane defaults.

func GenerateKey ¶

func GenerateKey(kty, crv string, size int) (crypto.PrivateKey, error)

GenerateKey generates a key of the given type (kty).

func GenerateKeyPair ¶

func GenerateKeyPair(kty, crv string, size int) (crypto.PublicKey, crypto.PrivateKey, error)

GenerateKeyPair creates an asymmetric crypto keypair using input configuration.

func GenerateSigner ¶

func GenerateSigner(kty, crv string, size int) (crypto.Signer, error)

GenerateSigner creates an asymmetric crypto key that implements crypto.Signer.

func Insecure ¶ added in v0.18.0

func Insecure() (revert func())

Insecure enables the insecure mode in this package and returns a function to revert the configuration. The insecure mode removes the minimum limits when generating RSA keys.

func PublicKey ¶

func PublicKey(priv interface{}) (crypto.PublicKey, error)

PublicKey extracts a public key from a private key.

func VerifyPair ¶

func VerifyPair(pub crypto.PublicKey, priv crypto.PrivateKey) error

VerifyPair that the public key matches the given private key.

Types ¶

type FingerprintEncoding ¶ added in v0.25.0

type FingerprintEncoding = fingerprint.Encoding

FingerprintEncoding defines the supported encodings in certificate fingerprints.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL