Documentation ¶
Index ¶
- Variables
- func BuildPKISerial(timestamp int64) *big.Int
- func ComputeAWSKeyFingerprint(publicKey string) (string, error)
- func ComputeOpenSSHKeyFingerprint(publicKey string) (string, error)
- type Certificate
- func (c *Certificate) AsBytes() ([]byte, error)
- func (c *Certificate) AsString() (string, error)
- func (c *Certificate) MarshalJSON() ([]byte, error)
- func (c *Certificate) UnmarshalJSON(b []byte) error
- func (c *Certificate) WriteTo(w io.Writer) (int64, error)
- func (c *Certificate) WriteToFile(filename string, perm os.FileMode) error
- type PrivateKey
- func (k *PrivateKey) AsBytes() ([]byte, error)
- func (k *PrivateKey) AsString() (string, error)
- func (k *PrivateKey) MarshalJSON() ([]byte, error)
- func (k *PrivateKey) UnmarshalJSON(b []byte) (err error)
- func (k *PrivateKey) WriteTo(w io.Writer) (int64, error)
- func (k *PrivateKey) WriteToFile(filename string, perm os.FileMode) error
Constants ¶
This section is empty.
Variables ¶
var DefaultPrivateKeySize = 2048
DefaultPrivateKeySize is the key size to use when generating private keys It can be overridden by the KOPS_RSA_PRIVATE_KEY_SIZE env var, or by tests (as generating RSA keys can be a bottleneck for testing)
Functions ¶
func BuildPKISerial ¶
BuildPKISerial produces a serial number for certs that is vanishingly unlikely to collide The timestamp should be provided as an input (time.Now().UnixNano()), and then we combine that with a 32 bit random crypto-rand integer. We also know that a bigger value was created later (modulo clock skew)
func ComputeAWSKeyFingerprint ¶
ComputeAWSKeyFingerprint computes the AWS-specific fingerprint of the SSH public key
func ComputeOpenSSHKeyFingerprint ¶
ComputeOpenSSHKeyFingerprint computes the OpenSSH fingerprint of the SSH public key
Types ¶
type Certificate ¶
type Certificate struct { Subject pkix.Name IsCA bool Certificate *x509.Certificate PublicKey crypto.PublicKey }
func ParsePEMCertificate ¶
func ParsePEMCertificate(pemData []byte) (*Certificate, error)
func SignNewCertificate ¶
func SignNewCertificate(privateKey *PrivateKey, template *x509.Certificate, signer *x509.Certificate, signerPrivateKey *PrivateKey) (*Certificate, error)
func (*Certificate) AsBytes ¶
func (c *Certificate) AsBytes() ([]byte, error)
func (*Certificate) AsString ¶
func (c *Certificate) AsString() (string, error)
func (*Certificate) MarshalJSON ¶
func (c *Certificate) MarshalJSON() ([]byte, error)
func (*Certificate) UnmarshalJSON ¶
func (c *Certificate) UnmarshalJSON(b []byte) error
func (*Certificate) WriteToFile ¶ added in v1.18.0
func (c *Certificate) WriteToFile(filename string, perm os.FileMode) error
type PrivateKey ¶
type PrivateKey struct {
Key crypto.PrivateKey
}
func GeneratePrivateKey ¶
func GeneratePrivateKey() (*PrivateKey, error)
func ParsePEMPrivateKey ¶
func ParsePEMPrivateKey(data []byte) (*PrivateKey, error)
func (*PrivateKey) AsBytes ¶
func (k *PrivateKey) AsBytes() ([]byte, error)
func (*PrivateKey) AsString ¶
func (k *PrivateKey) AsString() (string, error)
func (*PrivateKey) MarshalJSON ¶
func (k *PrivateKey) MarshalJSON() ([]byte, error)
func (*PrivateKey) UnmarshalJSON ¶
func (k *PrivateKey) UnmarshalJSON(b []byte) (err error)
func (*PrivateKey) WriteToFile ¶ added in v1.18.0
func (k *PrivateKey) WriteToFile(filename string, perm os.FileMode) error