pkcrypto

package
v0.16.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 30, 2019 License: AGPL-3.0 Imports: 14 Imported by: 0

Documentation

Overview

Package pkcrypto contains a set of helper functions and constants to perform common cryptographic operations like:

* Signing and verification

* Public and private key generation

* Certification generation

Index

Constants

View Source
const (
	// BlockLabelEcPrivateKey is the value to define a block label of EC private key
	// (which is used here only for backwards compatibility). Use a general PKCS#8
	// encoding instead.
	BlockLabelEcPrivateKey = "EC PRIVATE KEY"
	// BlockLabelPrivateKey is the value to define a block label of general private key
	// (used for PKCS#8-encoded private keys of type RSA, ECDSA, and others).
	BlockLabelPrivateKey = "PRIVATE KEY"
	// BlockLabelPublicKey is the value to define a block label of general public key
	// (used for PKIX-encoded public keys of type RSA, ECDSA, and others).
	BlockLabelPublicKey = "PUBLIC KEY"
	// BlockLabelCertificate is the value to define a block label of certificates
	BlockLabelCertificate = "CERTIFICATE"
	// BlockLabelExtension is the value to define a block label of certificate extensions
	BlockLabelExtension = "EXTENSION"
)
View Source
const (
	// StorjPSSSaltLength holds the correct value for the PSS salt length
	// when signing with RSA in Storj code and verifying RSA signatures
	// from Storj.
	StorjPSSSaltLength = rsa.PSSSaltLengthAuto

	// StorjRSAKeyBits holds the number of bits to use for new RSA keys
	// by default.
	StorjRSAKeyBits = 2048
)

Variables

View Source
var (
	// ErrUnsupportedKey is used when key type is not supported.
	ErrUnsupportedKey = errs.Class("unsupported key type")
	// ErrParse is used when an error occurs while parsing a certificate or key.
	ErrParse = errs.Class("unable to parse")
	// ErrSign is used when something goes wrong while generating a signature.
	ErrSign = errs.Class("unable to generate signature")
	// ErrVerifySignature is used when a signature verification error occurs.
	ErrVerifySignature = errs.Class("signature verification error")
	// ErrChainLength is used when the length of a cert chain isn't what was expected
	ErrChainLength = errs.Class("cert chain length error")
)

Functions

func CertFromDER

func CertFromDER(certDER []byte) (*x509.Certificate, error)

CertFromDER parses an X.509 certificate from its DER encoding.

func CertFromPEM

func CertFromPEM(certPEM []byte) (*x509.Certificate, error)

CertFromPEM parses an X.509 certificate from its PEM-enveloped DER encoding.

func CertToDER

func CertToDER(cert *x509.Certificate) ([]byte, error)

CertToDER returns the bytes of the certificate, in a DER encoding.

Note that this is fairly useless, as x509.Certificate objects are always supposed to have a member containing the raw DER encoding. But this is included for completeness with the rest of this module's API.

func CertToPEM

func CertToPEM(cert *x509.Certificate) []byte

CertToPEM returns the bytes of the certificate, in a PEM-enveloped DER encoding.

func CertsFromDER

func CertsFromDER(rawCerts [][]byte) ([]*x509.Certificate, error)

CertsFromDER parses an x509 certificate from each of the given byte slices, which should be encoded in DER.

func CertsFromPEM

func CertsFromPEM(pemBytes []byte) ([]*x509.Certificate, error)

CertsFromPEM parses a PEM chain from a single byte string (the PEM-enveloped certificates should be concatenated). The PEM blocks may include PKIX extensions.

func GeneratePrivateECDSAKey

func GeneratePrivateECDSAKey(curve elliptic.Curve) (*ecdsa.PrivateKey, error)

GeneratePrivateECDSAKey returns a new private ECDSA key for signing messages

func GeneratePrivateKey

func GeneratePrivateKey() (crypto.PrivateKey, error)

GeneratePrivateKey returns a new PrivateKey for signing messages

func GeneratePrivateRSAKey

func GeneratePrivateRSAKey(bits int) (*rsa.PrivateKey, error)

GeneratePrivateRSAKey returns a new private RSA key for signing messages

func HashAndSign

func HashAndSign(key crypto.PrivateKey, data []byte) ([]byte, error)

HashAndSign signs a SHA-256 digest of the given data and returns the new signature.

func HashAndVerifySignature

func HashAndVerifySignature(key crypto.PublicKey, data, signature []byte) error

HashAndVerifySignature checks that signature was made by the private key corresponding to the given public key, over a SHA-256 digest of the given data. It returns an error if verification fails, or nil otherwise.

func NewHash

func NewHash() hash.Hash

NewHash returns default hash in storj.

func PrivateKeyFromPEM

func PrivateKeyFromPEM(keyBytes []byte) (crypto.PrivateKey, error)

PrivateKeyFromPEM parses a private key from its PEM-enveloped PKCS#8 encoding.

func PrivateKeyFromPKCS8

func PrivateKeyFromPKCS8(keyBytes []byte) (crypto.PrivateKey, error)

PrivateKeyFromPKCS8 parses a private key from its PKCS#8 encoding.

func PrivateKeyToPEM

func PrivateKeyToPEM(key crypto.PrivateKey) ([]byte, error)

PrivateKeyToPEM serializes a private key to a PEM-enveloped PKCS#8 form.

func PrivateKeyToPKCS8

func PrivateKeyToPKCS8(key crypto.PrivateKey) ([]byte, error)

PrivateKeyToPKCS8 serializes a private key to a PKCS#8-encoded form.

func PublicKeyEqual

func PublicKeyEqual(a, b crypto.PublicKey) bool

PublicKeyEqual returns true if two public keys are the same.

func PublicKeyFromPEM

func PublicKeyFromPEM(pemData []byte) (crypto.PublicKey, error)

PublicKeyFromPEM parses a public key from its PEM-enveloped PKIX encoding.

func PublicKeyFromPKIX

func PublicKeyFromPKIX(pkixData []byte) (crypto.PublicKey, error)

PublicKeyFromPKIX parses a public key from its PKIX encoding.

func PublicKeyFromPrivate

func PublicKeyFromPrivate(privKey crypto.PrivateKey) crypto.PublicKey

PublicKeyFromPrivate returns the public key corresponding to a given private key.

func PublicKeyToPEM

func PublicKeyToPEM(key crypto.PublicKey) ([]byte, error)

PublicKeyToPEM encodes a public key to a PEM-enveloped PKIX form.

func PublicKeyToPKIX

func PublicKeyToPKIX(key crypto.PublicKey) ([]byte, error)

PublicKeyToPKIX serializes a public key to a PKIX-encoded form.

func SHA256Hash

func SHA256Hash(data []byte) []byte

SHA256Hash calculates the SHA256 hash of the input data

func SignWithoutHashing

func SignWithoutHashing(privKey crypto.PrivateKey, digest []byte) ([]byte, error)

SignWithoutHashing signs the given digest with the private key and returns the new signature.

func VerifySignatureWithoutHashing

func VerifySignatureWithoutHashing(pubKey crypto.PublicKey, digest, signature []byte) error

VerifySignatureWithoutHashing checks the signature against the passed data (which is normally a digest) and public key. It returns an error if verification fails, or nil otherwise.

func WriteCertPEM

func WriteCertPEM(w io.Writer, certs ...*x509.Certificate) error

WriteCertPEM writes the certificate to the writer, in a PEM-enveloped DER encoding.

func WritePrivateKeyPEM

func WritePrivateKeyPEM(w io.Writer, key crypto.PrivateKey) error

WritePrivateKeyPEM writes the private key to the writer, in a PEM-enveloped PKCS#8 form.

func WritePublicKeyPEM

func WritePublicKeyPEM(w io.Writer, key crypto.PublicKey) error

WritePublicKeyPEM writes the public key, in a PEM-enveloped PKIX form.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL