Documentation
¶
Index ¶
- Constants
- Variables
- func CertFromDER(certDER []byte) (*x509.Certificate, error)
- func CertFromPEM(certPEM []byte) (*x509.Certificate, error)
- func CertToDER(cert *x509.Certificate) ([]byte, error)
- func CertToPEM(cert *x509.Certificate) []byte
- func CertsFromDER(rawCerts [][]byte) ([]*x509.Certificate, error)
- func CertsFromPEM(pemBytes []byte) ([]*x509.Certificate, error)
- func GeneratePrivateECDSAKey(curve elliptic.Curve) (*ecdsa.PrivateKey, error)
- func GeneratePrivateKey() (crypto.PrivateKey, error)
- func GeneratePrivateRSAKey(bits int) (*rsa.PrivateKey, error)
- func HashAndSign(key crypto.PrivateKey, data []byte) ([]byte, error)
- func HashAndVerifySignature(key crypto.PublicKey, data, signature []byte) error
- func NewHash() hash.Hash
- func PrivateKeyFromPEM(keyBytes []byte) (crypto.PrivateKey, error)
- func PrivateKeyFromPKCS8(keyBytes []byte) (crypto.PrivateKey, error)
- func PrivateKeyToPEM(key crypto.PrivateKey) ([]byte, error)
- func PrivateKeyToPKCS8(key crypto.PrivateKey) ([]byte, error)
- func PublicKeyEqual(a, b crypto.PublicKey) bool
- func PublicKeyFromPEM(pemData []byte) (crypto.PublicKey, error)
- func PublicKeyFromPKIX(pkixData []byte) (crypto.PublicKey, error)
- func PublicKeyFromPrivate(privKey crypto.PrivateKey) crypto.PublicKey
- func PublicKeyToPEM(key crypto.PublicKey) ([]byte, error)
- func PublicKeyToPKIX(key crypto.PublicKey) ([]byte, error)
- func SHA256Hash(data []byte) []byte
- func SignWithoutHashing(privKey crypto.PrivateKey, digest []byte) ([]byte, error)
- func VerifySignatureWithoutHashing(pubKey crypto.PublicKey, digest, signature []byte) error
- func WriteCertPEM(w io.Writer, certs ...*x509.Certificate) error
- func WritePrivateKeyPEM(w io.Writer, key crypto.PrivateKey) error
- func WritePublicKeyPEM(w io.Writer, key crypto.PublicKey) error
Constants ¶
const ( // BlockLabelEcPrivateKey is the value to define a block label of EC private key // (which is used here only for backwards compatibility). Use a general PKCS#8 // encoding instead. BlockLabelEcPrivateKey = "EC PRIVATE KEY" // BlockLabelPrivateKey is the value to define a block label of general private key // (used for PKCS#8-encoded private keys of type RSA, ECDSA, and others). BlockLabelPrivateKey = "PRIVATE KEY" // BlockLabelPublicKey is the value to define a block label of general public key // (used for PKIX-encoded public keys of type RSA, ECDSA, and others). BlockLabelPublicKey = "PUBLIC KEY" // BlockLabelCertificate is the value to define a block label of certificates BlockLabelCertificate = "CERTIFICATE" // BlockLabelExtension is the value to define a block label of certificate extensions BlockLabelExtension = "EXTENSION" )
const ( // StorjPSSSaltLength holds the correct value for the PSS salt length // when signing with RSA in Storj code and verifying RSA signatures // from Storj. StorjPSSSaltLength = rsa.PSSSaltLengthAuto // StorjRSAKeyBits holds the number of bits to use for new RSA keys // by default. StorjRSAKeyBits = 2048 )
Variables ¶
var ( // ErrUnsupportedKey is used when key type is not supported. ErrUnsupportedKey = errs.Class("unsupported key type") // ErrParse is used when an error occurs while parsing a certificate or key. ErrParse = errs.Class("unable to parse") // ErrSign is used when something goes wrong while generating a signature. ErrSign = errs.Class("unable to generate signature") // ErrVerifySignature is used when a signature verification error occurs. ErrVerifySignature = errs.Class("signature verification error") // ErrChainLength is used when the length of a cert chain isn't what was expected ErrChainLength = errs.Class("cert chain length error") )
Functions ¶
func CertFromDER ¶
func CertFromDER(certDER []byte) (*x509.Certificate, error)
CertFromDER parses an X.509 certificate from its DER encoding.
func CertFromPEM ¶
func CertFromPEM(certPEM []byte) (*x509.Certificate, error)
CertFromPEM parses an X.509 certificate from its PEM-enveloped DER encoding.
func CertToDER ¶
func CertToDER(cert *x509.Certificate) ([]byte, error)
CertToDER returns the bytes of the certificate, in a DER encoding.
Note that this is fairly useless, as x509.Certificate objects are always supposed to have a member containing the raw DER encoding. But this is included for completeness with the rest of this module's API.
func CertToPEM ¶
func CertToPEM(cert *x509.Certificate) []byte
CertToPEM returns the bytes of the certificate, in a PEM-enveloped DER encoding.
func CertsFromDER ¶
func CertsFromDER(rawCerts [][]byte) ([]*x509.Certificate, error)
CertsFromDER parses an x509 certificate from each of the given byte slices, which should be encoded in DER.
func CertsFromPEM ¶
func CertsFromPEM(pemBytes []byte) ([]*x509.Certificate, error)
CertsFromPEM parses a PEM chain from a single byte string (the PEM-enveloped certificates should be concatenated). The PEM blocks may include PKIX extensions.
func GeneratePrivateECDSAKey ¶
func GeneratePrivateECDSAKey(curve elliptic.Curve) (*ecdsa.PrivateKey, error)
GeneratePrivateECDSAKey returns a new private ECDSA key for signing messages
func GeneratePrivateKey ¶
func GeneratePrivateKey() (crypto.PrivateKey, error)
GeneratePrivateKey returns a new PrivateKey for signing messages
func GeneratePrivateRSAKey ¶
func GeneratePrivateRSAKey(bits int) (*rsa.PrivateKey, error)
GeneratePrivateRSAKey returns a new private RSA key for signing messages
func HashAndSign ¶
func HashAndSign(key crypto.PrivateKey, data []byte) ([]byte, error)
HashAndSign signs a SHA-256 digest of the given data and returns the new signature.
func HashAndVerifySignature ¶
HashAndVerifySignature checks that signature was made by the private key corresponding to the given public key, over a SHA-256 digest of the given data. It returns an error if verification fails, or nil otherwise.
func PrivateKeyFromPEM ¶
func PrivateKeyFromPEM(keyBytes []byte) (crypto.PrivateKey, error)
PrivateKeyFromPEM parses a private key from its PEM-enveloped PKCS#8 encoding.
func PrivateKeyFromPKCS8 ¶
func PrivateKeyFromPKCS8(keyBytes []byte) (crypto.PrivateKey, error)
PrivateKeyFromPKCS8 parses a private key from its PKCS#8 encoding.
func PrivateKeyToPEM ¶
func PrivateKeyToPEM(key crypto.PrivateKey) ([]byte, error)
PrivateKeyToPEM serializes a private key to a PEM-enveloped PKCS#8 form.
func PrivateKeyToPKCS8 ¶
func PrivateKeyToPKCS8(key crypto.PrivateKey) ([]byte, error)
PrivateKeyToPKCS8 serializes a private key to a PKCS#8-encoded form.
func PublicKeyEqual ¶
PublicKeyEqual returns true if two public keys are the same.
func PublicKeyFromPEM ¶
PublicKeyFromPEM parses a public key from its PEM-enveloped PKIX encoding.
func PublicKeyFromPKIX ¶
PublicKeyFromPKIX parses a public key from its PKIX encoding.
func PublicKeyFromPrivate ¶
func PublicKeyFromPrivate(privKey crypto.PrivateKey) crypto.PublicKey
PublicKeyFromPrivate returns the public key corresponding to a given private key.
func PublicKeyToPEM ¶
PublicKeyToPEM encodes a public key to a PEM-enveloped PKIX form.
func PublicKeyToPKIX ¶
PublicKeyToPKIX serializes a public key to a PKIX-encoded form.
func SHA256Hash ¶
SHA256Hash calculates the SHA256 hash of the input data
func SignWithoutHashing ¶
func SignWithoutHashing(privKey crypto.PrivateKey, digest []byte) ([]byte, error)
SignWithoutHashing signs the given digest with the private key and returns the new signature.
func VerifySignatureWithoutHashing ¶
VerifySignatureWithoutHashing checks the signature against the passed data (which is normally a digest) and public key. It returns an error if verification fails, or nil otherwise.
func WriteCertPEM ¶
func WriteCertPEM(w io.Writer, certs ...*x509.Certificate) error
WriteCertPEM writes the certificate to the writer, in a PEM-enveloped DER encoding.
func WritePrivateKeyPEM ¶
func WritePrivateKeyPEM(w io.Writer, key crypto.PrivateKey) error
WritePrivateKeyPEM writes the private key to the writer, in a PEM-enveloped PKCS#8 form.
Types ¶
This section is empty.
Source Files