seal

Documentation

Index

• type GenerateOption
  • func WithDeterministicKey(masterKey *memguard.LockedBuffer, target string) GenerateOption
  • func WithRandom(random io.Reader) GenerateOption
• type GenerateOptions
• type Strategy

Types

type GenerateOption

type GenerateOption func(o *GenerateOptions)

GenerateOption represents functional pattern builder for optional parameters.

func WithDeterministicKey

func WithDeterministicKey(masterKey *memguard.LockedBuffer, target string) GenerateOption

WithDeterministicKey enables deterministic container key generation.

func WithRandom

func WithRandom(random io.Reader) GenerateOption

WithRandom provides the random source for key generation.

type GenerateOptions

type GenerateOptions struct {
	DCKDMasterKey *memguard.LockedBuffer
	DCKDTarget    string
	RandomSource  io.Reader
}

GenerateOptions represents container key generation options.

type Strategy

type Strategy interface {
	// CenerateKey create an key pair used as container identifier.
	GenerateKey(...GenerateOption) (publicKey, privateKey string, err error)
	// Seal the given container using the implemented algorithm.
	Seal(io.Reader, *containerv1.Container, ...string) (*containerv1.Container, error)
	// Seal the given container using the implemented algorithm.
	SealWithPSK(io.Reader, *containerv1.Container, *memguard.LockedBuffer, ...string) (*containerv1.Container, error)
	// Unseal the given container using the given identity.
	Unseal(c *containerv1.Container, id *memguard.LockedBuffer) (*containerv1.Container, error)
	// UnsealWithPSK unseals the given container using the given identity and the gievn preshared key.
	UnsealWithPSK(c *containerv1.Container, id *memguard.LockedBuffer, psk *memguard.LockedBuffer) (*containerv1.Container, error)
}

Streategy describes the sealing/unsealing contract.