keyutil

package

v0.0.7 Latest Latest Go to latest Published: Apr 9, 2024 License: Apache-2.0 Imports: 21 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/DataDog/go-secure-sdk

Links

Open Source Insights

README ¶

keyutil

Package keyutil provides cryptographic keys management functions.

Functions

func AttachCertificateToJWK

func AttachCertificateToJWK(jwk *jose.JSONWebKey, cert *x509.Certificate) error

AttachCertificateToJWK attaches the given certificate to the JWK.

func ExtractKey

func ExtractKey(in any) (any, error)

ExtractKey returns the given public or private key or extracts the public key if a x509.Certificate or x509.CertificateRequest is given.

Supported types:

- *rsa.PublicKey / *rsa.PrivateKey
- *ecdsa.PublicKey / *ecdsa.PrivateKey
- ed25519.PublicKey / ed25519.PrivateKey
- *ecdh.PublicKey / *ecdh.PrivateKey
- []byte
- *x509.Certificate
- *x509.CertificateRequest
- ssh.CryptoPublicKey
- *ssh.Certificate
- jose.JSONWebKey / *jose.JSONWebKey

If the input is not a supported type, an error is returned.

func FromEncryptedJWK

func FromEncryptedJWK(r io.Reader, secret []byte) (*jose.JSONWebKey, error)

FromEncryptedJWK unwraps the JWK encoded in a JWE container encrypted using AES256GCM with key derivation based on PBES2_HS512_A256KW.

encryptedJWK := "eyJhbGciOiJQQkVTMi1IUzUxMitBMjU2S1ciLCJjdHkiOiJhcHBsaWNhdGlvbi9qd2sranNvbiIsImVuYyI6IkEyNTZHQ00iLCJwMmMiOjEyMDAwMCwicDJzIjoiQ2FlVno0dExSZEtKSEozSkFxakdkZyJ9.C_2fwhcpvnmXENVtV_h-ukQ28Yd9-j693MUQURcgPllUCnHO3-lBqw.oV4ZAjaUMr8Su5o7.1aT8dC2WIj8Wq1QlGetvIyIEEvTz79SXjszTvV0WRMfrJEu4VjWjXYjiMmajNaYsqAXWf5C6-P3-Hs8lR-vKZtHqNgafWQKOZM8nJkMkiwQOcMl_Q4EHV6ni7Ss4ZfRGQ_o8R2ONP9Y88_8tFppLMro1xGNQp1pBem_VHPn8787hLVHZHAfTV--rwvyJ3aRe_RePBZ4RSpjf5inGJPDkEOcAVa043iAF75HGwxu3wLkVyC3wKj4iEIyz-uv3OOG-bKkWci7BrCtPGcdSGNVFRWhoc-aJwgaW6NhdZRRvpviskg8fXg.rbwTiWoeXVMAQ5vMIuCUOQ"

// Pack the private key as JWK
jwk, err := FromEncryptedJWK(strings.NewReader(encryptedJWK), []byte("very-secret-password"))
if err != nil {
    panic(err)
}

// Encode the JWK object as JSON
var out bytes.Buffer
if err := json.NewEncoder(&out).Encode(&jwk); err != nil {
    panic(err)
}

Output:

{"kty":"EC","kid":"GQGzLJsjUVoKfbK5It-RQkmcJ7zSjPNHDre2htiQKjA","crv":"P-256","x":"4UldbrAX0tKLFvXxQ_er33af7vkmyn8B7K0WE_AuBWM","y":"VxV_08mpjH-jDu46Rl8khkeHu9luR-a9d6jZbLhtL-w","d":"E3IjbKFj-q0Q76lXxyEBG1x-bHuFK4NBTw2DzsvHuig"}

func FromJWK

func FromJWK(r io.Reader) (*jose.JSONWebKey, error)

FromJWK tries to decode the given reader content as JWK.

func FromPEM

func FromPEM(r io.Reader) (any, error)

FromPEM opens a cryptographic key packaged in a PEM block.

A private key will be deserialized using PKCS8, PKCS1 (RSA) or SEC1 (EC). Supported private types: *rsa.PrivateKey, *ecdsa.PrivateKey, *ecdh.PrivateKey, ed25519.PrivateKey

A public key will be deserialized using PKIX. Supported public key types: *rsa.PublicKey, *ecdsa.PublicKey, *ecdh.PublicKey, ed25519.PublicKey

func GenerateDefaultKeyPair

func GenerateDefaultKeyPair() (crypto.PublicKey, crypto.PrivateKey, error)

GenerateDefaultKeyPair generates a cryptogrpahic key pair according to the framework enabled flags.

FIPS Mode enabled => EC

FIPS Mode disabled => OKP (Ed25519)

func GenerateKeyPair

func GenerateKeyPair(kty KeyType) (crypto.PublicKey, crypto.PrivateKey, error)

GenerateKeyPair generates a key pair according to the selected keytype. Supported key types are:

- RSA
- EC
- ED25519 (disabled in FIPS mode)

If the key type is not supported, an error is returned.


// Generate EC key pair.
// Use RSA, EC or OKP (Ed25519) as parameter according to your need.
_ /*pub*/, _ /*priv*/, err := GenerateKeyPair(EC)
if err != nil {
    panic(err)
}

func IsUsable

func IsUsable(key any) error

IsUsable returns an error if the given key as environmental restrictions.

func PublicKey

func PublicKey(priv any) (crypto.PublicKey, error)

PublicKey extracts a public key from a private key.

Supported types:

- *rsa.PrivateKey / *rsa.PublicKey
- *ecdsa.PrivateKey / *ecdsa.PublicKey
- ed25519.PrivateKey / ed25519.PublicKey
- *ecdh.PrivateKey / *ecdh.PublicKey
- jose.JSONWebKey / *jose.JSONWebKey

If the input is not a supported type, an error is returned.

func PublicKeyFingerprint

func PublicKeyFingerprint(key any) ([]byte, error)

PublicKeyFingerprint generates a public key fingerprint. https://www.rfc-editor.org/rfc/rfc6698

This fingerprint algorithm marshal the public key using PKIX ASN.1 to DER content. The ASN.1 is processed to retrieve the SubjectPublicKey content from the ASN.1 serialized and compute the SHA256 of the SubjectPublicKey content.

Supported key types:

- *rsa.PublicKey / *rsa.PrivateKey
- *ecdsa.PublicKey / *ecdsa.PrivateKey
- ed25519.PublicKey / ed25519.PrivateKey
- *ecdh.PublicKey / *ecdh.PrivateKey
- []byte
- *x509.Certificate
- *x509.CertificateRequest
- ssh.CryptoPublicKey
- *ssh.Certificate
- jose.JSONWebKey / *jose.JSONWebKey

Unsupported key will return an error.

// Decode certificate
b, _ := pem.Decode(serverCertPEM)
if b == nil {
    panic("invalid PEM")
}
cert, err := x509.ParseCertificate(b.Bytes)
if err != nil {
    panic(err)
}
if cert == nil {
    panic("invalid certificate")
}

out, err := PublicKeyFingerprint(cert)
if err != nil {
    panic(err)
}

Output:

9351dda87a49db2102aef97dec41a58bd6df9245610c87744b39a0ef3d95a060

func ToDERBytes

func ToDERBytes(key any) (string, []byte, error)

ToDERBytes encodes the given crypto key as a byte array in ASN.1 DER Form. It returns the PEM block type as string, and the encoded key.

A private key will be serialized using PKCS8. Supported private types: *rsa.PrivateKey, *ecdsa.PrivateKey, *ecdh.PrivateKey, ed25519.PrivateKey

A public key will be serialized using PKIX. Supported public key types: *rsa.PublicKey, *ecdsa.PublicKey, *ecdh.PublicKey, ed25519.PublicKey

func ToEncryptedJWK

func ToEncryptedJWK(key *jose.JSONWebKey, secret []byte) (string, error)

ToEncryptedJWK wraps the JWK encoded in a JWE container encrypted using AES256GCM with key derivation based on PBES2_HS512_A256KW.


// Generate EC key pair.
// Use RSA, EC or OKP (Ed25519) as parameter according to your need.
_ /*pub*/, priv, err := GenerateKeyPair(EC)
if err != nil {
    panic(err)
}

// Pack the private key as JWK
jwk, err := ToJWK(priv)
if err != nil {
    panic(err)
}

// Encode the JWK object as JSON
jwe, err := ToEncryptedJWK(jwk, []byte("very-secret-password"))
if err != nil {
    panic(err)
}

// Sample Output: eyJhbGciOiJQQkVTMi1IUzUxMitBMjU2S1ciLCJjdHkiOiJhcHBsaWNhdGlvbi9qd2sranNvbiIsImVuYyI6IkEyNTZHQ00iLCJwMmMiOjEyMDAwMCwicDJzIjoiQ2FlVno0dExSZEtKSEozSkFxakdkZyJ9.C_2fwhcpvnmXENVtV_h-ukQ28Yd9-j693MUQURcgPllUCnHO3-lBqw.oV4ZAjaUMr8Su5o7.1aT8dC2WIj8Wq1QlGetvIyIEEvTz79SXjszTvV0WRMfrJEu4VjWjXYjiMmajNaYsqAXWf5C6-P3-Hs8lR-vKZtHqNgafWQKOZM8nJkMkiwQOcMl_Q4EHV6ni7Ss4ZfRGQ_o8R2ONP9Y88_8tFppLMro1xGNQp1pBem_VHPn8787hLVHZHAfTV--rwvyJ3aRe_RePBZ4RSpjf5inGJPDkEOcAVa043iAF75HGwxu3wLkVyC3wKj4iEIyz-uv3OOG-bKkWci7BrCtPGcdSGNVFRWhoc-aJwgaW6NhdZRRvpviskg8fXg.rbwTiWoeXVMAQ5vMIuCUOQ
fmt.Printf("%s", jwe)

func ToJWK

func ToJWK(key any) (*jose.JSONWebKey, error)

ToJWK encodes the given key as JWK.


// Generate EC key pair.
// Use RSA, EC or OKP (Ed25519) as parameter according to your need.
_ /*pub*/, priv, err := GenerateKeyPair(EC)
if err != nil {
    panic(err)
}

// Pack the private key as JWK
jwk, err := ToJWK(priv)
if err != nil {
    panic(err)
}

// Encode the JWK object as JSON
var out bytes.Buffer
if err := json.NewEncoder(&out).Encode(&jwk); err != nil {
    panic(err)
}

// Sample Output: {"kty":"EC","kid":"PgsdHR9dGMqt2KWUvO4gK0ImyMZbw0aJntGgSXoQgWo","crv":"P-256","x":"kvpM30q2awL9D9IeEi1LfMXsMIoGTCpXshWNOGvVtNE","y":"y2-dLkAWwNlA9GWBfiqkDYRdWNobPle-DZG8sWsMtJg","d":"hoaLiXhGdsPsAw7HWbI1cbBtnGu37uea6AutcqdTVkw"}
fmt.Printf("%s", out.String())

func ToPEM

func ToPEM(w io.Writer, key any) error

ToPEM encodes the given crypto key as a PEM block.

A private key will be serialized using PKCS8. Supported private types: *rsa.PrivateKey, *ecdsa.PrivateKey, *ecdh.PrivateKey, ed25519.PrivateKey

A public key will be serialized using PKIX. Supported public key types: *rsa.PublicKey, *ecdsa.PublicKey, *ecdh.PublicKey, ed25519.PublicKey

func ToPublicJWKS

func ToPublicJWKS(keys ...crypto.PublicKey) (*jose.JSONWebKeySet, error)

ToPublicJWKS encodes the given keyset to a JSONWebKeySet.

func VerifyPair

func VerifyPair(pubkey crypto.PublicKey, key crypto.PrivateKey) error

VerifyPair that the public key matches the given private key.

func VerifyPublicKey

func VerifyPublicKey(input any, key crypto.PublicKey) error

VerifyPublicKey verifies that the given public key matches the given input.

Types

type KeyType

type KeyType uint

KeyType repesents the key generation strategy

Constants

Keeping 0 for PLATFORM preferred key if one day we support FIPS build flag.

const (
    // ED25519 defines Edwards 25519 key.
    ED25519 KeyType = iota + 1
    // EC defines EC P-256 key.
    EC
    // RSA defines RSA 2048 key.
    RSA
)

Documentation ¶

Overview ¶

Package keyutil provides cryptographic keys management functions.

Index ¶

func AttachCertificateToJWK(jwk *jose.JSONWebKey, cert *x509.Certificate) error
func ExtractKey(in any) (any, error)
func FromEncryptedJWK(r io.Reader, secret []byte) (*jose.JSONWebKey, error)
func FromJWK(r io.Reader) (*jose.JSONWebKey, error)
func FromPEM(r io.Reader) (any, error)
func GenerateDefaultKeyPair() (crypto.PublicKey, crypto.PrivateKey, error)
func GenerateKeyPair(kty KeyType) (crypto.PublicKey, crypto.PrivateKey, error)
func IsUsable(key any) error
func PublicKey(priv any) (crypto.PublicKey, error)
func PublicKeyFingerprint(key any) ([]byte, error)
func ToDERBytes(key any) (string, []byte, error)
func ToEncryptedJWK(key *jose.JSONWebKey, secret []byte) (string, error)
func ToJWK(key any) (*jose.JSONWebKey, error)
func ToPEM(w io.Writer, key any) error
func ToPublicJWKS(keys ...crypto.PublicKey) (*jose.JSONWebKeySet, error)
func VerifyPair(pubkey crypto.PublicKey, key crypto.PrivateKey) error
func VerifyPublicKey(input any, key crypto.PublicKey) error
type KeyType

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AttachCertificateToJWK ¶

func AttachCertificateToJWK(jwk *jose.JSONWebKey, cert *x509.Certificate) error

AttachCertificateToJWK attaches the given certificate to the JWK.

func ExtractKey ¶

func ExtractKey(in any) (any, error)

ExtractKey returns the given public or private key or extracts the public key if a x509.Certificate or x509.CertificateRequest is given.

Supported types:

*rsa.PublicKey / *rsa.PrivateKey
*ecdsa.PublicKey / *ecdsa.PrivateKey
ed25519.PublicKey / ed25519.PrivateKey
*ecdh.PublicKey / *ecdh.PrivateKey
[]byte
*x509.Certificate
*x509.CertificateRequest
ssh.CryptoPublicKey
*ssh.Certificate
jose.JSONWebKey / *jose.JSONWebKey

If the input is not a supported type, an error is returned.

func FromEncryptedJWK ¶

func FromEncryptedJWK(r io.Reader, secret []byte) (*jose.JSONWebKey, error)

FromEncryptedJWK unwraps the JWK encoded in a JWE container encrypted using AES256GCM with key derivation based on PBES2_HS512_A256KW.

Example ¶

encryptedJWK := "eyJhbGciOiJQQkVTMi1IUzUxMitBMjU2S1ciLCJjdHkiOiJhcHBsaWNhdGlvbi9qd2sranNvbiIsImVuYyI6IkEyNTZHQ00iLCJwMmMiOjEyMDAwMCwicDJzIjoiQ2FlVno0dExSZEtKSEozSkFxakdkZyJ9.C_2fwhcpvnmXENVtV_h-ukQ28Yd9-j693MUQURcgPllUCnHO3-lBqw.oV4ZAjaUMr8Su5o7.1aT8dC2WIj8Wq1QlGetvIyIEEvTz79SXjszTvV0WRMfrJEu4VjWjXYjiMmajNaYsqAXWf5C6-P3-Hs8lR-vKZtHqNgafWQKOZM8nJkMkiwQOcMl_Q4EHV6ni7Ss4ZfRGQ_o8R2ONP9Y88_8tFppLMro1xGNQp1pBem_VHPn8787hLVHZHAfTV--rwvyJ3aRe_RePBZ4RSpjf5inGJPDkEOcAVa043iAF75HGwxu3wLkVyC3wKj4iEIyz-uv3OOG-bKkWci7BrCtPGcdSGNVFRWhoc-aJwgaW6NhdZRRvpviskg8fXg.rbwTiWoeXVMAQ5vMIuCUOQ"

// Pack the private key as JWK
jwk, err := FromEncryptedJWK(strings.NewReader(encryptedJWK), []byte("very-secret-password"))
if err != nil {
	panic(err)
}

// Encode the JWK object as JSON
var out bytes.Buffer
if err := json.NewEncoder(&out).Encode(&jwk); err != nil {
	panic(err)
}

Output:

{"kty":"EC","kid":"GQGzLJsjUVoKfbK5It-RQkmcJ7zSjPNHDre2htiQKjA","crv":"P-256","x":"4UldbrAX0tKLFvXxQ_er33af7vkmyn8B7K0WE_AuBWM","y":"VxV_08mpjH-jDu46Rl8khkeHu9luR-a9d6jZbLhtL-w","d":"E3IjbKFj-q0Q76lXxyEBG1x-bHuFK4NBTw2DzsvHuig"}

func FromJWK ¶

func FromJWK(r io.Reader) (*jose.JSONWebKey, error)

FromJWK tries to decode the given reader content as JWK.

func FromPEM ¶

func FromPEM(r io.Reader) (any, error)

FromPEM opens a cryptographic key packaged in a PEM block.

A private key will be deserialized using PKCS8, PKCS1 (RSA) or SEC1 (EC). Supported private types: *rsa.PrivateKey, *ecdsa.PrivateKey, *ecdh.PrivateKey, ed25519.PrivateKey

A public key will be deserialized using PKIX. Supported public key types: *rsa.PublicKey, *ecdsa.PublicKey, *ecdh.PublicKey, ed25519.PublicKey

func GenerateDefaultKeyPair ¶

func GenerateDefaultKeyPair() (crypto.PublicKey, crypto.PrivateKey, error)

GenerateDefaultKeyPair generates a cryptogrpahic key pair according to the framework enabled flags.

FIPS Mode *enabled* => EC

FIPS Mode *disabled* => OKP (Ed25519)

func GenerateKeyPair ¶

func GenerateKeyPair(kty KeyType) (crypto.PublicKey, crypto.PrivateKey, error)

GenerateKeyPair generates a key pair according to the selected keytype. Supported key types are:

RSA
EC
ED25519 (disabled in FIPS mode)

If the key type is not supported, an error is returned.

Example ¶

// Generate EC key pair.
// Use RSA, EC or OKP (Ed25519) as parameter according to your need.
_ /*pub*/, _ /*priv*/, err := GenerateKeyPair(EC)
if err != nil {
	panic(err)
}

Output:

func IsUsable ¶

func IsUsable(key any) error

IsUsable returns an error if the given key as environmental restrictions.

func PublicKey ¶

func PublicKey(priv any) (crypto.PublicKey, error)

PublicKey extracts a public key from a private key.

Supported types:

*rsa.PrivateKey / *rsa.PublicKey
*ecdsa.PrivateKey / *ecdsa.PublicKey
ed25519.PrivateKey / ed25519.PublicKey
*ecdh.PrivateKey / *ecdh.PublicKey
jose.JSONWebKey / *jose.JSONWebKey

If the input is not a supported type, an error is returned.

func PublicKeyFingerprint ¶

func PublicKeyFingerprint(key any) ([]byte, error)

PublicKeyFingerprint generates a public key fingerprint. https://www.rfc-editor.org/rfc/rfc6698

This fingerprint algorithm marshal the public key using PKIX ASN.1 to DER content. The ASN.1 is processed to retrieve the SubjectPublicKey content from the ASN.1 serialized and compute the SHA256 of the SubjectPublicKey content.

Supported key types:

*rsa.PublicKey / *rsa.PrivateKey
*ecdsa.PublicKey / *ecdsa.PrivateKey
ed25519.PublicKey / ed25519.PrivateKey
*ecdh.PublicKey / *ecdh.PrivateKey
[]byte
*x509.Certificate
*x509.CertificateRequest
ssh.CryptoPublicKey
*ssh.Certificate
jose.JSONWebKey / *jose.JSONWebKey

Unsupported key will return an error.

Example ¶

// Decode certificate
b, _ := pem.Decode(serverCertPEM)
if b == nil {
	panic("invalid PEM")
}
cert, err := x509.ParseCertificate(b.Bytes)
if err != nil {
	panic(err)
}
if cert == nil {
	panic("invalid certificate")
}

out, err := PublicKeyFingerprint(cert)
if err != nil {
	panic(err)
}

Output:

9351dda87a49db2102aef97dec41a58bd6df9245610c87744b39a0ef3d95a060

func ToDERBytes ¶

func ToDERBytes(key any) (string, []byte, error)

ToDERBytes encodes the given crypto key as a byte array in ASN.1 DER Form. It returns the PEM block type as string, and the encoded key.

A private key will be serialized using PKCS8. Supported private types: *rsa.PrivateKey, *ecdsa.PrivateKey, *ecdh.PrivateKey, ed25519.PrivateKey

A public key will be serialized using PKIX. Supported public key types: *rsa.PublicKey, *ecdsa.PublicKey, *ecdh.PublicKey, ed25519.PublicKey

func ToEncryptedJWK ¶

func ToEncryptedJWK(key *jose.JSONWebKey, secret []byte) (string, error)

ToEncryptedJWK wraps the JWK encoded in a JWE container encrypted using AES256GCM with key derivation based on PBES2_HS512_A256KW.

Example ¶

// Generate EC key pair.
// Use RSA, EC or OKP (Ed25519) as parameter according to your need.
_ /*pub*/, priv, err := GenerateKeyPair(EC)
if err != nil {
	panic(err)
}

// Pack the private key as JWK
jwk, err := ToJWK(priv)
if err != nil {
	panic(err)
}

// Encode the JWK object as JSON
jwe, err := ToEncryptedJWK(jwk, []byte("very-secret-password"))
if err != nil {
	panic(err)
}

// Sample Output: eyJhbGciOiJQQkVTMi1IUzUxMitBMjU2S1ciLCJjdHkiOiJhcHBsaWNhdGlvbi9qd2sranNvbiIsImVuYyI6IkEyNTZHQ00iLCJwMmMiOjEyMDAwMCwicDJzIjoiQ2FlVno0dExSZEtKSEozSkFxakdkZyJ9.C_2fwhcpvnmXENVtV_h-ukQ28Yd9-j693MUQURcgPllUCnHO3-lBqw.oV4ZAjaUMr8Su5o7.1aT8dC2WIj8Wq1QlGetvIyIEEvTz79SXjszTvV0WRMfrJEu4VjWjXYjiMmajNaYsqAXWf5C6-P3-Hs8lR-vKZtHqNgafWQKOZM8nJkMkiwQOcMl_Q4EHV6ni7Ss4ZfRGQ_o8R2ONP9Y88_8tFppLMro1xGNQp1pBem_VHPn8787hLVHZHAfTV--rwvyJ3aRe_RePBZ4RSpjf5inGJPDkEOcAVa043iAF75HGwxu3wLkVyC3wKj4iEIyz-uv3OOG-bKkWci7BrCtPGcdSGNVFRWhoc-aJwgaW6NhdZRRvpviskg8fXg.rbwTiWoeXVMAQ5vMIuCUOQ
fmt.Printf("%s", jwe)

Output:

func ToJWK ¶

func ToJWK(key any) (*jose.JSONWebKey, error)

ToJWK encodes the given key as JWK.

Example ¶

// Generate EC key pair.
// Use RSA, EC or OKP (Ed25519) as parameter according to your need.
_ /*pub*/, priv, err := GenerateKeyPair(EC)
if err != nil {
	panic(err)
}

// Pack the private key as JWK
jwk, err := ToJWK(priv)
if err != nil {
	panic(err)
}

// Encode the JWK object as JSON
var out bytes.Buffer
if err := json.NewEncoder(&out).Encode(&jwk); err != nil {
	panic(err)
}

// Sample Output: {"kty":"EC","kid":"PgsdHR9dGMqt2KWUvO4gK0ImyMZbw0aJntGgSXoQgWo","crv":"P-256","x":"kvpM30q2awL9D9IeEi1LfMXsMIoGTCpXshWNOGvVtNE","y":"y2-dLkAWwNlA9GWBfiqkDYRdWNobPle-DZG8sWsMtJg","d":"hoaLiXhGdsPsAw7HWbI1cbBtnGu37uea6AutcqdTVkw"}
fmt.Printf("%s", out.String())

Output:

func ToPEM ¶

func ToPEM(w io.Writer, key any) error

ToPEM encodes the given crypto key as a PEM block.

A private key will be serialized using PKCS8. Supported private types: *rsa.PrivateKey, *ecdsa.PrivateKey, *ecdh.PrivateKey, ed25519.PrivateKey

A public key will be serialized using PKIX. Supported public key types: *rsa.PublicKey, *ecdsa.PublicKey, *ecdh.PublicKey, ed25519.PublicKey

func ToPublicJWKS ¶

func ToPublicJWKS(keys ...crypto.PublicKey) (*jose.JSONWebKeySet, error)

ToPublicJWKS encodes the giev keyset to a JSONWebKeySet.

func VerifyPair ¶

func VerifyPair(pubkey crypto.PublicKey, key crypto.PrivateKey) error

VerifyPair that the public key matches the given private key.

func VerifyPublicKey ¶

func VerifyPublicKey(input any, key crypto.PublicKey) error

VerifyPublicKey verifies that the given public key matches the given input.

Types ¶

type KeyType ¶

type KeyType uint

KeyType repesents the key generation strategy

const (
	// ED25519 defines Edwards 25519 key.
	ED25519 KeyType = iota + 1
	// EC defines EC P-256 key.
	EC
	// RSA defines RSA 2048 key.
	RSA
)

Keeping 0 for PLATFORM preferred key if one day we support FIPS build flag.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL