Documentation ¶
Index ¶
- Constants
- func Finalize()
- func Initialize(customLogger Logger) (errRet error)
- type BcryptBuffer
- type BcryptBufferDesc
- type BcryptDhKeyBlob
- type BcryptDhParameterHeader
- type BcryptDsaFipsVersion
- type BcryptDsaKeyBlob
- type BcryptDsaKeyBlobV2
- type BcryptDsaParameterHeader
- type BcryptDsaParameterHeaderV2
- type BcryptEccCurve
- type BcryptEccCurveAlgId
- type BcryptEccCurveNames
- type BcryptEccCurveType
- type BcryptEccFullKeyBlob
- type BcryptEccKeyBlob
- type BcryptHashAlgorithm
- type BcryptKdfType
- type BcryptKeyBlob
- type BcryptKeyBlobType
- type BcryptKeyDataBlobHeader
- type BcryptMagic
- type BcryptOaepPaddingInfo
- type BcryptPkcs1PaddingInfo
- type BcryptPssPaddingInfo
- type BcryptRsaKeyBlob
- type BcryptSslEccKeyBlob
- type BcryptVersion
- type HcryptHash
- type HcryptKey
- type HcryptProv
- type Key
- func (k *Key) Alg() NcryptAlgorithm
- func (k *Key) Close() (ret uint64, err error)
- func (k *Key) Decrypt(input []byte, paddingInfo unsafe.Pointer, flags NcryptFlag) (decryptedData []byte, ret uint64, err error)
- func (k *Key) Delete(flags NcryptFlag) (ret uint64, err error)
- func (k *Key) Encrypt(input []byte, paddingInfo unsafe.Pointer, flags NcryptFlag) (encryptedData []byte, ret uint64, err error)
- func (k *Key) Export(exportKey Key, blobType NcryptKeyBlobType, parameterList *NcryptBufferDesc, ...) (blobData []byte, ret uint64, err error)
- func (k *Key) GetProperty(propertyName NcryptProperty, flags NcryptFlag) (property []byte, ret uint64, err error)
- func (k *Key) Handle() NcryptKeyHandle
- func (k *Key) KeyDerivation(parameterList *NcryptBufferDesc, flags NcryptFlag) (keydata []byte, ret uint64, err error)
- func (k *Key) Name() string
- func (k *Key) SecretAgreement(pubKeyHandle NcryptKeyHandle, flags NcryptFlag) (agreedSecret Secret, ret uint64, err error)
- func (k *Key) SetProperty(propertyName NcryptProperty, property []byte, flags NcryptFlag) (ret uint64, err error)
- func (k *Key) Sign(paddingInfo unsafe.Pointer, hashValue []byte, flags NcryptFlag) (signature []byte, ret uint64, err error)
- func (k *Key) Verify(paddingInfo unsafe.Pointer, hashValue []byte, signature []byte, ...) (isVerified bool, ret uint64, err error)
- type LogLevel
- type Logger
- type NcryptAlgOperation
- type NcryptAlgorithm
- type NcryptAlgorithmGroup
- type NcryptAlgorithmInfo
- type NcryptBuffer
- type NcryptBufferDesc
- type NcryptBufferDescriptor
- type NcryptCipherPaddingInfo
- type NcryptCipherPaddingInfoFlag
- type NcryptClaimType
- type NcryptExportPolicyPropertyFlag
- type NcryptExportedIsolatedKeyEnvelope
- type NcryptExportedIsolatedKeyHeader
- type NcryptFlag
- type NcryptHandle
- type NcryptHashHandle
- type NcryptImplTypePropertyFlag
- type NcryptInterface
- type NcryptIsolatedKeyAttestedAttributes
- type NcryptIsolatedKeyFlag
- type NcryptKeyAccessPolicyBlob
- type NcryptKeyAttestPaddingInfo
- type NcryptKeyBlobHeader
- type NcryptKeyBlobType
- type NcryptKeyHandle
- type NcryptKeyInfo
- type NcryptKeyUsagePropertyFlag
- type NcryptLegacyKeySpec
- type NcryptMagic
- type NcryptPcpHmacAuthSignatureInfo
- type NcryptPcpKeyUsagePolicyPropertyFlag
- type NcryptPcpRawPolicydigest
- type NcryptPcpTpmFwVersionInfo
- type NcryptPcpTpmIfxRsaKeygenVulnerabilityPropertyFlags
- type NcryptPcpTpmWebAuthnAttestationStatement
- type NcryptPinCacheClearPropertyFlag
- type NcryptPinCacheFlagsPropertyFlag
- type NcryptPlatformAttestPaddingInfo
- type NcryptProperty
- type NcryptProvHandle
- type NcryptProviderInfo
- type NcryptSecretHandle
- type NcryptSupportedLengths
- type NcryptTpmLoadableKeyBlobHeader
- type NcryptTpmPlatformAttestationStatement
- type NcryptUiPolicy
- type NcryptUiPolicyPropertyFlag
- type NcryptVersion
- type NcryptVsmKeyAttestationClaimRestrictions
- func (r *NcryptVsmKeyAttestationClaimRestrictions) GetAllowDebugging() bool
- func (r *NcryptVsmKeyAttestationClaimRestrictions) GetReserved() uint32
- func (r *NcryptVsmKeyAttestationClaimRestrictions) SetAllowDebugging(value bool)
- func (r *NcryptVsmKeyAttestationClaimRestrictions) SetReserved(value uint32)
- type NcryptVsmKeyAttestationStatement
- type Provider
- func (p *Provider) Close() (ret uint64, err error)
- func (p *Provider) CreatePersistedKey(alg NcryptAlgorithm, keyName string, keySpec NcryptLegacyKeySpec, ...) (key Key, ret uint64, err error)
- func (p *Provider) EnumAlgorithms(algOperations NcryptAlgOperation, flags NcryptFlag) (algsInfo []NcryptAlgorithmInfo, ret uint64, err error)
- func (p *Provider) EnumKeys(scope string, flags NcryptFlag) (keysInfo []NcryptKeyInfo, ret uint64, err error)
- func (p *Provider) GetProperty(propertyName NcryptProperty, flags NcryptFlag) (property []byte, ret uint64, err error)
- func (p *Provider) Handle() NcryptProvHandle
- func (p *Provider) ImportKey(importKey Key, blobType NcryptKeyBlobType, parameterList *NcryptBufferDesc, ...) (key Key, ret uint64, err error)
- func (p *Provider) IsAlgSupported(alg NcryptAlgorithm, flags NcryptFlag) (isSupported bool, ret uint64, err error)
- func (p *Provider) Name() string
- func (p *Provider) OpenKey(keyName string, keySpec NcryptLegacyKeySpec, flags NcryptFlag) (key Key, ret uint64, err error)
- func (p *Provider) SetProperty(propertyName NcryptProperty, property []byte, flags NcryptFlag) (ret uint64, err error)
- func (p *Provider) TranslateHandle(legacyProv HcryptProv, legacyKey HcryptKey, legacyKeySpec NcryptLegacyKeySpec, ...) (key Key, ret uint64, err error)
- type Secret
Constants ¶
const ( // Properties of secret agreement algorithms BcryptGlobalParameters string = "SecretAgreementParam" BcryptPrivateey string = "PrivKeyVal" // Property Strings for DH BcryptDhParameters string = "DHParameters" // Property Strings for DSA BcryptDsaParameters string = "DSAParameters" //Property Strings for ECC BcryptEccParameters string = "ECCParameters" BcryptEccCurveName string = "ECCCurveName" BcryptEccCurveNameList string = "ECCCurveNameList" )
const ( // // Maximum length of Key name, in characters // NcryptMaxKeyNameLength = 512 // // Maximum length of Algorithm name, in characters // NcryptMaxAlgIdLength = 512 // // Key name for sealing // TpmRsaSrkSealKey = "MICROSOFT_PCP_KSP_RSA_SEAL_KEY_3BD1C4BF-004E-4E2F-8A4D-0BF633DCB074" )
const ( MsKeyStorageProvider string = "Microsoft Software Key Storage Provider" MsSmartCardKeyStorageProvider string = "Microsoft Smart Card Key Storage Provider" MsPlatformKeyStorageProvider string = "Microsoft Platform Crypto Provider" MsNgcKeyStorageProvider string = "Microsoft Passport Key Storage Provider" )
const ( NcryptTpmPssSaltSizeUnknown = 0x00000000 NcryptTpmPssSaltSizeMaximum = 0x00000001 // Pre-TPM Spec-1.16: Max allowed salt size NcryptTpmPssSaltSizeHashsize = 0x00000002 // Post-1.16: PSS salt = hashLen // Maximum length of property name (in characters) NcryptMaxPropertyName = 64 // Maximum length of property data (in bytes) NcryptMaxPropertyData = 0x100000 NcryptPinCacheApplicationTicketProperty = "PinCacheApplicationTicket" NcryptPinCacheApplicationImageProperty = "PinCacheApplicationImage" NcryptPinCacheApplicationStatusProperty = "PinCacheApplicationStatus" NcryptPinCachePinProperty = "PinCachePin" NcryptPinCacheIsGestureRequiredProperty = "PinCacheIsGestureRequired" NcryptPinCacheRequireGestureFlag = 0x00000001 NcryptPinCachePinByteLength = 90 NcryptPinCacheApplicationTicketByteLength = 90 NcryptPinCacheClearProperty = "PinCacheClear" NcryptAllowSilentKeyAccess = 0x00000001 )
const (
NcryptPinCacheDisableDplFlag = 0x00000001
)
Variables ¶
This section is empty.
Functions ¶
func Finalize ¶
func Finalize()
Finalize is the very last function that must be called on goncrypt. It ensures that the previously loaded ncrypt library and functions are unloaded.
func Initialize ¶
Initialize is the very first function that must be called on goncrypt. It ensures that the underlying ncrypt library and all its functions are loaded.
If customLogger is nil, the library will use its default logger which will print log messages to stderr using INFO log level. To disable logging, a NewDefaultLogger can be passed with LogLevel set to LogLevelNone.
Types ¶
type BcryptBuffer ¶
type BcryptBufferDesc ¶
type BcryptBufferDesc struct { Version uint32 // Version number BuffersLen uint32 // Number of buffers Buffers *BcryptBuffer // Pointer to array of buffers }
type BcryptDhKeyBlob ¶
type BcryptDhKeyBlob struct { Magic BcryptMagic KeyLen uint32 }
type BcryptDhParameterHeader ¶
type BcryptDhParameterHeader struct { Length uint32 Magic BcryptMagic KeyLen uint32 }
type BcryptDsaFipsVersion ¶
type BcryptDsaFipsVersion int32
enum DSAFIPSVERSION_ENUM
const ( DsaFips1862 BcryptDsaFipsVersion = iota DsaFips1863 )
type BcryptDsaKeyBlob ¶
type BcryptDsaKeyBlob struct { Magic BcryptMagic KeyLen uint32 Count [4]byte Seed [20]byte Q [20]byte }
type BcryptDsaKeyBlobV2 ¶
type BcryptDsaKeyBlobV2 struct { Magic BcryptMagic KeyLen uint32 HashAlgorithm BcryptHashAlgorithm StandardVersion BcryptDsaFipsVersion SeedLen uint32 GroupSize uint32 Count [4]byte }
type BcryptDsaParameterHeaderV2 ¶
type BcryptDsaParameterHeaderV2 struct { Length uint32 Magic BcryptMagic KeyLen uint32 HashAlgorithm BcryptHashAlgorithm StandardVersion BcryptDsaFipsVersion SeedLen uint32 GroupSize uint32 Count [4]byte }
type BcryptEccCurve ¶
type BcryptEccCurve string
const ( BcryptEccCurveBrainpoolP160R1 BcryptEccCurve = "brainpoolP160r1" BcryptEccCurveBrainpoolP160T1 BcryptEccCurve = "brainpoolP160t1" BcryptEccCurveBrainpoolP192R1 BcryptEccCurve = "brainpoolP192r1" BcryptEccCurveBrainpoolP192T1 BcryptEccCurve = "brainpoolP192t1" BcryptEccCurveBrainpoolP224R1 BcryptEccCurve = "brainpoolP224r1" BcryptEccCurveBrainpoolP224T1 BcryptEccCurve = "brainpoolP224t1" BcryptEccCurveBrainpoolP256R1 BcryptEccCurve = "brainpoolP256r1" BcryptEccCurveBrainpoolP256T1 BcryptEccCurve = "brainpoolP256t1" BcryptEccCurveBrainpoolP320R1 BcryptEccCurve = "brainpoolP320r1" BcryptEccCurveBrainpoolP320T1 BcryptEccCurve = "brainpoolP320t1" BcryptEccCurveBrainpoolP384R1 BcryptEccCurve = "brainpoolP384r1" BcryptEccCurveBrainpoolP384T1 BcryptEccCurve = "brainpoolP384t1" BcryptEccCurveBrainpoolP512R1 BcryptEccCurve = "brainpoolP512r1" BcryptEccCurveBrainpoolP512T1 BcryptEccCurve = "brainpoolP512t1" BcryptEccCurve25519 BcryptEccCurve = "curve25519" BcryptEccCurveEc192Wapi BcryptEccCurve = "ec192wapi" BcryptEccCurveNistP192 BcryptEccCurve = "nistP192" BcryptEccCurveNistP224 BcryptEccCurve = "nistP224" BcryptEccCurveNistP256 BcryptEccCurve = "nistP256" BcryptEccCurveNistP384 BcryptEccCurve = "nistP384" BcryptEccCurveNistP521 BcryptEccCurve = "nistP521" BcryptEccCurveNumsp256T1 BcryptEccCurve = "numsP256t1" BcryptEccCurveNumsp384T1 BcryptEccCurve = "numsP384t1" BcryptEccCurveNumsp512T1 BcryptEccCurve = "numsP512t1" BcryptEccCurveSecp160K1 BcryptEccCurve = "secP160k1" BcryptEccCurveSecp160R1 BcryptEccCurve = "secP160r1" BcryptEccCurveSecp160R2 BcryptEccCurve = "secP160r2" BcryptEccCurveSecp192K1 BcryptEccCurve = "secP192k1" BcryptEccCurveSecp192R1 BcryptEccCurve = "secP192r1" BcryptEccCurveSecp224K1 BcryptEccCurve = "secP224r1" )
type BcryptEccCurveAlgId ¶
type BcryptEccCurveAlgId int32
enum ECC_CURVE_ALG_ID_ENUM
const (
BcryptNoCurveGenerationAlgId BcryptEccCurveAlgId = 0x0
)
type BcryptEccCurveNames ¶
type BcryptEccCurveType ¶
type BcryptEccCurveType int32
enum ECC_CURVE_TYPE_ENUM
const ( BcryptEccPrimeShortWeierstrassCurve BcryptEccCurveType = 0x1 BcryptEccPrimeTwistedEdwardsCurve BcryptEccCurveType = 0x2 BcryptEccPrimeMontgomeryCurve BcryptEccCurveType = 0x3 )
type BcryptEccFullKeyBlob ¶
type BcryptEccFullKeyBlob struct { Magic BcryptMagic Version uint32 // Version of the structure CurveType BcryptEccCurveType // Supported curve types. CurveGenerationAlgId BcryptEccCurveAlgId // For X.592 verification purposes, if we include Seed we will need to include the algorithm ID. FieldLengthLen uint32 // Byte length of the fields P, A, B, X, Y. SubgroupOrderLen uint32 // Byte length of the subgroup. CofactorLen uint32 // Byte length of cofactor of G in E. SeedLen uint32 // Byte length of the seed used to generate the curve. }
The full version contains the curve parameters as well as the public and potentially private exponent.
type BcryptEccKeyBlob ¶
type BcryptEccKeyBlob struct { Magic BcryptMagic KeyLen uint32 }
type BcryptHashAlgorithm ¶
type BcryptHashAlgorithm int32
enum HASHALGORITHM_ENUM
const ( DsaHashAlgorithmSha1 BcryptHashAlgorithm = iota DsaHashAlgorithmSha256 DsaHashAlgorithmSha512 )
type BcryptKdfType ¶
type BcryptKdfType string
const ( BcryptKdfHash BcryptKdfType = "HASH" BcryptKdfHmac BcryptKdfType = "HMAC" BcryptKdfTlsPrf BcryptKdfType = "TLS_PRF" BcryptKdfSp80056aConcat BcryptKdfType = "SP800_56A_CONCAT" BcryptKdfRawSecret BcryptKdfType = "TRUNCATE" BcryptKdfHkdf BcryptKdfType = "HKDF" )
type BcryptKeyBlob ¶
type BcryptKeyBlob struct {
Magic BcryptMagic
}
type BcryptKeyBlobType ¶
type BcryptKeyBlobType string
const ( BcryptPublicKeyBlob BcryptKeyBlobType = "PUBLICBLOB" BcryptPrivateKeyBlob BcryptKeyBlobType = "PRIVATEBLOB" // The BCRYPT_RSAPUBLIC_BLOB and BCRYPT_RSAPRIVATE_BLOB blob types are used // to transport plaintext RSA keys. These blob types will be supported by // all RSA primitive providers. // The BCRYPT_RSAPRIVATE_BLOB includes the following values: // Public Exponent // Modulus // Prime1 // Prime2 BcryptRsaPublicBlob BcryptKeyBlobType = "RSAPUBLICBLOB" BcryptRsaPrivateBlob BcryptKeyBlobType = "RSAPRIVATEBLOB" // The BCRYPT_RSAFULLPRIVATE_BLOB blob type is used to transport // plaintext private RSA keys. It includes the following values: // Public Exponent // Modulus // Prime1 // Prime2 // Private Exponent mod (Prime1 - 1) // Private Exponent mod (Prime2 - 1) // Inverse of Prime2 mod Prime1 // PrivateExponent BcryptRsaFullPrivateBlob BcryptKeyBlobType = "RSAFULLPRIVATEBLOB" BcryptLegacyRsaPublicBlob BcryptKeyBlobType = "CAPIPUBLICBLOB" BcryptLegacyRsaPrivateBlob BcryptKeyBlobType = "CAPIPRIVATEBLOB" // The BCRYPT_ECCPUBLIC_BLOB and BCRYPT_ECCPRIVATE_BLOB blob types are used // to transport plaintext ECC keys. These blob types will be supported by // all ECC primitive providers. BcryptEccPublicBlob BcryptKeyBlobType = "ECCPUBLICBLOB" BcryptEccPrivateBlob BcryptKeyBlobType = "ECCPRIVATEBLOB" BcryptEccFullPublicBlob BcryptKeyBlobType = "ECCFULLPUBLICBLOB" BcryptEccFullPrivateBlob BcryptKeyBlobType = "ECCFULLPRIVATEBLOB" BcryptSslEccPublicBlob BcryptKeyBlobType = "SSLECCPUBLICBLOB" // The BCRYPT_DH_PUBLIC_BLOB and BCRYPT_DH_PRIVATE_BLOB blob types are used // to transport plaintext DH keys. These blob types will be supported by // all DH primitive providers. BcryptDhPublicBlob BcryptKeyBlobType = "DHPUBLICBLOB" BcryptDhPrivateBlob BcryptKeyBlobType = "DHPRIVATEBLOB" BcryptLegacyDhPublicBlob BcryptKeyBlobType = "CAPIDHPUBLICBLOB" BcryptLegacyDhPrivateBlob BcryptKeyBlobType = "CAPIDHPRIVATEBLOB" // The BCRYPT_DSA_PUBLIC_BLOB and BCRYPT_DSA_PRIVATE_BLOB blob types are used // to transport plaintext DSA keys. These blob types will be supported by // all DSA primitive providers. BcryptDsaPublicBlob BcryptKeyBlobType = "DSAPUBLICBLOB" BcryptDsaPrivateBlob BcryptKeyBlobType = "DSAPRIVATEBLOB" BcryptLegacyDsaPublicBlob BcryptKeyBlobType = "CAPIDSAPUBLICBLOB" BcryptLegacyDsaPrivateBlob BcryptKeyBlobType = "CAPIDSAPRIVATEBLOB" BcryptLegacyDsaV2PublicBlob BcryptKeyBlobType = "V2CAPIDSAPUBLICBLOB" BcryptLegacyDsaV2PrivateBlob BcryptKeyBlobType = "V2CAPIDSAPRIVATEBLOB" )
type BcryptKeyDataBlobHeader ¶
type BcryptKeyDataBlobHeader struct { Magic BcryptMagic Version uint32 KeyDataLen uint32 }
type BcryptMagic ¶
type BcryptMagic uint32
const ( BcryptRsaPublicMagic BcryptMagic = 0x31415352 // RSA1 BcryptRsaPrivateMagic BcryptMagic = 0x32415352 // RSA2 BcryptRsaFullPrivateMagic BcryptMagic = 0x33415352 // RSA3 BcryptEcdhPublicP256Magic BcryptMagic = 0x314B4345 // ECK1 BcryptEcdhPrivateP256Magic BcryptMagic = 0x324B4345 // ECK2 BcryptEcdhPublicP384Magic BcryptMagic = 0x334B4345 // ECK3 BcryptEcdhPrivateP384Magic BcryptMagic = 0x344B4345 // ECK4 BcryptEcdhPublicP521Magic BcryptMagic = 0x354B4345 // ECK5 BcryptEcdhPrivateP521Magic BcryptMagic = 0x364B4345 // ECK6 BcryptEcdhPublicGenericMagic BcryptMagic = 0x504B4345 // ECKP BcryptEcdhPrivateGenericMagic BcryptMagic = 0x564B4345 // ECKV BcryptEcdsaPublicP256Magic BcryptMagic = 0x31534345 // ECS1 BcryptEcdsaPrivateP256Magic BcryptMagic = 0x32534345 // ECS2 BcryptEcdsaPublicP384Magic BcryptMagic = 0x33534345 // ECS3 BcryptEcdsaPrivateP384Magic BcryptMagic = 0x34534345 // ECS4 BcryptEcdsaPublicP521Magic BcryptMagic = 0x35534345 // ECS5 BcryptEcdsaPrivateP521Magic BcryptMagic = 0x36534345 // ECS6 BcryptEcdsaPublicGenericMagic BcryptMagic = 0x50444345 // ECDP BcryptEcdsaPrivateGenericMagic BcryptMagic = 0x56444345 // ECDV BcryptDhPublicMagic BcryptMagic = 0x42504844 // DHPB BcryptDhPrivateMagic BcryptMagic = 0x56504844 // DHPV BcryptDsaPublicMagic BcryptMagic = 0x42505344 // DSPB BcryptDsaPrivateMagic BcryptMagic = 0x56505344 // DSPV BcryptDsaPublicMagicV2 BcryptMagic = 0x32425044 // DPB2 BcryptDsaPrivateMagicV2 BcryptMagic = 0x32565044 // DPV2 BcryptDhParametersMagic BcryptMagic = 0x4d504844 // DHPM BcryptKeyDataBlobMagic BcryptMagic = 0x4d42444b // Key Data Blob Magic (KDBM) BcryptDsaParametersMagic BcryptMagic = 0x4d505344 // DSPM BcryptDsaParametersMagicV2 BcryptMagic = 0x324d5044 // DPM2 BcryptEccParametersMagic BcryptMagic = 0x50434345 // ECCP )
type BcryptOaepPaddingInfo ¶
type BcryptPkcs1PaddingInfo ¶
type BcryptPkcs1PaddingInfo struct {
AlgId *uint16
}
type BcryptPssPaddingInfo ¶
type BcryptRsaKeyBlob ¶
type BcryptSslEccKeyBlob ¶
type BcryptSslEccKeyBlob struct { CurveType BcryptEccCurveType KeyLen uint32 }
type BcryptVersion ¶
type BcryptVersion uint32
const ( BcryptBufferVersion BcryptVersion = 0 BcryptEccFullKeyBlobVersion1 BcryptVersion = 0x1 BcryptKeyDataBlobVersion1 BcryptVersion = 0x1 )
type HcryptHash ¶
type HcryptHash uintptr
type HcryptProv ¶
type HcryptProv uintptr
type Key ¶
type Key struct {
// contains filtered or unexported fields
}
Key represents a CNG key.
func (*Key) Alg ¶
func (k *Key) Alg() NcryptAlgorithm
func (*Key) Close ¶
Close is a wrapper around NCryptFreeObject for keys.
This function frees a CNG key.
func (*Key) Decrypt ¶
func (k *Key) Decrypt( input []byte, paddingInfo unsafe.Pointer, flags NcryptFlag, ) (decryptedData []byte, ret uint64, err error)
Decrypt is a wrapper around NCryptDecrypt.
This function decrypts a block of encrypted data using the specified CNG key.
func (*Key) Delete ¶
func (k *Key) Delete( flags NcryptFlag, ) (ret uint64, err error)
Delete is a wrapper around NCryptDeleteKey.
This function deletes the specified CNG key.
func (*Key) Encrypt ¶
func (k *Key) Encrypt( input []byte, paddingInfo unsafe.Pointer, flags NcryptFlag, ) (encryptedData []byte, ret uint64, err error)
Encrypt is a wrapper around NCryptEncrypt.
This function encrypts a block of data using the specified CNG key.
func (*Key) Export ¶
func (k *Key) Export( exportKey Key, blobType NcryptKeyBlobType, parameterList *NcryptBufferDesc, flags NcryptFlag, ) (blobData []byte, ret uint64, err error)
Export is a wrapper around NCryptExportKey.
This function exports the specified CNG key to a memory BLOB.
func (*Key) GetProperty ¶
func (k *Key) GetProperty( propertyName NcryptProperty, flags NcryptFlag, ) (property []byte, ret uint64, err error)
GetProperty is a wrapper around NCryptGetProperty for keys.
This function retrieves the value of a named property for the specified CNG key.
func (*Key) Handle ¶
func (k *Key) Handle() NcryptKeyHandle
func (*Key) KeyDerivation ¶
func (k *Key) KeyDerivation( parameterList *NcryptBufferDesc, flags NcryptFlag, ) (keydata []byte, ret uint64, err error)
KeyDerivation is a wrapper around NCryptKeyDerivation.
This function creates a key from the specified CNG key by using the specified key derivation function. The function returns the key in a byte array.
func (*Key) SecretAgreement ¶
func (k *Key) SecretAgreement( pubKeyHandle NcryptKeyHandle, flags NcryptFlag, ) (agreedSecret Secret, ret uint64, err error)
SecretAgreement is a wrapper around NCryptSecretAgreement.
This function creates a CNG secret agreement value from the specified CNG private key and the passed public key handle.
func (*Key) SetProperty ¶
func (k *Key) SetProperty( propertyName NcryptProperty, property []byte, flags NcryptFlag, ) (ret uint64, err error)
SetProperty is a wrapper around NCryptSetProperty for keys.
This function sets the value for a named property for the specified CNG key.
func (*Key) Sign ¶
func (k *Key) Sign( paddingInfo unsafe.Pointer, hashValue []byte, flags NcryptFlag, ) (signature []byte, ret uint64, err error)
Sign is a wrapper around NCryptSignHash.
This function creates a signature of a hash value using the specified CNG key.
func (*Key) Verify ¶
func (k *Key) Verify( paddingInfo unsafe.Pointer, hashValue []byte, signature []byte, flags NcryptFlag, ) (isVerified bool, ret uint64, err error)
Verify is a wrapper around NCryptVerifySignature.
This function verifies that the passed signature matches the passed hash for the specified CNG key.
type Logger ¶
type Logger interface { Debugf(format string, v ...interface{}) Debug(v ...interface{}) Debugln(v ...interface{}) Infof(format string, v ...interface{}) Info(v ...interface{}) Infoln(v ...interface{}) Warnf(format string, v ...interface{}) Warn(v ...interface{}) Warnln(v ...interface{}) Errorf(format string, v ...interface{}) Error(v ...interface{}) Errorln(v ...interface{}) }
func NewDefaultLogger ¶
type NcryptAlgOperation ¶
type NcryptAlgOperation uint32
const ( NcryptCipherOperation NcryptAlgOperation = 0x00000001 NcryptHashOperation NcryptAlgOperation = 0x00000002 NcryptAsymmetricEncryptionOperation NcryptAlgOperation = 0x00000004 NcryptSecretAgreementOperation NcryptAlgOperation = 0x00000008 NcryptSignatureOperation NcryptAlgOperation = 0x00000010 NcryptRngOperation NcryptAlgOperation = 0x00000020 NcryptKeyDerivationOperation NcryptAlgOperation = 0x00000040 )
func (*NcryptAlgOperation) String ¶
func (o *NcryptAlgOperation) String() string
type NcryptAlgorithm ¶
type NcryptAlgorithm string
const ( NcryptRsaAlgorithm NcryptAlgorithm = "RSA" NcryptRsaSignAlgorithm NcryptAlgorithm = "RSA_SIGN" NcryptDhAlgorithm NcryptAlgorithm = "DH" NcryptDsaAlgorithm NcryptAlgorithm = "DSA" NcryptMd2Algorithm NcryptAlgorithm = "MD2" NcryptMd4Algorithm NcryptAlgorithm = "MD4" NcryptMd5Algorithm NcryptAlgorithm = "MD5" NcryptSha1Algorithm NcryptAlgorithm = "SHA1" NcryptSha256Algorithm NcryptAlgorithm = "SHA256" NcryptSha384Algorithm NcryptAlgorithm = "SHA384" NcryptSha512Algorithm NcryptAlgorithm = "SHA512" NcryptEcdsaP256Algorithm NcryptAlgorithm = "ECDSA_P256" NcryptEcdsaP384Algorithm NcryptAlgorithm = "ECDSA_P384" NcryptEcdsaP521Algorithm NcryptAlgorithm = "ECDSA_P521" NcryptEcdhP256Algorithm NcryptAlgorithm = "ECDH_P256" NcryptEcdhP384Algorithm NcryptAlgorithm = "ECDH_P384" NcryptEcdhP521Algorithm NcryptAlgorithm = "ECDH_P521" NcryptAesAlgorithm NcryptAlgorithm = "AES" NcryptRc2Algorithm NcryptAlgorithm = "RC2" Ncrypt3desAlgorithm NcryptAlgorithm = "3DES" NcryptDesAlgorithm NcryptAlgorithm = "DES" NcryptDesxAlgorithm NcryptAlgorithm = "DESX" Ncrypt3des112Algorithm NcryptAlgorithm = "3DES_112" NcryptSp800108CtrHmacAlgorithm NcryptAlgorithm = "SP800_108_CTR_HMAC" NcryptSp80056aConcatAlgorithm NcryptAlgorithm = "SP800_56A_CONCAT" NcryptPbkdf2Algorithm NcryptAlgorithm = "PBKDF2" NcryptCapiKdfAlgorithm NcryptAlgorithm = "CAPI_KDF" NcryptEcdsaAlgorithm NcryptAlgorithm = "ECDSA" NcryptKeyStorageAlgorithm NcryptAlgorithm = "KEY_STORAGE" // // This algorithm is not supported by any BCrypt provider. This identifier is for creating // persistent stored HMAC keys in the TPM KSP. // NcryptHmacSha256Algorithm NcryptAlgorithm = "HMAC-SHA256" )
type NcryptAlgorithmGroup ¶
type NcryptAlgorithmGroup string
const ( NcryptRsaAlgorithmGroup NcryptAlgorithmGroup = "RSA" NcryptDhAlgorithmGroup NcryptAlgorithmGroup = "DH" NcryptDsaAlgorithmGroup NcryptAlgorithmGroup = "DSA" NcryptEcdsaAlgorithmGroup NcryptAlgorithmGroup = "ECDSA" NcryptEcdhAlgorithmGroup NcryptAlgorithmGroup = "ECDH" NcryptAesAlgorithmGroup NcryptAlgorithmGroup = "AES" NcryptRc2AlgorithmGroup NcryptAlgorithmGroup = "RC2" NcryptDesAlgorithmGroup NcryptAlgorithmGroup = "DES" NcryptKeyDerivationGroup NcryptAlgorithmGroup = "KEY_DERIVATION" )
type NcryptAlgorithmInfo ¶
type NcryptAlgorithmInfo struct { Name string Class NcryptInterface // the CNG interface that supports this algorithm AlgOperations NcryptAlgOperation // the types of operations supported by this algorithm Flags uint32 }
type NcryptBufferDesc ¶
type NcryptBufferDesc BcryptBufferDesc
type NcryptBufferDescriptor ¶
type NcryptBufferDescriptor uint32
const ( NcryptBufferEmpty NcryptBufferDescriptor = 0 NcryptBufferData NcryptBufferDescriptor = 1 NcryptBufferProtectionDescriptorString NcryptBufferDescriptor = 3 // The buffer contains a null-terminated Unicode string that contains the Protection Descriptor. NcryptBufferProtectionFlags NcryptBufferDescriptor = 4 // DWORD flags to be passed to NCryptCreateProtectionDescriptor function. NcryptBufferSslClientRandom NcryptBufferDescriptor = 20 NcryptBufferSslServerRandom NcryptBufferDescriptor = 21 NcryptBufferSslHighestVersion NcryptBufferDescriptor = 22 NcryptBufferSslClearKey NcryptBufferDescriptor = 23 NcryptBufferSslKeyArgData NcryptBufferDescriptor = 24 NcryptBufferSslSessionHash NcryptBufferDescriptor = 25 NcryptBufferPkcsOid NcryptBufferDescriptor = 40 NcryptBufferPkcsAlgOid NcryptBufferDescriptor = 41 NcryptBufferPkcsAlgParam NcryptBufferDescriptor = 42 NcryptBufferPkcsAlgId NcryptBufferDescriptor = 43 NcryptBufferPkcsAttrs NcryptBufferDescriptor = 44 NcryptBufferPkcsKeyName NcryptBufferDescriptor = 45 NcryptBufferPkcsSecret NcryptBufferDescriptor = 46 NcryptBufferCertBlob NcryptBufferDescriptor = 47 // For threshold key attestation NcryptBufferClaimIdbindingNonce NcryptBufferDescriptor = 48 NcryptBufferClaimKeyattestationNonce NcryptBufferDescriptor = 49 NcryptBufferKeyPropertyFlags NcryptBufferDescriptor = 50 NcryptBufferAttestationstatementBlob NcryptBufferDescriptor = 51 NcryptBufferAttestationClaimType NcryptBufferDescriptor = 52 NcryptBufferAttestationClaimChallengeRequired NcryptBufferDescriptor = 53 NcryptBufferVsmKeyAttestationClaimRestrictions NcryptBufferDescriptor = 54 // For generic ecc NcryptBufferEccCurveName NcryptBufferDescriptor = 60 NcryptBufferEccParameters NcryptBufferDescriptor = 61 // For TPM seal NcryptBufferTpmSealPassword NcryptBufferDescriptor = 70 NcryptBufferTpmSealPolicyinfo NcryptBufferDescriptor = 71 NcryptBufferTpmSealTicket NcryptBufferDescriptor = 72 NcryptBufferTpmSealNoDaProtection NcryptBufferDescriptor = 73 // For TPM platform attestation statements NcryptBufferTpmPlatformClaimPcrMask NcryptBufferDescriptor = 80 NcryptBufferTpmPlatformClaimNonce NcryptBufferDescriptor = 81 NcryptBufferTpmPlatformClaimStaticCreate NcryptBufferDescriptor = 82 )
type NcryptCipherPaddingInfo ¶
type NcryptCipherPaddingInfo struct { // size of this struct Size uint32 // See NCRYPT_CIPHER_ flag values Flags NcryptCipherPaddingInfoFlag // [in, out, optional] // The address of a buffer that contains the initialization vector (IV) to use during encryption. // The cbIV parameter contains the size of this buffer. This function will modify the contents of this buffer. // If you need to reuse the IV later, make sure you make a copy of this buffer before calling this function. IV *byte IVLen uint32 // [in, out, optional] // The address of a buffer that contains the algorithm specific info to use during encryption. // The cbOtherInfo parameter contains the size of this buffer. This function will modify the contents of this buffer. // If you need to reuse the buffer later, make sure you make a copy of this buffer before calling this function. // // For Microsoft providers, when an authenticated encryption mode is used, // this parameter must point to a serialized BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO structure. // // NOTE: All pointers inside a structure must be to a data allocated within pbOtherInfo buffer. // OtherInfo *byte OtherInfoLen uint32 }
NCRYPT_CIPHER_PADDING_INFO
type NcryptCipherPaddingInfoFlag ¶
type NcryptCipherPaddingInfoFlag uint32
const ( NcryptCipherNoPaddingFlag NcryptCipherPaddingInfoFlag = 0x00000000 NcryptCipherBlockPaddingFlag NcryptCipherPaddingInfoFlag = 0x00000001 NcryptCipherOtherPaddingFlag NcryptCipherPaddingInfoFlag = 0x00000002 )
func (*NcryptCipherPaddingInfoFlag) String ¶
func (f *NcryptCipherPaddingInfoFlag) String() string
type NcryptClaimType ¶
type NcryptClaimType uint32
const ( NcryptClaimAuthorityOnly NcryptClaimType = 0x00000001 NcryptClaimSubjectOnly NcryptClaimType = 0x00000002 NcryptClaimWebAuthSubjectOnly NcryptClaimType = 0x00000102 NcryptClaimAuthorityAndSubject NcryptClaimType = 0x00000003 NcryptClaimVsmKeyAttestationStatement NcryptClaimType = 0x00000004 NcryptClaimUnknown NcryptClaimType = 0x00001000 NcryptClaimPlatform NcryptClaimType = 0x00010000 )
func (*NcryptClaimType) String ¶
func (t *NcryptClaimType) String() string
type NcryptExportPolicyPropertyFlag ¶
type NcryptExportPolicyPropertyFlag uint32
const ( NcryptAllowExportFlag NcryptExportPolicyPropertyFlag = 0x00000001 NcryptAllowPlaintextExportFlag NcryptExportPolicyPropertyFlag = 0x00000002 NcryptAllowArchivingFlag NcryptExportPolicyPropertyFlag = 0x00000004 NcryptAllowPlaintextArchivingFlag NcryptExportPolicyPropertyFlag = 0x00000008 )
func (*NcryptExportPolicyPropertyFlag) String ¶
func (p *NcryptExportPolicyPropertyFlag) String() string
type NcryptExportedIsolatedKeyEnvelope ¶
type NcryptExportedIsolatedKeyEnvelope struct {
Header NcryptExportedIsolatedKeyHeader
}
type NcryptExportedIsolatedKeyHeader ¶
type NcryptExportedIsolatedKeyHeader struct { Version NcryptVersion KeyUsage NcryptKeyUsagePropertyFlag Reserved uint32 // Keep the PerBootKey flag and Reserved bits in the same uint32 AlgNameLen uint32 NonceLen uint32 AuthTagLen uint32 WrappingKeyLen uint32 IsolatedKeyLen uint32 }
func (*NcryptExportedIsolatedKeyHeader) GetPerBootKey ¶
func (h *NcryptExportedIsolatedKeyHeader) GetPerBootKey() bool
func (*NcryptExportedIsolatedKeyHeader) GetReserved ¶
func (h *NcryptExportedIsolatedKeyHeader) GetReserved() uint32
func (*NcryptExportedIsolatedKeyHeader) SetPerBootKey ¶
func (h *NcryptExportedIsolatedKeyHeader) SetPerBootKey(value bool)
func (*NcryptExportedIsolatedKeyHeader) SetReserved ¶
func (h *NcryptExportedIsolatedKeyHeader) SetReserved(value uint32)
type NcryptFlag ¶
type NcryptFlag uint32
const ( NcryptNoPaddingFlag NcryptFlag = 0x00000001 // NCryptEncrypt/Decrypt NcryptPadPkcs1Flag NcryptFlag = 0x00000002 // NCryptEncrypt/Decrypt NCryptSignHash/VerifySignature NcryptPadOaepFlag NcryptFlag = 0x00000004 // BCryptEncrypt/Decrypt NcryptPadPssFlag NcryptFlag = 0x00000008 // BCryptSignHash/VerifySignature NcryptPadCipherFlag NcryptFlag = 0x00000010 // NCryptEncrypt/Decrypt NcryptAttestationFlag NcryptFlag = 0x00000020 // NCryptDecrypt for key attestation NcryptSealingFlag NcryptFlag = 0x00000100 // NCryptEncrypt/Decrypt for sealing NcryptRegisterNotifyFlag NcryptFlag = 0x00000001 // NCryptNotifyChangeKey NcryptUnregisterNotifyFlag NcryptFlag = 0x00000002 // NCryptNotifyChangeKey NcryptNoKeyValidation NcryptFlag = 0x00000008 NcryptMachineKeyFlag NcryptFlag = 0x00000020 // same as CAPI CRYPT_MACHINE_KEYSET NcryptSilentFlag NcryptFlag = 0x00000040 // same as CAPI CRYPT_SILENT NcryptOverwriteKeyFlag NcryptFlag = 0x00000080 NcryptWriteKeyToLegacyStoreFlag NcryptFlag = 0x00000200 NcryptDoNotFinalizeFlag NcryptFlag = 0x00000400 NcryptExportLegacyFlag NcryptFlag = 0x00000800 NcryptIgnoreDeviceStateFlag NcryptFlag = 0x00001000 // NCryptOpenStorageProvider NcryptTreatNistAsGenericEccFlag NcryptFlag = 0x00002000 NcryptNoCachedPassword NcryptFlag = 0x00004000 NcryptProtectToLocalSystem NcryptFlag = 0x00008000 NcryptPersistOnlyFlag NcryptFlag = 0x40000000 NcryptPersistFlag NcryptFlag = 0x80000000 NcryptPreferVirtualIsolationFlag NcryptFlag = 0x00010000 // NCryptCreatePersistedKey NCryptImportKey NcryptUseVirtualIsolationFlag NcryptFlag = 0x00020000 // NCryptCreatePersistedKey NCryptImportKey NcryptUsePerBootKeyFlag NcryptFlag = 0x00040000 // NCryptCreatePersistedKey NCryptImportKey // TPM NCryptSignHash Flag NcryptTpmPadPssIgnoreSalt NcryptFlag = 0x00000020 // NCryptSignHash )
type NcryptHandle ¶
type NcryptHandle uintptr
type NcryptHashHandle ¶
type NcryptHashHandle NcryptHandle
type NcryptImplTypePropertyFlag ¶
type NcryptImplTypePropertyFlag uint32
const ( NcryptImplHardwareFlag NcryptImplTypePropertyFlag = 0x00000001 NcryptImplSoftwareFlag NcryptImplTypePropertyFlag = 0x00000002 NcryptImplRemovableFlag NcryptImplTypePropertyFlag = 0x00000008 NcryptImplHardwareRngFlag NcryptImplTypePropertyFlag = 0x00000010 NcryptImplVirtualIsolationFlag NcryptImplTypePropertyFlag = 0x00000020 )
func (*NcryptImplTypePropertyFlag) String ¶
func (p *NcryptImplTypePropertyFlag) String() string
type NcryptInterface ¶
type NcryptInterface uint32
const ( NcryptCipherInterface NcryptInterface = 0x00000001 NcryptHashInterface NcryptInterface = 0x00000002 NcryptAsymmetricEncryptionInterface NcryptInterface = 0x00000003 NcryptSecretAgreementInterface NcryptInterface = 0x00000004 NcryptSignatureInterface NcryptInterface = 0x00000005 NcryptKeyDerivationInterface NcryptInterface = 0x00000007 NcryptKeyStorageInterface NcryptInterface = 0x00010001 NcryptSchannelInterface NcryptInterface = 0x00010002 NcryptSchannelSignatureInterface NcryptInterface = 0x00010003 NcryptKeyProtectionInterface NcryptInterface = 0x00010004 )
func (*NcryptInterface) String ¶
func (i *NcryptInterface) String() string
type NcryptIsolatedKeyAttestedAttributes ¶
type NcryptIsolatedKeyAttestedAttributes struct { Version NcryptVersion // set to NCRYPT_ISOLATED_KEY_ATTESTED_ATTRIBUTES_V0 Flags NcryptIsolatedKeyFlag // NCRYPT_ISOLATED_KEY_FLAG_ flags PublicKeyBlobLen uint32 }
NCRYPT_ISOLATED_KEY_ATTESTED_ATTRIBUTES
type NcryptIsolatedKeyFlag ¶
type NcryptIsolatedKeyFlag uint32
const ( NcryptIsolatedKeyFlagCreatedInIsolation NcryptIsolatedKeyFlag = 0x00000001 // if set, this key was generated in isolation, not imported NcryptIsolatedKeyFlagImportOnly NcryptIsolatedKeyFlag = 0x00000002 // if set, this key can only be used for importing other keys )
type NcryptKeyAttestPaddingInfo ¶
type NcryptKeyAttestPaddingInfo struct { Magic NcryptMagic // 'KAPD' KeyBlob *byte KeyBlobLen uint32 KeyAuth *byte KeyAuthLen uint32 }
NCRYPT_KEY_ATTEST_PADDING_INFO
type NcryptKeyBlobHeader ¶
type NcryptKeyBlobHeader struct { Size uint32 // size of this structure Magic NcryptMagic AlgNameLen uint32 // size of the algorithm, in bytes, including terminating 0 KeyDataLen uint32 }
type NcryptKeyBlobType ¶
type NcryptKeyBlobType string
const ( NcryptPublicKeyBlob NcryptKeyBlobType = "PUBLICBLOB" NcryptPrivateKeyBlob NcryptKeyBlobType = "PRIVATEBLOB" // The BCRYPT_RSAPUBLIC_BLOB and BCRYPT_RSAPRIVATE_BLOB blob types are used // to transport plaintext RSA keys. These blob types will be supported by // all RSA primitive providers. // The BCRYPT_RSAPRIVATE_BLOB includes the following values: // Public Exponent // Modulus // Prime1 // Prime2 NcryptRsaPublicBlob NcryptKeyBlobType = "RSAPUBLICBLOB" NcryptRsaPrivateBlob NcryptKeyBlobType = "RSAPRIVATEBLOB" // The BCRYPT_RSAFULLPRIVATE_BLOB blob type is used to transport // plaintext private RSA keys. It includes the following values: // Public Exponent // Modulus // Prime1 // Prime2 // Private Exponent mod (Prime1 - 1) // Private Exponent mod (Prime2 - 1) // Inverse of Prime2 mod Prime1 // PrivateExponent NcryptRsaFullPrivateBlob NcryptKeyBlobType = "RSAFULLPRIVATEBLOB" NcryptLegacyRsaPublicBlob NcryptKeyBlobType = "CAPIPUBLICBLOB" NcryptLegacyRsaPrivateBlob NcryptKeyBlobType = "CAPIPRIVATEBLOB" // The BCRYPT_ECCPUBLIC_BLOB and BCRYPT_ECCPRIVATE_BLOB blob types are used // to transport plaintext ECC keys. These blob types will be supported by // all ECC primitive providers. NcryptEccPublicBlob NcryptKeyBlobType = "ECCPUBLICBLOB" NcryptEccPrivateBlob NcryptKeyBlobType = "ECCPRIVATEBLOB" NcryptEccFullPublicBlob NcryptKeyBlobType = "ECCFULLPUBLICBLOB" NcryptEccFullPrivateBlob NcryptKeyBlobType = "ECCFULLPRIVATEBLOB" NcryptSslEccPublicBlob NcryptKeyBlobType = "SSLECCPUBLICBLOB" // The BCRYPT_DH_PUBLIC_BLOB and BCRYPT_DH_PRIVATE_BLOB blob types are used // to transport plaintext DH keys. These blob types will be supported by // all DH primitive providers. NcryptDhPublicBlob NcryptKeyBlobType = "DHPUBLICBLOB" NcryptDhPrivateBlob NcryptKeyBlobType = "DHPRIVATEBLOB" NcryptLegacyDhPublicBlob NcryptKeyBlobType = "CAPIDHPUBLICBLOB" NcryptLegacyDhPrivateBlob NcryptKeyBlobType = "CAPIDHPRIVATEBLOB" // The BCRYPT_DSA_PUBLIC_BLOB and BCRYPT_DSA_PRIVATE_BLOB blob types are used // to transport plaintext DSA keys. These blob types will be supported by // all DSA primitive providers. NcryptDsaPublicBlob NcryptKeyBlobType = "DSAPUBLICBLOB" NcryptDsaPrivateBlob NcryptKeyBlobType = "DSAPRIVATEBLOB" NcryptLegacyDsaPublicBlob NcryptKeyBlobType = "CAPIDSAPUBLICBLOB" NcryptLegacyDsaPrivateBlob NcryptKeyBlobType = "CAPIDSAPRIVATEBLOB" NcryptLegacyDsaV2PublicBlob NcryptKeyBlobType = "V2CAPIDSAPUBLICBLOB" NcryptLegacyDsaV2PrivateBlob NcryptKeyBlobType = "V2CAPIDSAPRIVATEBLOB" NcryptCipherKeyBlob NcryptKeyBlobType = "CipherKeyBlob" NcryptKdfKeyBlob NcryptKeyBlobType = "KDFKeyBlob" NcryptProtectedKeyBlob NcryptKeyBlobType = "ProtectedKeyBlob" NcryptTpmLoadableKeyBlob NcryptKeyBlobType = "PcpTpmProtectedKeyBlob" NcryptPkcs7EnvelopeBlob NcryptKeyBlobType = "PKCS7_ENVELOPE" NcryptPkcs8PrivateKeyBlob NcryptKeyBlobType = "PKCS8_PRIVATEKEY" NcryptOpaquetransportBlob NcryptKeyBlobType = "OpaqueTransport" NcryptIsolatedKeyEnvelopeBlob NcryptKeyBlobType = "ISOLATED_KEY_ENVELOPE" )
type NcryptKeyHandle ¶
type NcryptKeyHandle NcryptHandle
type NcryptKeyInfo ¶
type NcryptKeyInfo struct { Name string Alg NcryptAlgorithm LegacyKeySpec NcryptLegacyKeySpec Flags uint32 }
type NcryptKeyUsagePropertyFlag ¶
type NcryptKeyUsagePropertyFlag uint32
const ( NcryptAllowDecryptFlag NcryptKeyUsagePropertyFlag = 0x00000001 NcryptAllowSigningFlag NcryptKeyUsagePropertyFlag = 0x00000002 NcryptAllowKeyAgreementFlag NcryptKeyUsagePropertyFlag = 0x00000004 NcryptAllowKeyImportFlag NcryptKeyUsagePropertyFlag = 0x00000008 NcryptAllowAllUsages NcryptKeyUsagePropertyFlag = 0x00ffffff )
func (*NcryptKeyUsagePropertyFlag) String ¶
func (p *NcryptKeyUsagePropertyFlag) String() string
type NcryptLegacyKeySpec ¶
type NcryptLegacyKeySpec uint32
const ( None NcryptLegacyKeySpec = 0 AtKeyExchange NcryptLegacyKeySpec = 1 AtSignature NcryptLegacyKeySpec = 2 )
func (*NcryptLegacyKeySpec) String ¶
func (s *NcryptLegacyKeySpec) String() string
type NcryptMagic ¶
type NcryptMagic uint32
const ( NcryptRsaPublicMagic NcryptMagic = 0x31415352 // RSA1 NcryptRsaPrivateMagic NcryptMagic = 0x32415352 // RSA2 NcryptRsaFullPrivateMagic NcryptMagic = 0x33415352 // RSA3 NcryptEcdhPublicP256Magic NcryptMagic = 0x314B4345 // ECK1 NcryptEcdhPrivateP256Magic NcryptMagic = 0x324B4345 // ECK2 NcryptEcdhPublicP384Magic NcryptMagic = 0x334B4345 // ECK3 NcryptEcdhPrivateP384Magic NcryptMagic = 0x344B4345 // ECK4 NcryptEcdhPublicP521Magic NcryptMagic = 0x354B4345 // ECK5 NcryptEcdhPrivateP521Magic NcryptMagic = 0x364B4345 // ECK6 NcryptEcdhPublicGenericMagic NcryptMagic = 0x504B4345 // ECKP NcryptEcdhPrivateGenericMagic NcryptMagic = 0x564B4345 // ECKV NcryptEcdsaPublicP256Magic NcryptMagic = 0x31534345 // ECS1 NcryptEcdsaPrivateP256Magic NcryptMagic = 0x32534345 // ECS2 NcryptEcdsaPublicP384Magic NcryptMagic = 0x33534345 // ECS3 NcryptEcdsaPrivateP384Magic NcryptMagic = 0x34534345 // ECS4 NcryptEcdsaPublicP521Magic NcryptMagic = 0x35534345 // ECS5 NcryptEcdsaPrivateP521Magic NcryptMagic = 0x36534345 // ECS6 NcryptEcdsaPublicGenericMagic NcryptMagic = 0x50444345 // ECDP NcryptEcdsaPrivateGenericMagic NcryptMagic = 0x56444345 // ECDV NcryptDhPublicMagic NcryptMagic = 0x42504844 // DHPB NcryptDhPrivateMagic NcryptMagic = 0x56504844 // DHPV NcryptDsaPublicMagic NcryptMagic = 0x42505344 // DSPB NcryptDsaPrivateMagic NcryptMagic = 0x56505344 // DSPV NcryptDsaPublicMagicV2 NcryptMagic = 0x32425044 // DPB2 NcryptDsaPrivateMagicV2 NcryptMagic = 0x32565044 // DPV2 NcryptDhParametersMagic NcryptMagic = 0x4d504844 // DHPM NcryptKeyDataBlobMagic NcryptMagic = 0x4d42444b // Key Data Blob Magic (KDBM) NcryptDsaParametersMagic NcryptMagic = 0x4d505344 // DSPM NcryptDsaParametersMagicV2 NcryptMagic = 0x324d5044 // DPM2 NcryptEccParametersMagic NcryptMagic = 0x50434345 // ECCP NcryptPlatformAttestMagic NcryptMagic = 0x44504150 // 'PAPD' NcryptKeyAttestMagic NcryptMagic = 0x4450414b // 'KAPD' NcryptCipherKeyBlobMagic NcryptMagic = 0x52485043 // 'CPHR' NcryptKdfKeyBlobMagic NcryptMagic = 0x3146444B // 'KDF1' NcryptProtectedKeyBlobMagic NcryptMagic = 0x4B545250 // 'PRTK' NcryptTpmLoadableKeyBlobMagic NcryptMagic = 0x4D54504B // 'MTPK' NcryptVsmIsolatedKeyMagic NcryptMagic = 0x494d5356 // 'VSMI' NcryptPcpTpmWebAuthnAttestationStatementMagic NcryptMagic = 0x4157414b // 'KAWA' NcryptTpmPlatformAttestationStatementMagic NcryptMagic = 0x414c5054 // 'TPLA' )
type NcryptPcpHmacAuthSignatureInfo ¶
type NcryptPcpHmacAuthSignatureInfo struct { Version uint32 IExpiration int32 PabNonce [32]byte PabPolicyRef [32]byte PabHMAC [32]byte }
NCRYPT_PCP_HMAC_AUTH_SIGNATURE property structure.
type NcryptPcpKeyUsagePolicyPropertyFlag ¶
type NcryptPcpKeyUsagePolicyPropertyFlag uint32
const ( NcryptTpm12Provider NcryptPcpKeyUsagePolicyPropertyFlag = 0x00010000 NcryptPcpSignatureKey NcryptPcpKeyUsagePolicyPropertyFlag = 0x00000001 NcryptPcpEncryptionKey NcryptPcpKeyUsagePolicyPropertyFlag = 0x00000002 NcryptPcpGenericKey NcryptPcpKeyUsagePolicyPropertyFlag = NcryptPcpSignatureKey | NcryptPcpEncryptionKey NcryptPcpStorageKey NcryptPcpKeyUsagePolicyPropertyFlag = 0x00000004 NcryptPcpIdentityKey NcryptPcpKeyUsagePolicyPropertyFlag = 0x00000008 NcryptPcpHmacverificationKey NcryptPcpKeyUsagePolicyPropertyFlag = 0x00000010 )
func (*NcryptPcpKeyUsagePolicyPropertyFlag) String ¶
func (p *NcryptPcpKeyUsagePolicyPropertyFlag) String() string
type NcryptPcpRawPolicydigest ¶
NCRYPT_PCP_RAW_POLICYDIGEST_PROPERTY structure
type NcryptPcpTpmFwVersionInfo ¶
NCRYPT_PCP_TPM_FW_VERSION property structure.
type NcryptPcpTpmIfxRsaKeygenVulnerabilityPropertyFlags ¶
type NcryptPcpTpmIfxRsaKeygenVulnerabilityPropertyFlags uint32
const ( IfxRsaKeygenVulNotAffected NcryptPcpTpmIfxRsaKeygenVulnerabilityPropertyFlags = 0 IfxRsaKeygenVulAffectedLevel1 NcryptPcpTpmIfxRsaKeygenVulnerabilityPropertyFlags = 1 IfxRsaKeygenVulAffectedLevel2 NcryptPcpTpmIfxRsaKeygenVulnerabilityPropertyFlags = 2 )
type NcryptPinCacheClearPropertyFlag ¶
type NcryptPinCacheClearPropertyFlag uint32
const (
NcryptPinCacheClearForCallingProcessOption NcryptPinCacheClearPropertyFlag = 0x00000001
)
type NcryptPinCacheFlagsPropertyFlag ¶
type NcryptPinCacheFlagsPropertyFlag uint32
type NcryptPlatformAttestPaddingInfo ¶
type NcryptPlatformAttestPaddingInfo struct { Magic NcryptMagic // 'PAPD' PcrMask uint32 }
NCRYPT_PLATFORM_ATTEST_PADDING_INFO
type NcryptProperty ¶
type NcryptProperty string
const ( NcryptNameProperty NcryptProperty = "Name" NcryptUniqueNameProperty NcryptProperty = "Unique Name" NcryptAlgorithmProperty NcryptProperty = "Algorithm Name" NcryptLengthProperty NcryptProperty = "Length" NcryptLengthsProperty NcryptProperty = "Lengths" NcryptBlockLengthProperty NcryptProperty = "Block Length" NcryptPublicLengthProperty NcryptProperty = "PublicKeyLength" NcryptSignatureLengthProperty NcryptProperty = "SignatureLength" NcryptChainingModeProperty NcryptProperty = "Chaining Mode" NcryptAuthTagLength NcryptProperty = "AuthTagLength" NcryptUiPolicyProperty NcryptProperty = "UI Policy" NcryptExportPolicyProperty NcryptProperty = "Export Policy" NcryptWindowHandleProperty NcryptProperty = "HWND Handle" NcryptUseContextProperty NcryptProperty = "Use Context" NcryptImplTypeProperty NcryptProperty = "Impl Type" NcryptKeyUsageProperty NcryptProperty = "Key Usage" NcryptKeyTypeProperty NcryptProperty = "Key Type" NcryptVersionProperty NcryptProperty = "Version" NcryptSecurityDescrSupportProperty NcryptProperty = "Security Descr Support" NcryptSecurityDescrProperty NcryptProperty = "Security Descr" NcryptUseCountEnabledProperty NcryptProperty = "Enabled Use Count" NcryptUseCountProperty NcryptProperty = "Use Count" NcryptLastModifiedProperty NcryptProperty = "Modified" NcryptMaxNameLengthProperty NcryptProperty = "Max Name Length" NcryptAlgorithmGroupProperty NcryptProperty = "Algorithm Group" NcryptDhParametersProperty NcryptProperty = "DHParameters" NcryptEccParametersProperty NcryptProperty = "ECCParameters" NcryptEccCurveNameProperty NcryptProperty = "ECCCurveName" NcryptEccCurveNameListProperty NcryptProperty = "ECCCurveNameList" NcryptUseVirtualIsolationProperty NcryptProperty = "Virtual Iso" NcryptUsePerBootKeyProperty NcryptProperty = "Per Boot Key" NcryptProviderHandleProperty NcryptProperty = "Provider Handle" NcryptPinProperty NcryptProperty = "SmartCardPin" NcryptReaderProperty NcryptProperty = "SmartCardReader" NcryptSmartcardGuidProperty NcryptProperty = "SmartCardGuid" NcryptCertificateProperty NcryptProperty = "SmartCardKeyCertificate" NcryptPinPromptProperty NcryptProperty = "SmartCardPinPrompt" NcryptUserCertstoreProperty NcryptProperty = "SmartCardUserCertStore" NcryptRootCertstoreProperty NcryptProperty = "SmartcardRootCertStore" NcryptSecurePinProperty NcryptProperty = "SmartCardSecurePin" NcryptAssociatedEcdhKey NcryptProperty = "SmartCardAssociatedECDHKey" NcryptScardPinId NcryptProperty = "SmartCardPinId" NcryptScardPinInfo NcryptProperty = "SmartCardPinInfo" NcryptReaderIconProperty NcryptProperty = "SmartCardReaderIcon" NcryptKdfSecretValue NcryptProperty = "KDFKeySecret" NcryptDismissUiTimeoutSecProperty NcryptProperty = "SmartCardDismissUITimeoutSeconds" NcryptPcpPlatformTypeProperty NcryptProperty = "PCP_PLATFORM_TYPE" NcryptPcpProviderVersionProperty NcryptProperty = "PCP_PROVIDER_VERSION" NcryptPcpEkpubProperty NcryptProperty = "PCP_EKPUB" NcryptPcpEkcertProperty NcryptProperty = "PCP_EKCERT" NcryptPcpEknvcertProperty NcryptProperty = "PCP_EKNVCERT" NcryptPcpRsaEkpubProperty NcryptProperty = "PCP_RSA_EKPUB" NcryptPcpRsaEkcertProperty NcryptProperty = "PCP_RSA_EKCERT" NcryptPcpRsaEknvcertProperty NcryptProperty = "PCP_RSA_EKNVCERT" NcryptPcpEccEkpubProperty NcryptProperty = "PCP_ECC_EKPUB" NcryptPcpEccEkcertProperty NcryptProperty = "PCP_ECC_EKCERT" NcryptPcpEccEknvcertProperty NcryptProperty = "PCP_ECC_EKNVCERT" NcryptPcpSrkpubProperty NcryptProperty = "PCP_SRKPUB" NcryptPcpPcrtableProperty NcryptProperty = "PCP_PCRTABLE" NcryptPcpChangepasswordProperty NcryptProperty = "PCP_CHANGEPASSWORD" NcryptPcpPasswordRequiredProperty NcryptProperty = "PCP_PASSWORD_REQUIRED" NcryptPcpUsageauthProperty NcryptProperty = "PCP_USAGEAUTH" NcryptPcpMigrationpasswordProperty NcryptProperty = "PCP_MIGRATIONPASSWORD" NcryptPcpExportAllowedProperty NcryptProperty = "PCP_EXPORT_ALLOWED" NcryptPcpStorageparentProperty NcryptProperty = "PCP_STORAGEPARENT" NcryptPcpProviderhandleProperty NcryptProperty = "PCP_PROVIDERMHANDLE" NcryptPcpPlatformhandleProperty NcryptProperty = "PCP_PLATFORMHANDLE" NcryptPcpPlatformBindingPcrmaskProperty NcryptProperty = "PCP_PLATFORM_BINDING_PCRMASK" NcryptPcpPlatformBindingPcrdigestlistProperty NcryptProperty = "PCP_PLATFORM_BINDING_PCRDIGESTLIST" NcryptPcpPlatformBindingPcrdigestProperty NcryptProperty = "PCP_PLATFORM_BINDING_PCRDIGEST" NcryptPcpKeyUsagePolicyProperty NcryptProperty = "PCP_KEY_USAGE_POLICY" NcryptPcpRsaSchemeProperty NcryptProperty = "PCP_RSA_SCHEME" NcryptPcpRsaSchemeHashAlgProperty NcryptProperty = "PCP_RSA_SCHEME_HASH_ALG" NcryptPcpTpm12IdbindingProperty NcryptProperty = "PCP_TPM12_IDBINDING" NcryptPcpTpm12IdbindingDynamicProperty NcryptProperty = "PCP_TPM12_IDBINDING_DYNAMIC" NcryptPcpTpm12IdactivationProperty NcryptProperty = "PCP_TPM12_IDACTIVATION" NcryptPcpKeyattestationProperty NcryptProperty = "PCP_TPM12_KEYATTESTATION" NcryptPcpAlternateKeyStorageLocationProperty NcryptProperty = "PCP_ALTERNATE_KEY_STORAGE_LOCATION" NcryptPcpTpmIfxRsaKeygenProhibitedProperty NcryptProperty = "PCP_TPM_IFX_RSA_KEYGEN_PROHIBITED" NcryptPcpTpmIfxRsaKeygenVulnerabilityProperty NcryptProperty = "PCP_TPM_IFX_RSA_KEYGEN_VULNERABILITY" NcryptPcpHmacAuthPolicyref NcryptProperty = "PCP_HMAC_AUTH_POLICYREF" NcryptPcpHmacAuthPolicyinfo NcryptProperty = "PCP_HMAC_AUTH_POLICYINFO" NcryptPcpHmacAuthNonce NcryptProperty = "PCP_HMAC_AUTH_NONCE" NcryptPcpHmacAuthSignature NcryptProperty = "PCP_HMAC_AUTH_SIGNATURE" NcryptPcpHmacAuthTicket NcryptProperty = "PCP_HMAC_AUTH_TICKET" NcryptPcpNoDaProtectionProperty NcryptProperty = "PCP_NO_DA_PROTECTION" NcryptPcpTpmManufacturerIdProperty NcryptProperty = "PCP_TPM_MANUFACTURER_ID" NcryptPcpTpmFwVersionProperty NcryptProperty = "PCP_TPM_FW_VERSION" NcryptPcpTpm2bnameProperty NcryptProperty = "PCP_TPM2BNAME" NcryptPcpTpmVersionProperty NcryptProperty = "PCP_TPM_VERSION" NcryptPcpRawPolicydigestProperty NcryptProperty = "PCP_RAW_POLICYDIGEST" NcryptPcpKeyCreationhashProperty NcryptProperty = "PCP_KEY_CREATIONHASH" NcryptPcpKeyCreationticketProperty NcryptProperty = "PCP_KEY_CREATIONTICKET" NcryptPcpSessionidProperty NcryptProperty = "PCP_SESSIONID" NcryptPcpPssSaltSizeProperty NcryptProperty = "PSS Salt Size" NcryptScardNgcKeyName NcryptProperty = "SmartCardNgcKeyName" NcryptPcpPlatformBindingPcralgidProperty NcryptProperty = "PCP_PLATFORM_BINDING_PCRALGID" NcryptInitializationVector NcryptProperty = "IV" NcryptChangepasswordProperty NcryptProperty = NcryptPcpChangepasswordProperty NcryptAlternateKeyStorageLocationProperty NcryptProperty = NcryptPcpAlternateKeyStorageLocationProperty NcryptKeyAccessPolicyProperty NcryptProperty = "Key Access Policy" NcryptPinCacheFreeApplicationTicketProperty NcryptProperty = "PinCacheFreeApplicationTicket" NcryptPinCacheFlagsProperty NcryptProperty = "PinCacheFlags" )
type NcryptProvHandle ¶
type NcryptProvHandle NcryptHandle
type NcryptProviderInfo ¶
func EnumProviders ¶
func EnumProviders( flags NcryptFlag, ) (provsInfo []NcryptProviderInfo, ret uint64, err error)
EnumProviders is a wrapper around NCryptEnumStorageProviders.
This function obtains the names of the registered CNG key storage providers.
type NcryptSecretHandle ¶
type NcryptSecretHandle NcryptHandle
type NcryptSupportedLengths ¶
type NcryptSupportedLengths struct { MinLength uint32 MaxLength uint32 Increment uint32 DefaultLength uint32 }
NCRYPT_LENGTHS_PROPERTY property structure.
type NcryptTpmLoadableKeyBlobHeader ¶
type NcryptTpmLoadableKeyBlobHeader struct { Magic NcryptMagic HeaderLen uint32 PublicLen uint32 PrivateLen uint32 NameLen uint32 }
type NcryptTpmPlatformAttestationStatement ¶
type NcryptTpmPlatformAttestationStatement struct { Magic NcryptMagic // {'A', 'L', 'P', 'T'} - 'TPLA' for TPM Platform Version NcryptVersion // Set to NCRYPT_TPM_PLATFORM_ATTESTATION_STATEMENT_CURRENT_VERSION PcrAlg uint32 // The TPM hash algorithm ID SignatureLen uint32 // TPMT_SIGNATURE structure signature over the quote QuoteLen uint32 // TPMS_ATTEST structure that was generated and signed PcrsLen uint32 // Raw concatenation of all 24 PCRs }
type NcryptUiPolicy ¶
type NcryptUiPolicy struct { Version uint32 Flags NcryptUiPolicyPropertyFlag CreationTitle string FriendlyName string Description string }
func (*NcryptUiPolicy) Deserialize ¶
func (n *NcryptUiPolicy) Deserialize(data []byte) error
func (*NcryptUiPolicy) Serialize ¶
func (n *NcryptUiPolicy) Serialize() ([]byte, error)
type NcryptUiPolicyPropertyFlag ¶
type NcryptUiPolicyPropertyFlag uint32
const ( NcryptUiProtectKeyFlag NcryptUiPolicyPropertyFlag = 0x00000001 NcryptUiForceHighProtectionFlag NcryptUiPolicyPropertyFlag = 0x00000002 NcryptUiFingerprintProtectionFlag NcryptUiPolicyPropertyFlag = 0x00000004 NcryptUiAppcontainerAccessMediumFlag NcryptUiPolicyPropertyFlag = 0x00000008 )
func (*NcryptUiPolicyPropertyFlag) String ¶
func (p *NcryptUiPolicyPropertyFlag) String() string
type NcryptVersion ¶
type NcryptVersion uint32
const ( NcryptBufferVersion NcryptVersion = 0 NcryptIsolatedKeyAttestedAttributesV0 NcryptVersion = 0 NcryptIsolatedKeyAttestedAttributesCurrentVersion NcryptVersion = NcryptIsolatedKeyAttestedAttributesV0 NcryptVsmKeyAttestationStatementV0 NcryptVersion = 0 NcryptVsmKeyAttestationStatementCurrentVersion NcryptVersion = NcryptVsmKeyAttestationStatementV0 NcryptVsmKeyAttestationClaimRestrictionsV0 NcryptVersion = 0 NcryptVsmKeyAttestationClaimRestrictionsCurrentVersion NcryptVersion = NcryptVsmKeyAttestationClaimRestrictionsV0 NcryptExportedIsolatedKeyHeaderV0 NcryptVersion = 0 NcryptExportedIsolatedKeyHeaderCurrentVersion NcryptVersion = NcryptExportedIsolatedKeyHeaderV0 NcryptTpmPlatformAttestationStatementV0 NcryptVersion = 0 NcryptTpmPlatformAttestationStatementCurrentVersion NcryptVersion = NcryptTpmPlatformAttestationStatementV0 NcryptKeyAccessPolicyVersion NcryptVersion = 1 )
type NcryptVsmKeyAttestationClaimRestrictions ¶
type NcryptVsmKeyAttestationClaimRestrictions struct { Version NcryptVersion // Set to NCRYPT_VSM_KEY_ATTESTATION_CLAIM_RESTRICTIONS_V0 TrustletId uint64 // Trustlet type MinSvn uint32 // Minimum acceptable trustlet SVN, 0 if don't care FlagsMask uint32 // Which of NCRYPT_ISOLATED_KEY_ flags to check FlagsExpected uint32 // Expected values of flags inside the mask // contains filtered or unexported fields }
NCRYPT_VSM_KEY_ATTESTATION_CLAIM_RESTRICTIONS
func (*NcryptVsmKeyAttestationClaimRestrictions) GetAllowDebugging ¶
func (r *NcryptVsmKeyAttestationClaimRestrictions) GetAllowDebugging() bool
func (*NcryptVsmKeyAttestationClaimRestrictions) GetReserved ¶
func (r *NcryptVsmKeyAttestationClaimRestrictions) GetReserved() uint32
func (*NcryptVsmKeyAttestationClaimRestrictions) SetAllowDebugging ¶
func (r *NcryptVsmKeyAttestationClaimRestrictions) SetAllowDebugging(value bool)
func (*NcryptVsmKeyAttestationClaimRestrictions) SetReserved ¶
func (r *NcryptVsmKeyAttestationClaimRestrictions) SetReserved(value uint32)
type NcryptVsmKeyAttestationStatement ¶
type NcryptVsmKeyAttestationStatement struct { Magic NcryptMagic // {'I', 'M', 'S', 'V'} - 'VSMI' for VSM Isolated Version NcryptVersion // Set to NCRYPT_VSM_KEY_ATTESTATION_STATEMENT_CURRENT_VERSION SignatureLen uint32 // Secure kernel signature over the isolation report ReportLen uint32 // Key isolation report from the secure kernel AttributesLen uint32 // Attributes of the isolated key including public key blob }
NCRYPT_VSM_KEY_ATTESTATION_STATEMENT
type Provider ¶
type Provider struct {
// contains filtered or unexported fields
}
Provider represents a CNG Key Storage Provider.
func OpenProvider ¶
func OpenProvider( name string, flags NcryptFlag, ) (provider Provider, ret uint64, err error)
OpenProvider is a wrapper around NCryptOpenStorageProvider.
This function loads and initializes a CNG key storage provider.
func (*Provider) Close ¶
Close is a wrapper around NCryptFreeObject for providers.
This function frees a CNG key storage provider.
func (*Provider) CreatePersistedKey ¶
func (p *Provider) CreatePersistedKey( alg NcryptAlgorithm, keyName string, keySpec NcryptLegacyKeySpec, properties map[NcryptProperty][]byte, createKeyFlags NcryptFlag, setPropertyFlags NcryptFlag, finalizeKeyFlags NcryptFlag, ) (key Key, ret uint64, err error)
CreatePersistedKey is a wrapper around NCryptCreatePersistedKey, NCryptSetProperty and NCryptFinalizeKey.
This function creates a new key and stores it in the specified CNG key storage provider. After creating the key, this function sets any specified properties, before finalizing the key creation.
func (*Provider) EnumAlgorithms ¶
func (p *Provider) EnumAlgorithms( algOperations NcryptAlgOperation, flags NcryptFlag, ) (algsInfo []NcryptAlgorithmInfo, ret uint64, err error)
EnumAlgorithms is a wrapper around NCryptEnumAlgorithms.
This function obtains the names of the algorithms that are supported by the specified CNG key storage provider.
func (*Provider) EnumKeys ¶
func (p *Provider) EnumKeys( scope string, flags NcryptFlag, ) (keysInfo []NcryptKeyInfo, ret uint64, err error)
EnumKeys is a wrapper around NCryptEnumKeys.
This function obtains the names of the keys that are stored by the specified CNG key storage provider.
func (*Provider) GetProperty ¶
func (p *Provider) GetProperty( propertyName NcryptProperty, flags NcryptFlag, ) (property []byte, ret uint64, err error)
GetProperty is a wrapper around NCryptGetProperty for providers.
This function retrieves the value of a named property for the specified CNG key storage provider.
func (*Provider) Handle ¶
func (p *Provider) Handle() NcryptProvHandle
func (*Provider) ImportKey ¶
func (p *Provider) ImportKey( importKey Key, blobType NcryptKeyBlobType, parameterList *NcryptBufferDesc, blobData []byte, flags NcryptFlag, ) (key Key, ret uint64, err error)
ImportKey is a wrapper around NCryptImportKey.
This function imports a CNG key from a memory BLOB into the specified CNG key storage provider.
func (*Provider) IsAlgSupported ¶
func (p *Provider) IsAlgSupported( alg NcryptAlgorithm, flags NcryptFlag, ) (isSupported bool, ret uint64, err error)
IsAlgSupported is a wrapper around NCryptIsAlgSupported.
This function determines if the specified CNG key storage provider supports the passed cryptographic algorithm.
func (*Provider) OpenKey ¶
func (p *Provider) OpenKey( keyName string, keySpec NcryptLegacyKeySpec, flags NcryptFlag, ) (key Key, ret uint64, err error)
OpenKey is a wrapper around NCryptOpenKey.
This function opens a key that exists in the specified CNG key storage provider.
func (*Provider) SetProperty ¶
func (p *Provider) SetProperty( propertyName NcryptProperty, property []byte, flags NcryptFlag, ) (ret uint64, err error)
SetProperty is a wrapper around NCryptSetProperty for providers.
This function sets the value for a named property for the specified CNG key storage provider.
func (*Provider) TranslateHandle ¶
func (p *Provider) TranslateHandle( legacyProv HcryptProv, legacyKey HcryptKey, legacyKeySpec NcryptLegacyKeySpec, flags NcryptFlag, ) (key Key, ret uint64, err error)
TranslateHandle is a wrapper around NCryptTranslateHandle.
This function translates a CryptoAPI key into a CNG key for the specified CNG key storage provider.
type Secret ¶
type Secret struct {
// contains filtered or unexported fields
}
Secret represents a CNG Key Storage Provider secret agreement value.
func (*Secret) Derive ¶
func (s *Secret) Derive( kdfType BcryptKdfType, parameterList *NcryptBufferDesc, flags NcryptFlag, ) (keydata []byte, ret uint64, err error)
Derive is a wrapper around NCryptDeriveKey.
This function derives a key from the specified secret agreement value. This function is intended to be used as part of a secret agreement procedure using persisted secret agreement keys. To derive key material by using a persisted secret instead, use the KeyDerivation function.
func (*Secret) Handle ¶
func (s *Secret) Handle() NcryptSecretHandle