cryptoutil

package

v0.3.0 Latest Latest Go to latest Published: Jun 7, 2023 License: Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/HewlettPackard/galadriel

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func CalculateDigest(data []byte) []byte
func CreateCATemplate(clk clock.Clock, publicKey crypto.PublicKey, subject pkix.Name, ...) (*x509.Certificate, error)
func CreateRootCATemplate(clk clock.Clock, subject pkix.Name, ttl time.Duration) (*x509.Certificate, error)
func CreateX509Template(clk clock.Clock, publicKey crypto.PublicKey, subject pkix.Name, ...) (*x509.Certificate, error)
func EncodeCertificate(cert *x509.Certificate) []byte
func EncodeECPrivateKey(privateKey *ecdsa.PrivateKey) ([]byte, error)
func EncodeRSAPrivateKey(privateKey *rsa.PrivateKey) []byte
func GenerateSigner(keyType KeyType) (crypto.Signer, error)
func LoadCertificate(path string) (*x509.Certificate, error)
func LoadCertificates(path string) ([]*x509.Certificate, error)
func LoadECPrivateKey(path string) (crypto.PrivateKey, error)
func LoadPrivateKey(path string) (crypto.PrivateKey, error)
func LoadRSAPrivateKey(path string) (crypto.PrivateKey, error)
func NewSerialNumber() (*big.Int, error)
func ParseCertificate(pemBytes []byte) (*x509.Certificate, error)
func ParseCertificates(pemBytes []byte) ([]*x509.Certificate, error)
func ParseECPrivateKey(derBytes []byte) (crypto.PrivateKey, error)
func ParseECPrivateKeyPEM(pemBlocks []byte) (interface{}, error)
func ParseRSAPrivateKey(derBytes []byte) (crypto.PrivateKey, error)
func ParseRSAPrivateKeyPEM(pemBlocks []byte) (interface{}, error)
func SelfSignX509(template *x509.Certificate) (*x509.Certificate, crypto.PrivateKey, error)
func SignX509(template, parent *x509.Certificate, signerPrivateKey crypto.PrivateKey) (*x509.Certificate, error)
func ValidateBundleDigest(payload, digest []byte) error
func VerifyCertificatePrivateKey(cert *x509.Certificate, privateKey crypto.PrivateKey) error
type KeyType
- func (keyType KeyType) String() string

Constants ¶

View Source

const (
	// DefaultKeyType is the default key type used for generating new keys in Galadriel.
	// TODO: investigate where this should be configurable. For now, this default type is centralized in this constant.
	DefaultKeyType = RSA2048
)

View Source

const (
	// NotBeforeTolerance is used to allow for a small amount of clock skew when
	// validating the NotBefore field of a certificate.
	NotBeforeTolerance = 30 * time.Second
)

Variables ¶

This section is empty.

Functions ¶

func CalculateDigest ¶

func CalculateDigest(data []byte) []byte

CalculateDigest calculates the SHA256 digest of the given data.

func CreateCATemplate ¶

func CreateCATemplate(clk clock.Clock, publicKey crypto.PublicKey, subject pkix.Name, ttl time.Duration) (*x509.Certificate, error)

CreateCATemplate creates a new x509.Certificate template for a CA certificate.

func CreateRootCATemplate ¶

func CreateRootCATemplate(clk clock.Clock, subject pkix.Name, ttl time.Duration) (*x509.Certificate, error)

CreateRootCATemplate creates a new x509.Certificate template for a root CA certificate.

func CreateX509Template ¶

func CreateX509Template(clk clock.Clock, publicKey crypto.PublicKey, subject pkix.Name, uris []*url.URL, dnsNames []string, ttl time.Duration) (*x509.Certificate, error)

CreateX509Template creates a new x509.Certificate template for a leaf certificate.

func EncodeCertificate ¶

func EncodeCertificate(cert *x509.Certificate) []byte

EncodeCertificate encodes the given x509.Certificate into PEM format.

func EncodeECPrivateKey ¶

func EncodeECPrivateKey(privateKey *ecdsa.PrivateKey) ([]byte, error)

EncodeECPrivateKey encodes an RSA private key in PEM format.

func EncodeRSAPrivateKey ¶

func EncodeRSAPrivateKey(privateKey *rsa.PrivateKey) []byte

EncodeRSAPrivateKey encodes an RSA private key in PEM format.

func GenerateSigner ¶

func GenerateSigner(keyType KeyType) (crypto.Signer, error)

GenerateSigner generates a new key for the given key type.

func LoadCertificate ¶

func LoadCertificate(path string) (*x509.Certificate, error)

LoadCertificate loads a x509.Certificate from the given path.

func LoadCertificates ¶

func LoadCertificates(path string) ([]*x509.Certificate, error)

LoadCertificates loads one or more certificates into an []*x509.Certificate from a PEM file.

func LoadECPrivateKey ¶

func LoadECPrivateKey(path string) (crypto.PrivateKey, error)

LoadECPrivateKey loads an EC private key from a file.

func LoadPrivateKey ¶

func LoadPrivateKey(path string) (crypto.PrivateKey, error)

LoadPrivateKey loads a private key from file in PEM format. The key can be either an RSA or EC private key.

func LoadRSAPrivateKey ¶

func LoadRSAPrivateKey(path string) (crypto.PrivateKey, error)

LoadRSAPrivateKey loads an RSA private key from a file.

func NewSerialNumber ¶

func NewSerialNumber() (*big.Int, error)

NewSerialNumber returns a new random serial number in the range [1, 2^63-1].

func ParseCertificate ¶

func ParseCertificate(pemBytes []byte) (*x509.Certificate, error)

ParseCertificate parses a x509.Certificate from the given PEM bytes.

func ParseCertificates ¶

func ParseCertificates(pemBytes []byte) ([]*x509.Certificate, error)

ParseCertificates parses a list of x509.Certificates from the given PEM bytes.

func ParseECPrivateKey ¶

func ParseECPrivateKey(derBytes []byte) (crypto.PrivateKey, error)

ParseECPrivateKey parses an EC private key in PKCS #1, ASN.1 DER form.

func ParseECPrivateKeyPEM ¶

func ParseECPrivateKeyPEM(pemBlocks []byte) (interface{}, error)

ParseECPrivateKeyPEM parses an RSA private key in PEM format.

func ParseRSAPrivateKey ¶

func ParseRSAPrivateKey(derBytes []byte) (crypto.PrivateKey, error)

ParseRSAPrivateKey parses an RSA private key in PKCS #1, ASN.1 DER form.

func ParseRSAPrivateKeyPEM ¶

func ParseRSAPrivateKeyPEM(pemBlocks []byte) (interface{}, error)

ParseRSAPrivateKeyPEM parses an RSA private key in PEM format.

func SelfSignX509 ¶

func SelfSignX509(template *x509.Certificate) (*x509.Certificate, crypto.PrivateKey, error)

SelfSignX509 creates a new self-signed x509.Certificate based on the given template. Returns the signed certificate and the private key used to sign it.

func SignX509 ¶

func SignX509(template, parent *x509.Certificate, signerPrivateKey crypto.PrivateKey) (*x509.Certificate, error)

SignX509 creates a new x509.Certificate based on the given template. The parent certificate is the issuer of the new certificate. The signerPrivateKey is used to sign the new certificate.

func ValidateBundleDigest ¶

func ValidateBundleDigest(payload, digest []byte) error

ValidateBundleDigest validates the given payload against the given digest.

func VerifyCertificatePrivateKey ¶

func VerifyCertificatePrivateKey(cert *x509.Certificate, privateKey crypto.PrivateKey) error

VerifyCertificatePrivateKey verifies that the private key matches the public key in the certificate.

Types ¶

type KeyType ¶

type KeyType int

KeyType represents the types of keys.

const (
	KeyTypeUnset KeyType = iota
	ECP256
	ECP384
	RSA2048
	RSA4096
)

func (KeyType) String ¶

func (keyType KeyType) String() string

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL