Documentation ¶
Overview ¶
Package asn1 contains descriptions of ASN.1 data structures used by Keystore.
Index ¶
- Constants
- Variables
- type ContentType
- type DirectKeyDirectory
- type EncryptedKeys
- type Key
- type KeyData
- type KeyDirectory
- type KeyDirectoryReference
- type KeyFormat
- type KeyRing
- type KeyRingReference
- type KeyState
- type LikelyUTF8String
- type PrivateKey
- type PublicKey
- type Signature
- type SignedContainer
- type SignedPayload
- type SymmetricKey
- type VerifiedContainer
- type VerifiedPayload
Constants ¶
const (
KeyRingVersion2 = 2
)
Common Version constants:
const NoKey = -1
NoKey indicates absence of key, such as for current key indication.
Variables ¶
var (
ErrExtraData = fmt.Errorf("unexpected extra ASN.1 data")
)
Errors returned by ASN.1 processing:
var ( // http://oid-info.com/get/2.16.840.1.101.3.4.2.1 Sha256OID = asn1.ObjectIdentifier([]int{2, 16, 840, 1, 101, 3, 4, 2, 1}) )
Miscellaneous ASN.1 constants:
Functions ¶
This section is empty.
Types ¶
type ContentType ¶
type ContentType asn1.Enumerated
ContentType identifies "Data" field of SignedContainer objects.
const ( TypeKeyRing ContentType = iota + 1 TypeKeyDirectory TypeDirectKeyDirectory TypeEncryptedKeys )
Common ContentType constants:
type DirectKeyDirectory ¶
type DirectKeyDirectory struct { Name LikelyUTF8String KeyRings []KeyRing `asn1:"set,optional,tag:1"` Children []DirectKeyDirectory `asn1:"set,optional,tag:2"` }
DirectKeyDirectory contains key rings or other key directories. It has a name by which it can be referred to. Child key rings and directories are contained as immediate objects.
type EncryptedKeys ¶
type EncryptedKeys struct {
KeyRings []KeyRing `asn1:"set"`
}
EncryptedKeys is a set of key rings. It is typically used for backup purposes or to transfer keys between machines. SignedContainer actually contains an OCTET STRING with DER serialization of this object encrypted with Themis Secure Cell.
func UnmarshalEncryptedKeys ¶
func UnmarshalEncryptedKeys(data []byte) (*EncryptedKeys, error)
UnmarshalEncryptedKeys constructs EncryptedKeys from serialized representation.
func (*EncryptedKeys) Marshal ¶
func (keys *EncryptedKeys) Marshal() ([]byte, error)
Marshal into bytes.
type Key ¶
type Key struct { Seqnum int State KeyState ValidSince time.Time `asn1:"utc"` ValidUntil time.Time `asn1:"utc"` Data []KeyData `asn1:"set"` }
Key stored in the keystore. The key is identified by its content and can have multiple representations. It also has some metadata pertaining to its usage restrictions.
type KeyData ¶
type KeyData struct { Format KeyFormat PublicKey PublicKey `asn1:"optional,tag:1"` PrivateKey PrivateKey `asn1:"optional,tag:2"` SymmetricKey SymmetricKey `asn1:"optional,tag:3"` }
KeyData in a particular format.
type KeyDirectory ¶
type KeyDirectory struct { Name LikelyUTF8String KeyRings []KeyRingReference `asn1:"set,optional,tag:1"` Children []KeyDirectoryReference `asn1:"set,optional,tag:2"` }
KeyDirectory contains key rings or other key directories. It has a name by which it can be referred to.
func UnmarshalKeyDirectory ¶
func UnmarshalKeyDirectory(data []byte) (*KeyDirectory, error)
UnmarshalKeyDirectory constructs a KeyDirectory from serialized representation.
type KeyDirectoryReference ¶
type KeyDirectoryReference struct { Name LikelyUTF8String Signatures []Signature `asn1:"set"` }
KeyDirectoryReference to a child subdirectory, not included into KeyDirectory object directly. However it can be located in some external memory using its name and the current directory path. Signature are also provided for integrity validation. The directory should be packed in SignedContainer.
type KeyRing ¶
type KeyRing struct { Purpose LikelyUTF8String Keys []Key Current int }
KeyRing holds multiple versions of a key used for the same purpose. Keys are usually ordered from oldest to newest, with new keys added to the back of the sequence. One key in a key ring may be designated as 'current'.
func UnmarshalKeyRing ¶
UnmarshalKeyRing constructs a KeyRing from serialized representation.
type KeyRingReference ¶
type KeyRingReference struct { Name LikelyUTF8String Signatures []Signature `asn1:"set"` }
KeyRingReference to a child key ring, not included into KeyDirectory object directly. However it can be located in some external memory using its name and the current directory path. Signatures are also provided for integrity validation. The key ring should be packed in SignedContainer.
type LikelyUTF8String ¶
type LikelyUTF8String []byte
LikelyUTF8String is used where human-readable UTF-8 is expected, but arbitrary bytes have to be actually allowed.
type Signature ¶
type Signature struct { Algorithm asn1.ObjectIdentifier Signature []byte }
Signature for SignedContainer. A container can have multiple signatures made with different algorithms, enabling future-proofing, extensibility, and collision resistance. Signatures are computed for the "Payload" of SignedContainer, usually with HMAC keyed by the keystore master key. The signing algorithm is indicated by the "Algorithm" field.
type SignedContainer ¶
type SignedContainer struct { Payload SignedPayload Signatures []Signature `asn1:"set"` }
SignedContainer for a signed object. Every exported object of the keystore is packed into a SignedContainer for storage. For example, file-based key store keeps a file for each key directory. Every file contains a SignedContainer with "ContentType" equal to 'TypeKeyDirectory' and a KeyDirectory stored in its "Data" field.
func (*SignedContainer) Marshal ¶
func (container *SignedContainer) Marshal() ([]byte, error)
Marshal into bytes.
type SignedPayload ¶
type SignedPayload struct { ContentType ContentType Version int LastModified time.Time `asn1:"utc"` Data interface{} }
SignedPayload contains payload for SignedContainer before marshaling.
func (*SignedPayload) Marshal ¶
func (payload *SignedPayload) Marshal() ([]byte, error)
Marshal into bytes.
type VerifiedContainer ¶
type VerifiedContainer struct { Payload VerifiedPayload Signatures []Signature `asn1:"set"` }
VerifiedContainer is an unmarshaled form of SignedContainer.
func UnmarshalVerifiedContainer ¶
func UnmarshalVerifiedContainer(data []byte) (*VerifiedContainer, error)
UnmarshalVerifiedContainer constructs a VerifiedContainer from serialized representation.
type VerifiedPayload ¶
type VerifiedPayload struct { RawContent asn1.RawContent ContentType ContentType Version int LastModified time.Time `asn1:"utc"` Data asn1.RawValue }
VerifiedPayload contains payload of VerifiedContainer after unmarshaling.