awskms

package module
v0.0.0-...-8cdb0e0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 13, 2020 License: MIT Imports: 10 Imported by: 0

README

awskms

A Go crypto.Signer and crypto.Decrypter implementation for AWS's KMS Asymmetric key support

Documentation

Overview

Package awskms implements a crypto.Signer that uses AWS's KMS service

e.g for creating a suitible key: `aws kms create-key --customer-master-key-spec RSA_2048 --key-usage SIGN_VERIFY` `aws kms create-key --customer-master-key-spec RSA_2048 --key-usage ENCRYPT_DECRYPT`

Index

Constants

View Source 
const (
	// EncryptionAlgorithmOaepSha256 = RSAES_OAEP_SHA_256 (https://docs.aws.amazon.com/kms/latest/APIReference/API_Decrypt.html#KMS-Decrypt-request-EncryptionAlgorithm)
	EncryptionAlgorithmOaepSha256 = kms.AlgorithmSpecRsaesOaepSha256
	// EncryptionAlgorithmOaepSha1 = RSAES_OAEP_SHA_1 (https://docs.aws.amazon.com/kms/latest/APIReference/API_Decrypt.html#KMS-Decrypt-request-EncryptionAlgorithm)
	EncryptionAlgorithmOaepSha1 = kms.AlgorithmSpecRsaesOaepSha1
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Decrypter 

type Decrypter struct {
	// contains filtered or unexported fields
}

Decrypter implents a crypto.Decrypter that uses a RSA key stored in AWS It should be initialized via NewDecrypter

func NewDecrypter 

func NewDecrypter(ctx context.Context, kmssvc kmsiface.KMSAPI, keyID string) (*Decrypter, error)

NewDecrypter will configure a new decrypter using the given KMS client, bound to the given key.

func (*Decrypter) Decrypt 

func (d *Decrypter) Decrypt(rand io.Reader, msg []byte, opts crypto.DecrypterOpts) (plaintext []byte, err error)

Decrypt decrypts msg. If opts are nil, EncryptionAlgorithmOaepSha256 will be used.

func (*Decrypter) Public 

func (d *Decrypter) Public() crypto.PublicKey

Public returns the public key corresponding to the opaque, private key.

type DecrypterOpts 

type DecrypterOpts struct {
	// EncryptionAlgorithm indicates the encryption algorithm that was used.
	// If not set, defaults to EncryptionAlgorithmOaepSha256
	EncryptionAlgorithm EncryptionAlgorithm
}

DecrypterOpts implements crypto.DecrypterOpts for this Decrypter

type EncryptionAlgorithm 

type EncryptionAlgorithm string

EncryptionAlgorithm https://docs.aws.amazon.com/kms/latest/APIReference/API_Decrypt.html#KMS-Decrypt-request-EncryptionAlgorithm

type Signer 

type Signer struct {
	// contains filtered or unexported fields
}

Signer is a crypto.Signer that uses a AWS KMS backed key. It should be initialized via NewSigner

func NewSigner 

func NewSigner(ctx context.Context, kmssvc kmsiface.KMSAPI, keyID string) (*Signer, error)

NewSigner will configure a new Signer using the given KMS client, bound to the given key.

func (*Signer) Public 

func (s *Signer) Public() crypto.PublicKey

Public returns the public key corresponding to the opaque, private key.

func (*Signer) Sign 

func (s *Signer) Sign(_ io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error)

Sign signs digest with the private key. By default, for an RSA key a PKCS#1 v1.5 signature, and for an EC key a DER-serialised, ASN.1 signature structure will be returned. If the passed options are a *rsa.PSSOptions, the RSA key will return a PSS signature.

Hash is required, as must correspond to a hash the KMS service supports.

rand is unused.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.