Documentation ¶
Overview ¶
This package contains the implementation of all cryptographic utilities used by this client library.
Index ¶
- Variables
- func ConvertPublicKey(publicKey crypto.PublicKey) ([]byte, error)
- func CreatePublicKeyHash(publicKey crypto.PublicKey) (string, error)
- func CreatePublicKeyHashBin(publicKey []byte) (string, error)
- func CreateReaderId(data []byte) (string, error)
- func DecipherAESCBC(key, iv, encrypted []byte) ([]byte, int, error)
- func DecipherJSON(key, iv, encrypted []byte) (string, error)
- func DecryptRSAWithPrivate(privateKey *rsa.PrivateKey, encrypted []byte) ([]byte, error)
- func DecryptWithPrivate(privateKey crypto.PrivateKey, encrypted []byte) ([]byte, error)
- func LoadCertificate(certificateFile string) ([]*x509.Certificate, error)
- func LoadCertificateWithKey(certificateFile string, keyFile string) (tls.Certificate, error)
- func LoadCertificateWithKeyFromPKCS12(file string, password string) (tls.Certificate, error)
- func LoadPrivateKey(keyFile string) (crypto.PrivateKey, error)
- func ParseCertificate(bytes []byte) ([]*x509.Certificate, error)
- func ParseCertificateWithKeyFromPKCS12(bytes []byte, password string) (tls.Certificate, error)
- func ParsePrivateKey(bytes []byte) (crypto.PrivateKey, error)
- func RemoveISO10126Padding(blockSize int, plain []byte) ([]byte, error)
- func RemoveZeroPadding(plain []byte) []byte
- type ReaderKey
Examples ¶
Constants ¶
This section is empty.
Variables ¶
var ( // The private key is invalid. ErrInvalidPrivateKey = fmt.Errorf("invalid private key") // The public key is invalid. ErrInvalidPublicKey = fmt.Errorf("invalid public key") // The size of the IV is invalid. ErrInvalidBlockCipherIv = fmt.Errorf("invalid block size IV") // The encrypted message is invalid. ErrInvalidEncryptedMessage = fmt.Errorf("invalid encrypted message") // The message padding is invalid. ErrInvalidPadding = fmt.Errorf("invalid message padding") // Invalid certificate file. ErrInvalidCertificateFile = fmt.Errorf("invalid cetificate file") )
var PUBLIC_KEY_HEADER = []byte("PubKey!")
Header of the public key.
Functions ¶
func ConvertPublicKey ¶
Converts the given public key into a format suitable for use with IL2 API.
func CreatePublicKeyHash ¶
Computes the public key hash according to the IL2 standard.
func CreatePublicKeyHashBin ¶
Computes the public key hash according to the IL2 standard.
func CreateReaderId ¶
Creates a probably unique ReaderId from a string of bytes. It may be a key, the certificate payload or even a random value.
Example ¶
// Load the certificate with keys cert, err := LoadCertificateWithKey("certs.pem", "key.pem") if err != nil { os.Exit(0) } // Compute the ID from the certificate bytes. id, err := CreateReaderId(cert.Certificate[0]) if err != nil { os.Exit(0) } fmt.Println(id) // Load the certificate certs, err := LoadCertificate("certs.pem") if err != nil { os.Exit(0) } // Compute the ID from the certificate bytes. id, err = CreateReaderId(certs[0].Raw) if err != nil { os.Exit(0) } fmt.Println(id)
Output:
func DecipherAESCBC ¶
Decipher the specified block using the specified key and IV.
func DecipherJSON ¶
Decipher the specified block using the specified key and IV.
func DecryptRSAWithPrivate ¶
func DecryptRSAWithPrivate(privateKey *rsa.PrivateKey, encrypted []byte) ([]byte, error)
Deciphers the message using the specified private key.
func DecryptWithPrivate ¶
func DecryptWithPrivate(privateKey crypto.PrivateKey, encrypted []byte) ([]byte, error)
Deciphers the message using the specified private key.
func LoadCertificate ¶
func LoadCertificate(certificateFile string) ([]*x509.Certificate, error)
Loads all certificates inside the specified file and returns them as a list. The certificates must be in PEM format.
It fails if there is no certificates to load or if one of them is invalid.
func LoadCertificateWithKey ¶
func LoadCertificateWithKey(certificateFile string, keyFile string) (tls.Certificate, error)
Loads a certificate with its private key. Both the certificate and the key must be in PEM format.
func LoadCertificateWithKeyFromPKCS12 ¶ added in v0.2.0
func LoadCertificateWithKeyFromPKCS12(file string, password string) (tls.Certificate, error)
Loads a certificate with its private key from a PKCS #12 file.
func LoadPrivateKey ¶
func LoadPrivateKey(keyFile string) (crypto.PrivateKey, error)
Loads the private key from a PEM file. It can load RSA, ECDSA and EdDSA keys.
func ParseCertificate ¶ added in v0.2.0
func ParseCertificate(bytes []byte) ([]*x509.Certificate, error)
Parses all certificates inside the specified file and returns them as a list. The certificates must be in PEM format.
It fails if there is no certificates to load or if one of them is invalid.
func ParseCertificateWithKeyFromPKCS12 ¶ added in v0.2.0
func ParseCertificateWithKeyFromPKCS12(bytes []byte, password string) (tls.Certificate, error)
Parses a certificate with its private key from a PKCS #12 file.
func ParsePrivateKey ¶ added in v0.2.0
func ParsePrivateKey(bytes []byte) (crypto.PrivateKey, error)
Parses the private key from a PEM file. It can load RSA, ECDSA and EdDSA keys.
func RemoveISO10126Padding ¶
Remove the ISO 10126 padding and return a subslice of plain that contains the actual data. Due to the way this padding works, it can also removes the PKCS#5, PKCS#7 and ANSI X9.23 padding as they are special cases of ISO 10126 padding.
func RemoveZeroPadding ¶
Remove the padding zero padding and return a subslice of plain that contains the actual data.
Types ¶
type ReaderKey ¶
type ReaderKey interface { /* Returns the public key hash of this key. */ PublicKeyHash() string /* Returns the public key. */ PublicKey() crypto.PublicKey /* Returns the encoded public key suitable to be sent to the node. It returns the encoded key and a reader key id derived from the public key. */ EncodedPublicKey() (string, string, error) /* Unwraps the given wrapped value with the specified private key. */ Unwrap(enc []byte) ([]byte, error) /* Returns true if the private key is present. */ HasPrivateKey() bool }
This is the interface of all reader key. Reader keys are used to decipher some types of payloads stored inside IL2 blocks.
func NewReaderKey ¶
Creates a new ReaderKey from a public and private key.
func NewReaderKeyFromPrivateKey ¶
func NewReaderKeyFromPrivateKey(privateKey crypto.PrivateKey) (ReaderKey, error)
Helper function that attempts to create a new ReaderKey from the private key. It will succeed only if the private key format is known to this function.
For now, only RSA keys are supported.
Example ¶
pair, err := LoadCertificateWithKey("cert.pem", "key.pem") if err != nil { fmt.Printf("Unable to load the key pair: %v\n", err.Error()) os.Exit(1) } rk, err := NewReaderKeyFromPrivateKey(pair.PrivateKey) if err != nil { fmt.Printf("Unable create the ReaderKey: %v\n", err.Error()) os.Exit(1) } fmt.Printf("The public key hash is: %s\n", rk.PublicKeyHash())
Output: