keymaker

package module

v0.0.0-...-12a11d5 Latest Latest Go to latest Published: Dec 17, 2020 License: MIT Imports: 24 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/phensley/go-keymaker

Links

Open Source Insights

README ¶

go-keymaker

Note: work-in-progress

Distributed generation of RSA and ECDSA private keys. Used when a process needs a large number of keys generated securely, without overloading the local host. A pilot process contacts one or more key generation drones using a simple RPC protocol. The pilot uses buffered channels and asynchronous RPC to reduce latency. Channels are created and kept full by background goroutines. Private keys are PEM-encoded PKCS#8.

Primary goal is to keep the system lightweight and simple. A YAML configuration file defines the topology of the system but dynamic discovery of drones using Consul (ZK, Etcd) can be added if desired.

Example

keymaker

Documentation ¶

Index ¶

Constants
func BuildClientTLSConfig(certPEM, keyPEM, bundlePEM []byte) (*tls.Config, error)
func BuildDroneTLSConfig(certPEM, keyPEM, bundlePEM []byte, clientAuth string) (*tls.Config, error)
func CheckKeyType(keyType string) error
func GeneratePrivateKey(keyType string) (crypto.PrivateKey, error)
func LoadClientTLSConfig(configDir string, cfg *ClientConfig) (*tls.Config, error)
func LoadConfig(cfg interface{}, config []byte) error
func LoadConfigFile(cfg interface{}, configPath string) error
func LoadDroneTLSConfig(configDir string, cfg *DroneConfig) (*tls.Config, error)
func LogFail(err error, msg string, args ...interface{})
func MarshalPKCS8PrivateKey(key crypto.PrivateKey) ([]byte, error)
func UnmarshalPEMPrivateKey(raw []byte) (crypto.PrivateKey, []byte, error)
type Client
- func NewClient(config *ClientConfig) (*Client, error)
- func (c *Client) Generate(keyType string) <-chan []byte
- func (c *Client) Stop()
type ClientConfig
type Drone
- func NewDrone(config *DroneConfig) (*Drone, error)
- func (d *Drone) Start() error
type DroneConfig
type KeyResponse
type State
- func (c *State) OK() bool
- func (c *State) Touch()

Constants ¶

View Source

const (
	// RSA1024 1024-bit RSA
	RSA1024 = "RSA1024"
	// RSA2048 2048-bit RSA
	RSA2048 = "RSA2048"
	// RSA4096 4096-bit RSA
	RSA4096 = "RSA4096"

	// ECDSA224 P224 elliptic curve
	ECDSA224 = "ECDSA224"
	// ECDSA256 P256 elliptic curve
	ECDSA256 = "ECDSA256"
	// ECDSA384 P384 elliptic curve
	ECDSA384 = "ECDSA384"
	// ECDSA521 P521 elliptic curve
	ECDSA521 = "ECDSA521"
)

View Source

const (
	// ErrOK - no error occurred
	ErrOK = iota
	// ErrBadRequest - request was invalid
	ErrBadRequest
	// ErrKeyGen - key generation failed
	ErrKeyGen
)

Variables ¶

This section is empty.

Functions ¶

func BuildClientTLSConfig ¶

func BuildClientTLSConfig(certPEM, keyPEM, bundlePEM []byte) (*tls.Config, error)

BuildClientTLSConfig constructs a tls.Config from the given parts

func BuildDroneTLSConfig ¶

func BuildDroneTLSConfig(certPEM, keyPEM, bundlePEM []byte, clientAuth string) (*tls.Config, error)

BuildDroneTLSConfig constructs a tls.Config from the given parts

func CheckKeyType ¶

func CheckKeyType(keyType string) error

CheckKeyType checks if keyType argument is valid

func GeneratePrivateKey ¶

func GeneratePrivateKey(keyType string) (crypto.PrivateKey, error)

GeneratePrivateKey generates a private key of the given type.

func LoadClientTLSConfig ¶

func LoadClientTLSConfig(configDir string, cfg *ClientConfig) (*tls.Config, error)

LoadClientTLSConfig loads in the x509 parts of the client's configuration

func LoadConfig ¶

func LoadConfig(cfg interface{}, config []byte) error

LoadConfig unmarshals YAML and populates a config struct

func LoadConfigFile ¶

func LoadConfigFile(cfg interface{}, configPath string) error

LoadConfigFile unmarshals the YAML contents of configPath and populates a config

func LoadDroneTLSConfig ¶

func LoadDroneTLSConfig(configDir string, cfg *DroneConfig) (*tls.Config, error)

LoadDroneTLSConfig ...

func LogFail ¶

func LogFail(err error, msg string, args ...interface{})

LogFail emits a fatal error message if error argument is non-nil

func MarshalPKCS8PrivateKey ¶

func MarshalPKCS8PrivateKey(key crypto.PrivateKey) ([]byte, error)

MarshalPKCS8PrivateKey encodes a key in PKCS#8 binary

func UnmarshalPEMPrivateKey ¶

func UnmarshalPEMPrivateKey(raw []byte) (crypto.PrivateKey, []byte, error)

UnmarshalPEMPrivateKey decodes a private key from the PEM bytes. It returns the decoded private key along with any remaining bytes.

Types ¶

type Client ¶

type Client struct {
	// Config contains client's configuration
	Config *ClientConfig
	// contains filtered or unexported fields
}

Client contacts one or more drones and generates keys

func NewClient ¶

func NewClient(config *ClientConfig) (*Client, error)

NewClient creates a client which contacts one or more drones

func (*Client) Generate ¶

func (c *Client) Generate(keyType string) <-chan []byte

Generate creates or retrieves a channel which will emit keys. Keys are generated by background worker. This assumes you intend on generating large numbers of the given type of key.

func (*Client) Stop ¶

func (c *Client) Stop()

Stop the client's background workers and close its channels

type ClientConfig ¶

type ClientConfig struct {

	// Dir is the directory for the config file, or cwd.
	Dir string

	// Addresses of drones in the cluster
	Addresses []string

	// BufferSize indicates number of keys to keep in the channel at all times
	BufferSize int `mapstructure:"buffer_size"`

	// Certificate file path containing the client's certificate in PEM
	Certificate string

	// PrivateKey file path containing the client's private key in PEM
	PrivateKey string `mapstructure:"private_key"`

	// CABundle file path containing the CA certificate bundle in PEM. Used to
	// authenticate drone certificates.
	CABundle string `mapstructure:"ca_bundle"`
}

ClientConfig configures a drone client

type Drone ¶

type Drone struct {
	Config *DroneConfig
	// contains filtered or unexported fields
}

Drone defines an RPC service that generates keys

func NewDrone ¶

func NewDrone(config *DroneConfig) (*Drone, error)

NewDrone creates a Drone service

func (*Drone) Start ¶

func (d *Drone) Start() error

Start up the drone service

type DroneConfig ¶

type DroneConfig struct {

	// Dir is the directory for the config file, or cwd.
	Dir string

	// Address and port to listen on
	Address string

	// Concurrency level
	Concurrency int

	// Certificate file path containing the certificate in PEM
	Certificate string

	// PrivateKey file path containing the private key in PEM
	PrivateKey string `mapstructure:"private_key"`

	// CABundle file path containing the CA certificate bundle in PEM. Used to
	// authenticate client certificates.
	CABundle string `mapstructure:"ca_bundle"`

	// ClientAuth indicates strictness of client authentication
	ClientAuth string `mapstructure:"client_auth"`

	// ClientCN is a regular expression to match against the client
	// certificate subject's CommonName
	ClientCNRegexp string `mapstructure:"client_cn_regexp"`
}

DroneConfig configures a Drone

type KeyResponse ¶

type KeyResponse struct {
	Key     []byte
	Error   int
	Message string
}

KeyResponse is the response for a single RPC request

type State ¶

type State struct {
	// contains filtered or unexported fields
}

State represents an initial state.

func (*State) OK ¶

func (c *State) OK() bool

OK if state unchanged

func (*State) Touch ¶

func (c *State) Touch()

Touch changes the state

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
cmd
key-drone
key-testpilot

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL