Documentation ¶
Index ¶
- type KeyFobService
- func (s KeyFobService) DeleteKey(ctx context.Context, req *proto.DeleteKeyRequest) (*empty.Empty, error)
- func (s KeyFobService) GenerateKey(ctx context.Context, req *proto.GenerateKeyRequest) (*proto.EncryptionKey, error)
- func (s KeyFobService) ListKeys(ctx context.Context, req *proto.ListKeysRequest) (*proto.ListKeysResponse, error)
- type KeyVault
- type StoredKey
- type UserKeyPointer
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type KeyFobService ¶
type KeyFobService struct {
Vault KeyVault
}
KeyFobService implements the KeyFob gRPC service. All keys which are returned are derived from both the key stored in the vault and the provided service key.
func (KeyFobService) DeleteKey ¶
func (s KeyFobService) DeleteKey(ctx context.Context, req *proto.DeleteKeyRequest) (*empty.Empty, error)
DeleteKey permanently deletes a key from the vault.
func (KeyFobService) GenerateKey ¶
func (s KeyFobService) GenerateKey(ctx context.Context, req *proto.GenerateKeyRequest) (*proto.EncryptionKey, error)
GenerateKey fetches a key from the vault matching the key in the request, creating it if it doesn't exist.
func (KeyFobService) ListKeys ¶
func (s KeyFobService) ListKeys(ctx context.Context, req *proto.ListKeysRequest) (*proto.ListKeysResponse, error)
ListKeys returns all the keys which exists for a user in a vault.
type KeyVault ¶
type KeyVault interface { ListKeys(userid uuid.UUID) ([]*StoredKey, error) GetKey(userid uuid.UUID, category string) (*StoredKey, error) // Repeated insertion of key should not update the key. Only the first // key inserted should be persisted. Collision on persistence is not // considered an error. InsertKey(userid uuid.UUID, category string, key []byte) error DeleteKey(userid uuid.UUID, category string) error }
A KeyVault is an abstract description of a secure storage location for root keys.
type UserKeyPointer ¶
UserKeyPointer is a struct which maps out a single cryptographic key from a KeyVault.
func (*UserKeyPointer) CreateKey ¶
func (k *UserKeyPointer) CreateKey(vault KeyVault) error
CreateKey generates and inserts a new root key for the user.
func (*UserKeyPointer) DeleteKey ¶
func (k *UserKeyPointer) DeleteKey(vault KeyVault) error
DeleteKey permanently deletes a key from the vault.
func (*UserKeyPointer) DeriveKey ¶
func (k *UserKeyPointer) DeriveKey(vault KeyVault) ([]byte, error)
DeriveKey fetches the root key for the user within the data category and combines it with the service key to derive a new key which the service can use to encrypt data securely.
The service key must be longer than 128 bits.
func (*UserKeyPointer) ListUserKeys ¶
func (k *UserKeyPointer) ListUserKeys(vault KeyVault) ([]*StoredKey, error)
ListUserKeys lists all keys for a user combined with the service key to lower the number of round-trips that a service needs to do in order to decrypt user data.