webkms

package
v0.1.6-0...-5c25bcb Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 1, 2021 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type RemoteCrypto 

type RemoteCrypto struct {
	// contains filtered or unexported fields
}

RemoteCrypto implementation of kms.KeyManager api.

func New 

func New(keystoreURL string, client *http.Client, opts ...webkmsimpl.Opt) *RemoteCrypto

New creates a new remoteCrypto instance using http client connecting to keystoreURL.

func (*RemoteCrypto) ComputeMAC 

func (r *RemoteCrypto) ComputeMAC(data []byte, keyURL interface{}) ([]byte, error)

ComputeMAC remotely computes message authentication code (MAC) for code data with key at keyURL. using a matching MAC primitive in kh key handle.

func (*RemoteCrypto) Decrypt 

func (r *RemoteCrypto) Decrypt(cipher, aad, nonce []byte, keyURL interface{}) ([]byte, error)

Decrypt will remotely decrypt cipher with aad and given nonce using a matching AEAD primitive in a remote key handle at keyURL of a private key. returns: 

plainText in []byte
error in case of errors

func (*RemoteCrypto) Encrypt 

func (r *RemoteCrypto) Encrypt(msg, aad []byte, keyURL interface{}) ([]byte, []byte, error)

Encrypt will remotely encrypt msg and aad using a matching AEAD primitive in a remote key handle at keyURL of a public key. returns: 

cipherText in []byte
nonce in []byte
error in case of errors during encryption

func (*RemoteCrypto) Sign 

func (r *RemoteCrypto) Sign(msg []byte, keyURL interface{}) ([]byte, error)

Sign will remotely sign msg using a matching signature primitive in remote kh key handle at keyURL of a private key. returns: 

signature in []byte
error in case of errors

func (*RemoteCrypto) UnwrapKey 

func (r *RemoteCrypto) UnwrapKey(recWK *crypto.RecipientWrappedKey, keyURL interface{},
	opts ...crypto.WrapKeyOpts) ([]byte, error)

UnwrapKey remotely unwraps a key in recWK using recipient private key found at keyURL. 'opts' allows setting the option sender key handle using WithSender() optionwhere the sender key handle consists of a remote key located in the option as a keyURL. This options allows ECDH-1PU key unwrapping (aka Authcrypt). The absence of this option uses ECDH-ES key unwrapping (aka Anoncrypt). returns: 

unwrapped key in raw bytes
error in case of errors

func (*RemoteCrypto) Verify 

func (r *RemoteCrypto) Verify(signature, msg []byte, keyURL interface{}) error

Verify will remotely verify a signature for the given msg using a matching signature primitive in a remote key handle at keyURL of a public key. returns: 

error in case of errors or nil if signature verification was successful

func (*RemoteCrypto) VerifyMAC 

func (r *RemoteCrypto) VerifyMAC(mac, data []byte, keyURL interface{}) error

VerifyMAC remotely determines if mac is a correct authentication code (MAC) for data using a key at KeyURL using a matching MAC primitive in kh key handle and returns nil if so, otherwise it returns an error.

func (*RemoteCrypto) WrapKey 

func (r *RemoteCrypto) WrapKey(cek, apu, apv []byte, recPubKey *crypto.PublicKey,
	opts ...crypto.WrapKeyOpts) (*crypto.RecipientWrappedKey, error)

WrapKey will remotely execute key wrapping of cek using apu, apv and recipient public key 'recPubKey'. 'opts' allows setting the option sender key handle using WithSender() option where the sender key handle consists of a remote key located in the option as a keyURL. This option allows ECDH-1PU key wrapping (aka Authcrypt). The absence of this option uses ECDH-ES key wrapping (aka Anoncrypt). 

RecipientWrappedKey containing the wrapped cek value
error in case of errors

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.