Documentation ¶
Overview ¶
Package filesystem provides a common filesystem-based implementation of KeyStore.
Index ¶
- Variables
- func CustomKeyStore(backend backend.Backend, cryptosuite *crypto.KeyStoreSuite) (api.MutableKeyStore, error)
- func IsKeyDirectory(keyDirPath string, extractor *args.ServiceExtractor) bool
- func NewInMemory(cryptosuite *crypto.KeyStoreSuite) (api.MutableKeyStore, error)
- func OpenDirectory(rootDir string, cryptosuite *crypto.KeyStoreSuite) (api.KeyStore, error)
- func OpenDirectoryRW(rootDir string, cryptosuite *crypto.KeyStoreSuite) (api.MutableKeyStore, error)
- type KeyRing
- func (r *KeyRing) AddKey(key api.KeyDescription) (int, error)
- func (r *KeyRing) AllKeys() ([]int, error)
- func (r *KeyRing) CurrentKey() (int, error)
- func (r *KeyRing) DestroyKey(seqnum int) error
- func (r *KeyRing) Formats(seqnum int) ([]api.KeyFormat, error)
- func (r *KeyRing) PrivateKey(seqnum int, format api.KeyFormat) ([]byte, error)
- func (r *KeyRing) PublicKey(seqnum int, format api.KeyFormat) ([]byte, error)
- func (r *KeyRing) SetCurrent(seqnum int) error
- func (r *KeyRing) SetState(seqnum int, newState api.KeyState) error
- func (r *KeyRing) State(seqnum int) (api.KeyState, error)
- func (r *KeyRing) SymmetricKey(seqnum int, format api.KeyFormat) ([]byte, error)
- func (r *KeyRing) ValidSince(seqnum int) (time.Time, error)
- func (r *KeyRing) ValidUntil(seqnum int) (time.Time, error)
- type KeyStore
- func (s *KeyStore) Close() error
- func (s *KeyStore) DescribeKeyRing(path string) (*keystoreV1.KeyDescription, error)
- func (s *KeyStore) DescribeRotatedKeyRing(path string) ([]keystoreV1.KeyDescription, error)
- func (s *KeyStore) ExportKeyRings(paths []string, cryptosuite *crypto.KeyStoreSuite, mode keystoreV1.ExportMode) ([]byte, error)
- func (s *KeyStore) ImportKeyRings(exportData []byte, cryptosuite *crypto.KeyStoreSuite, ...) ([]string, error)
- func (s *KeyStore) ListKeyRings() (rings []string, err error)
- func (s *KeyStore) OpenKeyRing(path string) (api.KeyRing, error)
- func (s *KeyStore) OpenKeyRingRW(path string) (api.MutableKeyRing, error)
Constants ¶
This section is empty.
Variables ¶
var ( ErrKeyRingExists = errors.New("imported key ring already exists") ErrNoPublicData = errors.New("key has no public data") )
Errors returned by export/import routines.
var (
ErrNotImplemented = errors.New("not implemented")
)
Errors returned by basic keystore.
Functions ¶
func CustomKeyStore ¶
func CustomKeyStore(backend backend.Backend, cryptosuite *crypto.KeyStoreSuite) (api.MutableKeyStore, error)
CustomKeyStore returns a configurable filesystem-based keystore. This constructor is useful if you want to provide a custom filesystem backend.
The backend will be closed when this keystore is closed, so a backend instance generally cannot be shared between keystores.
func IsKeyDirectory ¶
func IsKeyDirectory(keyDirPath string, extractor *args.ServiceExtractor) bool
IsKeyDirectory checks if the directory contains a keystore version 2. This is a conservative check. That is, positive return value does not mean that the directory contains *a valid* keystore. However, false value means that the directory is definitely not a valid keystore. In particular, false is returned if the directory does not exists or cannot be opened.
func NewInMemory ¶
func NewInMemory(cryptosuite *crypto.KeyStoreSuite) (api.MutableKeyStore, error)
NewInMemory returns a new, empty in-memory keystore. This is mostly useful for testing.
func OpenDirectory ¶
OpenDirectory opens a read-only keystore located in given directory.
func OpenDirectoryRW ¶
func OpenDirectoryRW(rootDir string, cryptosuite *crypto.KeyStoreSuite) (api.MutableKeyStore, error)
OpenDirectoryRW opens a keystore located in given directory. If the directory does not exist it will be created.
Types ¶
type KeyRing ¶
type KeyRing struct {
// contains filtered or unexported fields
}
KeyRing is a KeyRing provided by KeyStore. It provides a snapshot of data which might be outdated.
func (*KeyRing) AddKey ¶
func (r *KeyRing) AddKey(key api.KeyDescription) (int, error)
AddKey appends a key to the key ring based on its description. Newly added key is returned if you wish to inspect or modify its state. Current key is not changed when a new key is added.
func (*KeyRing) CurrentKey ¶
CurrentKey returns current key of this key ring, if available.
func (*KeyRing) DestroyKey ¶
DestroyKey erases key data (but keeps the key in the key ring).
func (*KeyRing) PrivateKey ¶
PrivateKey data in given format, if available.
func (*KeyRing) SetCurrent ¶
SetCurrent makes this key current in its key ring.
func (*KeyRing) SymmetricKey ¶
SymmetricKey data in given format, if available.
func (*KeyRing) ValidSince ¶
ValidSince returns the time before which the key cannot be used.
type KeyStore ¶
type KeyStore struct {
// contains filtered or unexported fields
}
KeyStore is a filesystem-like keystore which keeps key rings in files.
What exactly is the underlying filesystem is somewhat flexible and controlled by filesystem.Backend. Normally this is an actual filesystem but there are alternative implementations.
func (*KeyStore) DescribeKeyRing ¶
func (s *KeyStore) DescribeKeyRing(path string) (*keystoreV1.KeyDescription, error)
DescribeKeyRing describes key ring by its purpose path.
func (*KeyStore) DescribeRotatedKeyRing ¶
func (s *KeyStore) DescribeRotatedKeyRing(path string) ([]keystoreV1.KeyDescription, error)
DescribeRotatedKeyRing return KeyDescription list of rotated keys
func (*KeyStore) ExportKeyRings ¶
func (s *KeyStore) ExportKeyRings(paths []string, cryptosuite *crypto.KeyStoreSuite, mode keystoreV1.ExportMode) ([]byte, error)
ExportKeyRings packages specified key rings for export. Key ring data is encrypted and signed using given cryptosuite. Resulting container can be imported into existing or different keystore with ImportKeyRings().
func (*KeyStore) ImportKeyRings ¶
func (s *KeyStore) ImportKeyRings(exportData []byte, cryptosuite *crypto.KeyStoreSuite, delegate api.KeyRingImportDelegate) ([]string, error)
ImportKeyRings unpacks key rings packaged by ExportKeyRings. The provided cryptosuite is used to verify the signature on the container and decrypt key ring data. Optional delegate can be used to control various aspects of the import process, such as conflict resolution. Returns a list of processed key rings.
func (*KeyStore) ListKeyRings ¶
ListKeyRings enumerates all key rings present in this keystore.
func (*KeyStore) OpenKeyRing ¶
OpenKeyRing opens an existing key ring at given path.
func (*KeyStore) OpenKeyRingRW ¶
func (s *KeyStore) OpenKeyRingRW(path string) (api.MutableKeyRing, error)
OpenKeyRingRW opens a modifiable key ring at given path.
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
Package backend provides a common filesystem Backend interface for filesystem.KeyStore as well as some basic implementations of it.
|
Package backend provides a common filesystem Backend interface for filesystem.KeyStore as well as some basic implementations of it. |
api
Package api defines abstract backend interface.
|
Package api defines abstract backend interface. |
api/tests
Package tests provides conformity test suite for KeyStore Backend API.
|
Package tests provides conformity test suite for KeyStore Backend API. |