dkeyczar: github.com/dgryski/dkeyczar Index | Files | Directories

package dkeyczar

import "github.com/dgryski/dkeyczar"

Package dkeyczar is a simplified wrapper around Go's native cryptography libraries.

It is modeled after and compatible with Google's Keyczar library (http://keyczar.org)

Sample usage is:

reader := NewFileReader("/path/to/keys")
crypter := NewCrypter(reader)
ciphertext := crypter.Encrypt(plaintext)

Decryption, Signing and Verification use the same minimal API.

Encrypted data and signatures are encoded with web-safe base64.

Index

Package Files

errors.go keyczar.go keydata.go keyinfo.go keyman.go readers.go util.go

Constants

const (
    T_AES keyType = iota
    T_HMAC_SHA1
    T_DSA_PRIV
    T_DSA_PUB
    T_RSA_PRIV
    T_RSA_PUB
)
const (
    S_PRIMARY keyStatus = iota
    S_ACTIVE
    S_INACTIVE
)
const (
    P_DECRYPT_AND_ENCRYPT keyPurpose = iota
    P_ENCRYPT
    P_SIGN_AND_VERIFY
    P_VERIFY
    P_TEST
)

Variables

var (
    ErrBadVersion          = errors.New("keyczar: bad version number in header")
    ErrBase64Decoding      = errors.New("keyczar: error during base64 decode")
    ErrInvalidSignature    = errors.New("keyczar: invalid ciphertext signature")
    ErrKeyNotFound         = errors.New("keyczar: key not found")
    ErrNoPrimaryKey        = errors.New("keyczar: no primary key found")
    ErrShortCiphertext     = errors.New("keyczar: input too short to be valid ciphertext")
    ErrShortSignature      = errors.New("keyczar: input too short to be valid signature")
    ErrUnsupportedType     = errors.New("keyczar: invalid type in input")
    ErrUnacceptablePurpose = errors.New("keyczar: unacceptable key purpose")
    ErrInvalidKeySize      = errors.New("keyczar: bad key size")
    ErrNoSuchKeyVersion    = errors.New("keyczar: no such key version")
)

type Crypter Uses

type Crypter interface {
    Encrypter
    // Decrypt returns the plaintext bytes of an encrypted string
    Decrypt(ciphertext string) ([]uint8, error)
}

A Crypter can used for encrypting or decrypting

func NewCrypter Uses

func NewCrypter(r KeyReader) (Crypter, error)

NewCrypter returns an object capable of encrypting and decrypting using the key provded by the reader

func NewPBECrypter Uses

func NewPBECrypter(password []byte) Crypter

NewPBECrypter returns a Crypter for encrypting and decrypting password-based keys

func NewSessionDecrypter Uses

func NewSessionDecrypter(crypter Crypter, sessionKeys string) (Crypter, error)

NewSessionDecrypter decrypts the sessionKeys string and returns a new Crypter using these keys.

func NewSessionEncrypter Uses

func NewSessionEncrypter(encrypter Encrypter) (Crypter, string, error)

NewSessionEncrypter returns an Encrypter that has been initailized with a random session key. This key material is encrypted with crypter and returned.

type Encrypter Uses

type Encrypter interface {
    KeyczarEncodingController
    KeyczarCompressionController
    // Encrypt returns an encrypted string representing the plaintext bytes passed.
    Encrypt(plaintext []uint8) (string, error)
}

An Encrypter can be used for encrypting

func NewEncrypter Uses

func NewEncrypter(r KeyReader) (Encrypter, error)

NewEncrypter returns an object capable of encrypting using the key provded by the reader

func NewPBEEncrypter Uses

func NewPBEEncrypter(password []byte) Encrypter

type KeyManager Uses

type KeyManager interface {
    Create(name string, purpose keyPurpose, ktype keyType) error
    Load(reader KeyReader) error
    AddKey(size uint, status keyStatus) error
    Promote(version int)
    Demote(version int)
    // Revoke
    PubKeys() KeyManager
    // Write
    ToJSONs(encrypter Encrypter) []string
}

KeyManager handles all aspects of dealing with keyczar key files

func NewKeyManager Uses

func NewKeyManager() KeyManager

NewKeyManager returns a new KeyManager

type KeyReader Uses

type KeyReader interface {
    // GetMetadata returns the meta information for this key
    GetMetadata() (string, error)
    // GetKey returns the key material for a particular version of this key
    GetKey(version int) (string, error)
}

KeyReader provides an interface for returning information about a particular key.

func ImportRSAKeyFromPEMForCrypt Uses

func ImportRSAKeyFromPEMForCrypt(location string) (KeyReader, error)

ImportRSAKeyFromPEMForCrypt returns a KeyReader for the RSA Private Key contained in the PEM file specified in the location. The resulting key can be used for encryption and decryption only

func ImportRSAKeyFromPEMForSigning Uses

func ImportRSAKeyFromPEMForSigning(location string) (KeyReader, error)

ImportRSAKeyFromPEMForSigning returns a KeyReader for the RSA Private Key contained in the PEM file specified in the location. The resulting key can be used for signing and verification only

func ImportRSAPublicKeyFromCertificateForCrypt Uses

func ImportRSAPublicKeyFromCertificateForCrypt(location string) (KeyReader, error)

ImportRSAPublicKeyFromCertificateForCrypt returns a KeyReader for the RSA Public Key contained in the certificate file specified in the location. The resulting key can be used for encryption only.

func ImportRSAPublicKeyFromCertificateForVerify Uses

func ImportRSAPublicKeyFromCertificateForVerify(location string) (KeyReader, error)

ImportRSAPublicKeyFromCertificateForVerify returns a KeyReader for the RSA Public Key contained in the certificate file specified in the location. The resulting key can be used for verification only.

func ImportRSAPublicKeyFromPEMForEncryption Uses

func ImportRSAPublicKeyFromPEMForEncryption(location string) (KeyReader, error)

ImportRSAPublicKeyFromPEMForEncryption returns a KeyReader for the RSA Public Key contained in the PEM file specified in the location. The resulting key can be used for encryption only.

func ImportRSAPublicKeyFromPEMForVerify Uses

func ImportRSAPublicKeyFromPEMForVerify(location string) (KeyReader, error)

ImportRSAPublicKeyFromPEMForVerify returns a KeyReader for the RSA Public Key contained in the PEM file specified in the location. The resulting key can be used for verification only.

func NewEncryptedReader Uses

func NewEncryptedReader(reader KeyReader, crypter Crypter) KeyReader

NewEncryptedReader returns a KeyReader which decrypts the key returned by the wrapped 'reader'.

func NewFileReader Uses

func NewFileReader(location string) KeyReader

NewFileReader returns a KeyReader that reads a keyczar key from a directory on the file system.

func NewPBEReader Uses

func NewPBEReader(reader KeyReader, password []byte) KeyReader

NewPBEReader returns a KeyReader which decrypts keys encrypted with password-based encryption

type KeyczarCompression Uses

type KeyczarCompression int
const (
    NO_COMPRESSION KeyczarCompression = iota // Do not compress the plaintext before encrypting [default]
    GZIP                                     // Use gzip compression
    ZLIB                                     // Use zlib compression
)

type KeyczarCompressionController Uses

type KeyczarCompressionController interface {
    // Set the current compression level
    SetCompression(compression KeyczarCompression)
    // Return the current compression level
    Compression() KeyczarCompression
}

type KeyczarEncoding Uses

type KeyczarEncoding int
const (
    BASE64W     KeyczarEncoding = iota // Encode the output with web-safe base64 [default]
    NO_ENCODING                        // Do not encode the output
)

type KeyczarEncodingController Uses

type KeyczarEncodingController interface {
    // Set the current output encoding
    SetEncoding(encoding KeyczarEncoding)
    // Return the current output encoding
    Encoding() KeyczarEncoding
}

type SignedDecrypter Uses

type SignedDecrypter interface {
    KeyczarEncodingController
    KeyczarCompressionController
    // Decrypt returns the plaintext bytes of an encrypted string
    Decrypt(ciphertext string) ([]uint8, error)
}

A SignedDecrypter can be used for decrypting and verifying

func NewSignedDecrypter Uses

func NewSignedDecrypter(r KeyReader, verifier Verifier, nonce []byte) (SignedDecrypter, error)

func NewSignedSessionDecrypter Uses

func NewSignedSessionDecrypter(crypter Crypter, verifier Verifier, sessionKeys string) (SignedDecrypter, error)

NewSignedSessionDecrypter decrypts the sessionKeys string and returns a new Crypter using these keys.

type SignedEncrypter Uses

type SignedEncrypter interface {
    KeyczarEncodingController
    KeyczarCompressionController
    // Encrypt returns an encrypted string representing the plaintext bytes passed.
    Encrypt(plaintext []uint8) (string, error)
}

A SignedEncrypter can be used for encrypting and signing

func NewSignedEncrypter Uses

func NewSignedEncrypter(r KeyReader, signer Signer, nonce []byte) (SignedEncrypter, error)

func NewSignedSessionEncrypter Uses

func NewSignedSessionEncrypter(encrypter Encrypter, signer Signer) (SignedEncrypter, string, error)

NewSignedSessionEncrypter returns an Encrypter that has been initailized with a random session key. This key material is encrypted with crypter and returned.

type Signer Uses

type Signer interface {
    Verifier
    // Sign returns a cryptographic signature for the message
    Sign(message []byte) (string, error)
    AttachedSign(message []byte, nonce []byte) (string, error)

    // TimeoutSign returns a signature for the message that is valid until expiration
    // expiration should be milliseconds since 1/1/1970 GMT
    TimeoutSign(message []byte, expiration int64) (string, error)

    // UnversionedSign signs the message with a plain, non-Keyczar-tagged signature
    UnversionedSign(message []byte) (string, error)
}

A Signer can be used for signing and verification

func NewSigner Uses

func NewSigner(r KeyReader) (Signer, error)

NewSigner returns an object capable of creating and verifying signatures using the key provded by the reader

type Verifier Uses

type Verifier interface {
    KeyczarEncodingController
    // Verify checks the cryptographic signature for a message
    Verify(message []byte, signature string) (bool, error)
    AttachedVerify(signedMessage string, nonce []byte) ([]byte, error)

    // TimeoutVerify checks the cryptographic signature for a message and ensure it hasn't expired.
    TimeoutVerify(message []byte, signature string) (bool, error)

    // UnversionedVerify checks the plained, non-Keyczar-tagged cryptographic signature for a message
    UnversionedVerify(message []byte, signature string) (bool, error)
}

A Verifier can be used for verification

func NewVerifier Uses

func NewVerifier(r KeyReader) (Verifier, error)

NewVerifier returns an object capable of verifying signatures using the key provded by the reader

func NewVerifierTimeProvider Uses

func NewVerifierTimeProvider(r KeyReader, t currentTime) (Verifier, error)

NewVerifierTimeProvider returns an object verifying signatures valid for a certain period

Directories

PathSynopsis
compat
keyczart

Package dkeyczar imports 26 packages (graph) and is imported by 5 packages. Updated 2019-01-20. Refresh now. Tools for package owners.