awskmscrypto

package
v0.19.156 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 29, 2024 License: Apache-2.0 Imports: 23 Imported by: 2

Documentation

Index

Constants

View Source
const ProviderName = "AWSKMS"

ProviderName specifies a provider name

Variables

View Source
var KmsClientFactory = func(cfg aws.Config, optFns ...func(*kms.Options)) KmsClient {
	return kms.NewFromConfig(cfg, optFns...)
}

KmsClientFactory override for unittest

Functions

func KmsLoader

KmsLoader provides loader for KMS provider

func NewSigner

func NewSigner(keyID string, label string, signingAlgorithms []types.SigningAlgorithmSpec, publicKey crypto.PublicKey, kmsClient KmsClient) crypto.Signer

NewSigner creates new signer

Types

type KmsClient

type KmsClient interface {
	CreateKey(context.Context, *kms.CreateKeyInput, ...func(*kms.Options)) (*kms.CreateKeyOutput, error)
	//IdentifyKey(priv crypto.PrivateKey) (keyID, label string, err error)
	ListKeys(context.Context, *kms.ListKeysInput, ...func(*kms.Options)) (*kms.ListKeysOutput, error)
	ScheduleKeyDeletion(context.Context, *kms.ScheduleKeyDeletionInput, ...func(*kms.Options)) (*kms.ScheduleKeyDeletionOutput, error)
	DescribeKey(context.Context, *kms.DescribeKeyInput, ...func(*kms.Options)) (*kms.DescribeKeyOutput, error)
	GetPublicKey(context.Context, *kms.GetPublicKeyInput, ...func(*kms.Options)) (*kms.GetPublicKeyOutput, error)
	Sign(context.Context, *kms.SignInput, ...func(*kms.Options)) (*kms.SignOutput, error)
}

KmsClient interface

type Provider

type Provider struct {
	// contains filtered or unexported fields
}

Provider implements Provider interface for KMS

func Init

func Init(tc cryptoprov.TokenConfig) (*Provider, error)

Init configures Kms based hsm impl

func (*Provider) Close

func (p *Provider) Close() error

Close allocated resources and file reloader

func (*Provider) CurrentSlotID

func (p *Provider) CurrentSlotID() uint

CurrentSlotID returns current slot id. For KMS only one slot is assumed to be available.

func (*Provider) DestroyKeyPairOnSlot

func (p *Provider) DestroyKeyPairOnSlot(slotID uint, keyID string) error

DestroyKeyPairOnSlot destroys key pair on slot. For KMS slotID is ignored and KMS retire API is used to destroy the key.

func (*Provider) EnumKeys

func (p *Provider) EnumKeys(slotID uint, prefix string) ([]cryptoprov.KeyInfo, error)

EnumKeys returns list of keys on the slot. For KMS slotID is ignored.

func (*Provider) EnumTokens

func (p *Provider) EnumTokens(currentSlotOnly bool) ([]cryptoprov.TokenInfo, error)

EnumTokens lists tokens. For KMS currentSlotOnly is ignored and only one slot is assumed to be available.

func (*Provider) ExportKey

func (p *Provider) ExportKey(keyID string) (string, []byte, error)

ExportKey returns PKCS#11 URI for specified key ID. It does not return key bytes

func (*Provider) FindKeyPairOnSlot

func (p *Provider) FindKeyPairOnSlot(slotID uint, keyID, label string) (crypto.PrivateKey, error)

FindKeyPairOnSlot retrieves a previously created asymmetric key, using a specified slot.

func (*Provider) GenerateECDSAKey

func (p *Provider) GenerateECDSAKey(label string, curve elliptic.Curve) (crypto.PrivateKey, error)

GenerateECDSAKey creates signer using randomly generated ECDSA key

func (*Provider) GenerateRSAKey

func (p *Provider) GenerateRSAKey(label string, bits int, purpose int) (crypto.PrivateKey, error)

GenerateRSAKey creates signer using randomly generated RSA key

func (*Provider) GetKey

func (p *Provider) GetKey(keyID string) (crypto.PrivateKey, error)

GetKey returns pkcs11 uri for the given key id

func (*Provider) IdentifyKey

func (p *Provider) IdentifyKey(priv crypto.PrivateKey) (keyID, label string, err error)

IdentifyKey returns key id and label for the given private key

func (*Provider) KeyInfo

func (p *Provider) KeyInfo(slotID uint, keyID string, includePublic bool) (*cryptoprov.KeyInfo, error)

KeyInfo retrieves info about key with the specified id

func (*Provider) Manufacturer

func (p *Provider) Manufacturer() string

Manufacturer returns manufacturer for the provider

func (*Provider) Model

func (p *Provider) Model() string

Model returns model for the provider

type Signer

type Signer struct {
	// contains filtered or unexported fields
}

Signer implements crypto.Signer interface

func (*Signer) KeyID

func (s *Signer) KeyID() string

KeyID returns key id of the signer

func (*Signer) Label

func (s *Signer) Label() string

Label returns key label of the signer

func (*Signer) Public

func (s *Signer) Public() crypto.PublicKey

Public returns public key for the signer

func (*Signer) Sign

func (s *Signer) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error)

Sign implements signing operation

func (*Signer) String

func (s *Signer) String() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL