Documentation ¶
Overview ¶
Package tpmkeys provides an implementation of crypto.Signer and crypto.Decrypter for a private key resident on a TPM 2.0 (Trusted Platform Module) device.
It is designed for use with the google/go-tpm/tpm2 package and enables TPM-resident keys to be used transparently with Go standard library packages such as crypto and tls.
Index ¶
- type PrivateKey
- func NewFromActiveHandle(rw io.ReadWriter, handle uint32, password string) (*PrivateKey, error)
- func NewFromBlobs(path string, parent uint32, parentPassword string, pubBlob, privBlob []byte, ...) (*PrivateKey, error)
- func NewFromPersistentHandle(path string, handle uint32, password string) (*PrivateKey, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type PrivateKey ¶
type PrivateKey struct {
// contains filtered or unexported fields
}
PrivateKey represents a private key resident on a TPM 2.0 device. RSA and ECC private keys are supported for signing, and only RSA keys are supported for encryption.
func NewFromActiveHandle ¶
func NewFromActiveHandle(rw io.ReadWriter, handle uint32, password string) (*PrivateKey, error)
NewFromActiveHandle returns a private key object representing the key referred to by the specified active handle. The caller is responsible for ensuring that the handle for the key is not changed, and the io.ReadWriter is not closed, until the returned key will no longer be used. Since this function accepts an io.ReadWriter, is it also suitable for connecting to a TPM simulator.
func NewFromBlobs ¶
func NewFromBlobs( path string, parent uint32, parentPassword string, pubBlob, privBlob []byte, password string, ) (*PrivateKey, error)
NewFromBlobs returns a private key object representing the key referred to by the provided public and private area blobs. A connection to the TPM is opened and closed, and the key loaded and flushed, with each use of the key, so the returned key is usable for as long as the parent key remains at the specified persistent handle.
func NewFromPersistentHandle ¶
func NewFromPersistentHandle(path string, handle uint32, password string) (*PrivateKey, error)
NewFromPersistentHandle returns a private key object representing the key referred to by the specified persistent handle, using the TPM at the specified path. A connection to the TPM is opened and closed with each use of the key, so the returned key is usable for as long as the key remains at that persistent handle.
func (*PrivateKey) Decrypt ¶
func (k *PrivateKey) Decrypt(rand io.Reader, msg []byte, opts crypto.DecrypterOpts) ([]byte, error)
Decrypt decrypts msg with the private key.
func (*PrivateKey) Public ¶
func (k *PrivateKey) Public() crypto.PublicKey
Public returns the public key corresponding to the opaque private key.
func (*PrivateKey) Sign ¶
func (k *PrivateKey) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)
Sign signs digest with the private key.