awskmscrypto

package
v0.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 8, 2022 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	SignRsaPssSha256   = "RSASSA_PSS_SHA_256"
	SignRsaPssSha384   = "RSASSA_PSS_SHA_384"
	SignRsaPssSha512   = "RSASSA_PSS_SHA_512"
	SignRsaPkcs1Sha256 = "RSASSA_PKCS1_V1_5_SHA_256"
	SignRsaPkcs1Sha384 = "RSASSA_PKCS1_V1_5_SHA_384"
	SignRsaPkcs1Sha512 = "RSASSA_PKCS1_V1_5_SHA_512"
)

Supported signature types by AWS KMS

View Source 
const ProviderName = "AWSKMS"

ProviderName specifies a provider name

Variables

View Source 
var KmsClientFactory = func(p client.ConfigProvider, cfgs ...*aws.Config) (KmsClient, error) {
	return kms.New(p, cfgs...), nil
}

KmsClientFactory override for unittest

Functions

func KmsLoader 

func KmsLoader(tc cryptoprov.TokenConfig) (cryptoprov.Provider, error)

KmsLoader provides loader for KMS provider

func NewSigner 

func NewSigner(keyID string, label string, signingAlgorithms []string, publicKey crypto.PublicKey, kmsClient KmsClient) crypto.Signer

NewSigner creates new signer

Types

type KmsClient 

type KmsClient interface {
	CreateKey(input *kms.CreateKeyInput) (*kms.CreateKeyOutput, error)
	//IdentifyKey(priv crypto.PrivateKey) (keyID, label string, err error)
	ListKeys(options *kms.ListKeysInput) (*kms.ListKeysOutput, error)
	ScheduleKeyDeletion(input *kms.ScheduleKeyDeletionInput) (*kms.ScheduleKeyDeletionOutput, error)
	DescribeKey(input *kms.DescribeKeyInput) (*kms.DescribeKeyOutput, error)
	GetPublicKey(input *kms.GetPublicKeyInput) (*kms.GetPublicKeyOutput, error)
	Sign(input *kms.SignInput) (*kms.SignOutput, error)
}

KmsClient interface

type Provider 

type Provider struct {
	// contains filtered or unexported fields
}

Provider implements Provider interface for KMS

func Init 

func Init(tc cryptoprov.TokenConfig) (*Provider, error)

Init configures Kms based hsm impl

func (*Provider) Close 

func (p *Provider) Close() error

Close allocated resources and file reloader

func (*Provider) CurrentSlotID 

func (p *Provider) CurrentSlotID() uint

CurrentSlotID returns current slot id. For KMS only one slot is assumed to be available.

func (*Provider) DestroyKeyPairOnSlot 

func (p *Provider) DestroyKeyPairOnSlot(slotID uint, keyID string) error

DestroyKeyPairOnSlot destroys key pair on slot. For KMS slotID is ignored and KMS retire API is used to destroy the key.

func (*Provider) EnumKeys 

func (p *Provider) EnumKeys(slotID uint, prefix string, keyInfoFunc func(id, label, typ, class, currentVersionID string, creationTime *time.Time) error) error

EnumKeys returns list of keys on the slot. For KMS slotID is ignored.

func (*Provider) EnumTokens 

func (p *Provider) EnumTokens(currentSlotOnly bool, slotInfoFunc func(slotID uint, description, label, manufacturer, model, serial string) error) error

EnumTokens lists tokens. For KMS currentSlotOnly is ignored and only one slot is assumed to be available.

func (*Provider) ExportKey 

func (p *Provider) ExportKey(keyID string) (string, []byte, error)

ExportKey returns PKCS#11 URI for specified key ID. It does not return key bytes

func (*Provider) FindKeyPairOnSlot 

func (p *Provider) FindKeyPairOnSlot(slotID uint, keyID, label string) (crypto.PrivateKey, error)

FindKeyPairOnSlot retrieves a previously created asymmetric key, using a specified slot.

func (*Provider) GenerateECDSAKey 

func (p *Provider) GenerateECDSAKey(label string, curve elliptic.Curve) (crypto.PrivateKey, error)

GenerateECDSAKey creates signer using randomly generated ECDSA key

func (*Provider) GenerateRSAKey 

func (p *Provider) GenerateRSAKey(label string, bits int, purpose int) (crypto.PrivateKey, error)

GenerateRSAKey creates signer using randomly generated RSA key

func (*Provider) GetKey 

func (p *Provider) GetKey(keyID string) (crypto.PrivateKey, error)

GetKey returns pkcs11 uri for the given key id

func (*Provider) IdentifyKey 

func (p *Provider) IdentifyKey(priv crypto.PrivateKey) (keyID, label string, err error)

IdentifyKey returns key id and label for the given private key

func (*Provider) KeyInfo 

func (p *Provider) KeyInfo(slotID uint, keyID string, includePublic bool, keyInfoFunc func(id, label, typ, class, currentVersionID, pubKey string, creationTime *time.Time) error) error

KeyInfo retrieves info about key with the specified id

func (*Provider) Manufacturer 

func (p *Provider) Manufacturer() string

Manufacturer returns manufacturer for the provider

func (*Provider) Model 

func (p *Provider) Model() string

Model returns model for the provider

type Signer 

type Signer struct {
	// contains filtered or unexported fields
}

Signer implements crypto.Signer interface

func (*Signer) KeyID 

func (s *Signer) KeyID() string

KeyID returns key id of the signer

func (*Signer) Label 

func (s *Signer) Label() string

Label returns key label of the signer

func (*Signer) Public 

func (s *Signer) Public() crypto.PublicKey

Public returns public key for the signer

func (*Signer) Sign 

func (s *Signer) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error)

Sign implements signing operation

func (*Signer) String 

func (s *Signer) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.