boulder: github.com/letsencrypt/boulder/goodkey Index | Files

package goodkey

import "github.com/letsencrypt/boulder/goodkey"

Index

Package Files

blocked.go good_key.go weak.go

type KeyPolicy Uses

type KeyPolicy struct {
    AllowRSA           bool // Whether RSA keys should be allowed.
    AllowECDSANISTP256 bool // Whether ECDSA NISTP256 keys should be allowed.
    AllowECDSANISTP384 bool // Whether ECDSA NISTP384 keys should be allowed.
    // contains filtered or unexported fields
}

KeyPolicy determines which types of key may be used with various boulder operations.

func NewKeyPolicy Uses

func NewKeyPolicy(weakKeyFile, blockedKeyFile string) (KeyPolicy, error)

NewKeyPolicy returns a KeyPolicy that allows RSA, ECDSA256 and ECDSA384. weakKeyFile contains the path to a JSON file containing truncated modulus hashes of known weak RSA keys. If this argument is empty RSA modulus hash checking will be disabled. blockedKeyFile contains the path to a YAML file containing Base64 encoded SHA256 hashes of pkix subject public keys that should be blocked. If this argument is empty then no blocked key checking is performed.

func (*KeyPolicy) GoodKey Uses

func (policy *KeyPolicy) GoodKey(key crypto.PublicKey) error

GoodKey returns true if the key is acceptable for both TLS use and account key use (our requirements are the same for either one), according to basic strength and algorithm checking. TODO: Support JSONWebKeys once go-jose migration is done.

type WeakRSAKeys Uses

type WeakRSAKeys struct {
    // contains filtered or unexported fields
}

func LoadWeakRSASuffixes Uses

func LoadWeakRSASuffixes(path string) (*WeakRSAKeys, error)

func (*WeakRSAKeys) Known Uses

func (wk *WeakRSAKeys) Known(key *rsa.PublicKey) bool

Package goodkey imports 16 packages (graph) and is imported by 104 packages. Updated 2019-11-15. Refresh now. Tools for package owners.