localcert

package

v1.7.1 Latest Latest Go to latest Published: Mar 19, 2024 License: BSD-3-Clause Imports: 17 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/microsoft/go-mssqldb

Links

Open Source Insights

Documentation ¶

Rendered for

Index ¶

Constants
Variables
type InvalidCertificatePathError
- func (i *InvalidCertificatePathError) Error() string
- func (i *InvalidCertificatePathError) Unwrap() error
type Provider

Constants ¶

View Source

const (
	PfxKeyProviderName = "pfx"
)

Variables ¶

View Source

var PfxKeyProvider = Provider{AllowedLocations: make([]string, 0), /* contains filtered or unexported fields */}

Functions ¶

This section is empty.

Types ¶

type InvalidCertificatePathError ¶

type InvalidCertificatePathError struct {
	// contains filtered or unexported fields
}

InvalidCertificatePathError indicates the provided path could not be used to load a certificate

func (*InvalidCertificatePathError) Error ¶

func (i *InvalidCertificatePathError) Error() string

func (*InvalidCertificatePathError) Unwrap ¶

func (i *InvalidCertificatePathError) Unwrap() error

type Provider ¶

type Provider struct {

	// AllowedLocations constrains which locations the provider will use to find certificates. If empty, all locations are allowed.
	// When presented with a key store path not in the allowed list, the data will be returned still encrypted.
	AllowedLocations []string
	// contains filtered or unexported fields
}

Provider uses local certificates to decrypt CEKs It supports both 'MSSQL_CERTIFICATE_STORE' and 'pfx' key stores. MSSQL_CERTIFICATE_STORE key paths are of the form `storename/storepath/thumbprint` and only supported on Windows clients. pfx key paths are absolute file system paths that are operating system dependent.

func (*Provider) DecryptColumnEncryptionKey ¶

func (p *Provider) DecryptColumnEncryptionKey(ctx context.Context, masterKeyPath string, encryptionAlgorithm string, encryptedCek []byte) (decryptedKey []byte, err error)

DecryptColumnEncryptionKey decrypts the specified encrypted value of a column encryption key. The encrypted value is expected to be encrypted using the column master key with the specified key path and using the specified algorithm.

func (*Provider) EncryptColumnEncryptionKey ¶

func (p *Provider) EncryptColumnEncryptionKey(ctx context.Context, masterKeyPath string, encryptionAlgorithm string, cek []byte) (buf []byte, err error)

EncryptColumnEncryptionKey encrypts a column encryption key using the column master key with the specified key path and using the specified algorithm.

func (*Provider) KeyLifetime ¶

func (p *Provider) KeyLifetime() *time.Duration

KeyLifetime is an optional Duration. Keys fetched by this provider will be discarded after their lifetime expires. If it returns nil, the keys will expire based on the value of ColumnEncryptionKeyLifetime. If it returns zero, the keys will not be cached.

func (Provider) SetCertificatePassword ¶

func (p Provider) SetCertificatePassword(location string, password string)

SetCertificatePassword stores the password associated with the certificate at the given location. If location is empty the given password applies to all certificates that have not been explicitly assigned a value.

func (*Provider) SignColumnMasterKeyMetadata ¶

func (p *Provider) SignColumnMasterKeyMetadata(ctx context.Context, masterKeyPath string, allowEnclaveComputations bool) ([]byte, error)

SignColumnMasterKeyMetadata digitally signs the column master key metadata with the column master key referenced by the masterKeyPath parameter. The input values used to generate the signature should be the specified values of the masterKeyPath and allowEnclaveComputations parameters. May return an empty slice if not supported.

func (*Provider) VerifyColumnMasterKeyMetadata ¶

func (p *Provider) VerifyColumnMasterKeyMetadata(ctx context.Context, masterKeyPath string, allowEnclaveComputations bool) (*bool, error)

VerifyColumnMasterKeyMetadata verifies the specified signature is valid for the column master key with the specified key path and the specified enclave behavior. Return nil if not supported.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL