cryptoservice

package

v0.0.0-...-926964d Latest Latest Go to latest Published: Feb 23, 2016 License: Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/mtrmac/notary

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func GenerateCertificate(rootKey data.PrivateKey, gun string, startTime, endTime time.Time) (*x509.Certificate, error)
func GenerateTestingCertificate(signer crypto.Signer, gun string) (*x509.Certificate, error)
type CryptoService
- func NewCryptoService(gun string, keyStores ...trustmanager.KeyStore) *CryptoService

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrNoValidPrivateKey is returned if a key being imported doesn't
	// look like a private key
	ErrNoValidPrivateKey = errors.New("no valid private key found")

	// ErrRootKeyNotEncrypted is returned if a root key being imported is
	// unencrypted
	ErrRootKeyNotEncrypted = errors.New("only encrypted root keys may be imported")

	// ErrNoKeysFoundForGUN is returned if no keys are found for the
	// specified GUN during export
	ErrNoKeysFoundForGUN = errors.New("no keys found for specified GUN")
)

Functions ¶

func GenerateCertificate ¶

func GenerateCertificate(rootKey data.PrivateKey, gun string, startTime, endTime time.Time) (*x509.Certificate, error)

GenerateCertificate generates an X509 Certificate from a template, given a GUN and validity interval

func GenerateTestingCertificate ¶

func GenerateTestingCertificate(signer crypto.Signer, gun string) (*x509.Certificate, error)

GenerateTestingCertificate generates a non-expired X509 Certificate from a template, given a GUN. Good enough for tests where expiration does not really matter; do not use if you care about the policy.

Types ¶

type CryptoService ¶

type CryptoService struct {
	// contains filtered or unexported fields
}

CryptoService implements Sign and Create, holding a specific GUN and keystore to operate on

func NewCryptoService ¶

func NewCryptoService(gun string, keyStores ...trustmanager.KeyStore) *CryptoService

NewCryptoService returns an instance of CryptoService

func (*CryptoService) Create ¶

func (cs *CryptoService) Create(role, algorithm string) (data.PublicKey, error)

Create is used to generate keys for targets, snapshots and timestamps

func (*CryptoService) ExportAllKeys ¶

func (cs *CryptoService) ExportAllKeys(dest io.Writer, newPassphraseRetriever passphrase.Retriever) error

ExportAllKeys exports all keys to an io.Writer in zip format. newPassphraseRetriever will be used to obtain passphrases to use to encrypt the existing keys.

func (*CryptoService) ExportKey ¶

func (cs *CryptoService) ExportKey(dest io.Writer, keyID, role string) error

ExportKey exports the specified private key to an io.Writer in PEM format. The key's existing encryption is preserved.

func (*CryptoService) ExportKeyReencrypt ¶

func (cs *CryptoService) ExportKeyReencrypt(dest io.Writer, keyID string, newPassphraseRetriever passphrase.Retriever) error

ExportKeyReencrypt exports the specified private key to an io.Writer in PEM format. The key is reencrypted with a new passphrase.

func (*CryptoService) ExportKeysByGUN ¶

func (cs *CryptoService) ExportKeysByGUN(dest io.Writer, gun string, passphraseRetriever passphrase.Retriever) error

ExportKeysByGUN exports all keys associated with a specified GUN to an io.Writer in zip format. passphraseRetriever is used to select new passphrases to use to encrypt the keys.

func (*CryptoService) GetKey ¶

func (cs *CryptoService) GetKey(keyID string) data.PublicKey

GetKey returns a key by ID

func (*CryptoService) GetPrivateKey ¶

func (cs *CryptoService) GetPrivateKey(keyID string) (k data.PrivateKey, role string, err error)

GetPrivateKey returns a private key and role if present by ID. It tries to get the key first without a GUN (in which case it's a root key). If that fails, try to get the key with the GUN (non-root key). If that fails, then we don't have the key.

func (*CryptoService) ImportKeysZip ¶

func (cs *CryptoService) ImportKeysZip(zipReader zip.Reader) error

ImportKeysZip imports keys from a zip file provided as an zip.Reader. The keys in the root_keys directory are left encrypted, but the other keys are decrypted with the specified passphrase.

func (*CryptoService) ImportRoleKey ¶

func (cs *CryptoService) ImportRoleKey(pemBytes []byte, role string, newPassphraseRetriever passphrase.Retriever) error

ImportRoleKey imports a private key in PEM format key from a byte array It prompts for the key's passphrase to verify the data and to determine the key ID.

func (*CryptoService) ImportRootKey ¶

func (cs *CryptoService) ImportRootKey(source io.Reader) error

ImportRootKey imports a root in PEM format key from an io.Reader It prompts for the key's passphrase to verify the data and to determine the key ID.

func (*CryptoService) ListAllKeys ¶

func (cs *CryptoService) ListAllKeys() map[string]string

ListAllKeys returns a map of key IDs to role

func (*CryptoService) ListKeys ¶

func (cs *CryptoService) ListKeys(role string) []string

ListKeys returns a list of key IDs valid for the given role

func (*CryptoService) RemoveKey ¶

func (cs *CryptoService) RemoveKey(keyID string) (err error)

RemoveKey deletes a key by ID

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL