keymaster

package
v0.0.0-...-9be813a Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 5, 2018 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Overview

Package keymaster supports the concept of keysets. A signature may be verified by any one of many public keys, while only one active key is used sign new messages.

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrKeyNotExist occurs when the key being removed does not exist.
	ErrKeyNotExist = errors.New("key does not exist")
)

Functions

func NewSignerFromRawKey 

func NewSignerFromRawKey(b []byte) (signatures.Signer, error)

NewSignerFromRawKey creates a signer object from given raw key bytes.

func Unmarshal 

func Unmarshal(buf []byte, store *KeyMaster) error

Unmarshal unmarshals the provided protobuf into a key store object.

Types

type KeyMaster 

type KeyMaster struct {
	// contains filtered or unexported fields
}

KeyMaster contains all update signing and verification keys.

func New 

func New() *KeyMaster

New creates a new instance of an empty key store.

func (*KeyMaster) Activate 

func (s *KeyMaster) Activate(keyID string) error

Activate activates a list of private keys given their IDs. All other private keys are marked as inactive. Deprecated keys cannot be activated.

func (*KeyMaster) AddSigningKey 

func (s *KeyMaster) AddSigningKey(status kmpb.SigningKey_KeyStatus, description string, key []byte) (string, error)

AddSigningKey adds a new private key to the store.

func (*KeyMaster) AddVerifyingKey 

func (s *KeyMaster) AddVerifyingKey(description string, key []byte) (string, error)

AddVerifyingKey adds a new public key to the store.

func (*KeyMaster) Info 

func (s *KeyMaster) Info() ([]*kmpb.SigningKey, []*kmpb.VerifyingKey, error)

Info returns two list of private and public keys info. The actual key material is not include in the results.

func (*KeyMaster) KeyIDs 

func (s *KeyMaster) KeyIDs() []string

KeyIDs returns a list of all signing and verifying key IDs.

func (*KeyMaster) Marshal 

func (s *KeyMaster) Marshal() ([]byte, error)

Marshal marshals a key store object into a protobuf-formatted byte slice.

func (*KeyMaster) PublicKeys 

func (s *KeyMaster) PublicKeys() ([]*keyspb.PublicKey, error)

PublicKeys returns a list of public keys created using all active public keys.

func (*KeyMaster) RemoveSigningKey 

func (s *KeyMaster) RemoveSigningKey(keyID string) error

RemoveSigningKey marks a private key as deprecated. Keys are not permanently removed. Active keys cannot be removed.

func (*KeyMaster) RemoveVerifyingKey 

func (s *KeyMaster) RemoveVerifyingKey(keyID string) error

RemoveVerifyingKey marks a public key as deprecated. Keys are not permanently removed. If the key being removed is the only non-deprecated one, it cannot be deleted. This prevents account lockout.

func (*KeyMaster) Signer 

func (s *KeyMaster) Signer(keyID string) (Signer, error)

Signer returns a signer object given the corresponding key ID.

func (*KeyMaster) Signers 

func (s *KeyMaster) Signers() []signatures.Signer

Signers returns a list of signers created using all active private keys.

type Signer 

type Signer interface {
	signatures.Signer
	// Status returns the status of the signer.
	Status() kmpb.SigningKey_KeyStatus
	// Activate activates the signer.
	Activate()
	// Deactivate deactivates the signer.
	Deactivate()
	// Deprecate sets the signer status to DEPRECATED.
	Deprecate()
	// Marshal marshals a signer object into a keymaster SigningKey message.
	Marshal() (*kmpb.SigningKey, error)
	// Clone creates a new instance of the signer object
	Clone() Signer
}

Signer represents an object that can generate signatures with a single key.

func NewSigner 

func NewSigner(s signatures.Signer, addedAt time.Time,
	description string, status kmpb.SigningKey_KeyStatus) Signer

NewSigner creates a signer object from a private key.

func NewSignerFromPEM 

func NewSignerFromPEM(pemKey []byte) (Signer, error)

NewSignerFromPEM parses a PEM formatted block and returns a signer object created using that block.

type Verifier 

type Verifier interface {
	signatures.Verifier
	// Status returns the status of the verifier.
	Status() kmpb.VerifyingKey_KeyStatus
	// Deprecate sets the verifier status to DEPRECATED.
	Deprecate()
	// Marshal marshals a verifier object into a keymaster VerifyingKey
	// message.
	Marshal() (*kmpb.VerifyingKey, error)
	// Clone creates a new instance of the verifier object
	Clone() Verifier
}

Verifier represents an object that can verify signatures with a single key.

func NewVerifier 

func NewVerifier(v signatures.Verifier, addedAt time.Time,
	description string, status kmpb.VerifyingKey_KeyStatus) Verifier

NewVerifier creates a verifier from a public key.

func NewVerifierFromKey 

func NewVerifierFromKey(key *keyspb.PublicKey) (Verifier, error)

NewVerifierFromKey creates a verifier object from a PublicKey proto object.

func NewVerifierFromPEM 

func NewVerifierFromPEM(pemKey []byte) (Verifier, error)

NewVerifierFromPEM parses a PEM formatted block and returns a verifier object created using that block.

func NewVerifierFromRawKey 

func NewVerifierFromRawKey(b []byte) (Verifier, error)

NewVerifierFromRawKey creates a verifier object from given raw key bytes.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.