Documentation ¶
Overview ¶
Package gcpkms wraps the Google Cloud KMS Go library to implement Go's crypto.Decrypter crypto.Signer interfaces.
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Decrypter ¶
type Decrypter struct {
// contains filtered or unexported fields
}
Decrypter implements crypto.Decrypter for Google Cloud KMS keys.
func NewDecrypter ¶
func NewDecrypter(ctx context.Context, client *kms.KeyManagementClient, keyID string) (*Decrypter, error)
NewDecrypter creates a new decrypter. The keyID must be in the format projects/p/locations/l/keyRings/r/cryptoKeys/k/cryptoKeyVersions/v.
func (*Decrypter) Decrypt ¶
Decrypt decrypts the given message.
Example ¶
package main import ( "context" "fmt" "log" kms "cloud.google.com/go/kms/apiv1" "github.com/sethvargo/go-gcpkms/pkg/gcpkms" ) var ( ctx = context.Background() kmsClient, _ = kms.NewKeyManagementClient(ctx) ) func main() { // Key is the full resource name keyID := "projects/p/locations/l/keyRings/r/cryptoKeys/k/cryptoKeyVersions/1" // Create the decrypter decrypter, err := gcpkms.NewDecrypter(ctx, kmsClient, keyID) if err != nil { log.Fatal(err) } // Ciphertext to decrypt - this ciphertext would have been encrypted with the // public key ciphertext := []byte("...") // Decrypt the ciphertext plaintext, err := decrypter.Decrypt(nil, ciphertext, nil) if err != nil { log.Fatal(err) } fmt.Println(string(plaintext)) }
Output:
type Signer ¶
type Signer struct {
// contains filtered or unexported fields
}
Signer implements crypto.Signer for Google Cloud KMS keys.
func NewSigner ¶
NewSigner creates a new signer. The keyID must be in the format projects/p/locations/l/keyRings/r/cryptoKeys/k/cryptoKeyVersions/v.
func (*Signer) DigestAlgorithm ¶
DigestAlgorithm returns the hash algorithm used for computing the digest.
func (*Signer) Sign ¶
Sign signs the given digest. Both the io.Reader and crypto.SignerOpts are unused.
Example ¶
package main import ( "context" "crypto/sha512" "fmt" "log" kms "cloud.google.com/go/kms/apiv1" "github.com/sethvargo/go-gcpkms/pkg/gcpkms" ) var ( ctx = context.Background() kmsClient, _ = kms.NewKeyManagementClient(ctx) ) func main() { // Key is the full resource name keyID := "projects/p/locations/l/keyRings/r/cryptoKeys/k/cryptoKeyVersions/1" // Create the signer signer, err := gcpkms.NewSigner(ctx, kmsClient, keyID) if err != nil { log.Fatal(err) } // Message to sign msg := []byte("my message to sign") // Hash the message - this hash must correspond to the KMS key type dig := sha512.Sum512(msg) // Sign the hash sig, err := signer.Sign(nil, dig[:], nil) if err != nil { log.Fatal(err) } fmt.Println(string(sig)) }
Output: