gcpkms

package

v0.2.0 Latest Latest Go to latest Published: Mar 23, 2023 License: Apache-2.0 Imports: 12 Imported by: 3

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/sethvargo/go-gcpkms

Links

Open Source Insights

Documentation ¶

Overview ¶

Package gcpkms wraps the Google Cloud KMS Go library to implement Go's crypto.Decrypter crypto.Signer interfaces.

Index ¶

type Decrypter
- func NewDecrypter(ctx context.Context, client *kms.KeyManagementClient, keyID string) (*Decrypter, error)
type Signer
- func NewSigner(ctx context.Context, client *kms.KeyManagementClient, keyID string) (*Signer, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Decrypter ¶

type Decrypter struct {
	// contains filtered or unexported fields
}

Decrypter implements crypto.Decrypter for Google Cloud KMS keys.

func NewDecrypter ¶

func NewDecrypter(ctx context.Context, client *kms.KeyManagementClient, keyID string) (*Decrypter, error)

NewDecrypter creates a new decrypter. The keyID must be in the format projects/p/locations/l/keyRings/r/cryptoKeys/k/cryptoKeyVersions/v.

func (*Decrypter) Decrypt ¶

func (d *Decrypter) Decrypt(_ io.Reader, msg []byte, _ crypto.DecrypterOpts) ([]byte, error)

Decrypt decrypts the given message.

Example ¶

package main

import (
	"context"
	"fmt"
	"log"

	kms "cloud.google.com/go/kms/apiv1"
	"github.com/sethvargo/go-gcpkms/pkg/gcpkms"
)

var (
	ctx          = context.Background()
	kmsClient, _ = kms.NewKeyManagementClient(ctx)
)

func main() {
	// Key is the full resource name
	keyID := "projects/p/locations/l/keyRings/r/cryptoKeys/k/cryptoKeyVersions/1"

	// Create the decrypter
	decrypter, err := gcpkms.NewDecrypter(ctx, kmsClient, keyID)
	if err != nil {
		log.Fatal(err)
	}

	// Ciphertext to decrypt - this ciphertext would have been encrypted with the
	// public key
	ciphertext := []byte("...")

	// Decrypt the ciphertext
	plaintext, err := decrypter.Decrypt(nil, ciphertext, nil)
	if err != nil {
		log.Fatal(err)
	}

	fmt.Println(string(plaintext))
}

Output:

func (*Decrypter) Public ¶

func (d *Decrypter) Public() crypto.PublicKey

Public returns the public key for the decrypter.

func (*Decrypter) WithContext ¶

func (d *Decrypter) WithContext(ctx context.Context) *Decrypter

WithContext adds the given context to the decrypter. Normally this would be passed as the first argument to Decrypt, but the current interface does not accept a context.

type Signer ¶

type Signer struct {
	// contains filtered or unexported fields
}

Signer implements crypto.Signer for Google Cloud KMS keys.

func NewSigner ¶

func NewSigner(ctx context.Context, client *kms.KeyManagementClient, keyID string) (*Signer, error)

NewSigner creates a new signer. The keyID must be in the format projects/p/locations/l/keyRings/r/cryptoKeys/k/cryptoKeyVersions/v.

func (*Signer) DigestAlgorithm ¶

func (s *Signer) DigestAlgorithm() crypto.Hash

DigestAlgorithm returns the hash algorithm used for computing the digest.

func (*Signer) Public ¶

func (s *Signer) Public() crypto.PublicKey

Public returns the public key for the signer.

func (*Signer) Sign ¶

func (s *Signer) Sign(_ io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)

Sign signs the given digest. Both the io.Reader and crypto.SignerOpts are unused.

Example ¶

package main

import (
	"context"
	"crypto/sha512"
	"fmt"
	"log"

	kms "cloud.google.com/go/kms/apiv1"
	"github.com/sethvargo/go-gcpkms/pkg/gcpkms"
)

var (
	ctx          = context.Background()
	kmsClient, _ = kms.NewKeyManagementClient(ctx)
)

func main() {
	// Key is the full resource name
	keyID := "projects/p/locations/l/keyRings/r/cryptoKeys/k/cryptoKeyVersions/1"

	// Create the signer
	signer, err := gcpkms.NewSigner(ctx, kmsClient, keyID)
	if err != nil {
		log.Fatal(err)
	}

	// Message to sign
	msg := []byte("my message to sign")

	// Hash the message - this hash must correspond to the KMS key type
	dig := sha512.Sum512(msg)

	// Sign the hash
	sig, err := signer.Sign(nil, dig[:], nil)
	if err != nil {
		log.Fatal(err)
	}

	fmt.Println(string(sig))
}

Output:

func (*Signer) WithContext ¶

func (s *Signer) WithContext(ctx context.Context) *Signer

WithContext adds the given context to the signer. Normally this would be passed as the first argument to Sign, but the current interface does not accept a context.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL