signer

package
v1.2.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 14, 2024 License: Apache-2.0 Imports: 41 Imported by: 1

Documentation

Index

Constants

View Source 
const FileScheme = "file"
View Source 
const KMSScheme = "kms"
View Source 
const MemoryScheme = "memory"
View Source 
const TinkScheme = "tink"

Variables

This section is empty.

Functions

func GetPrimaryKey 

func GetPrimaryKey(ctx context.Context, kmsKey, hcVaultToken string) (tink.AEAD, error)

GetPrimaryKey returns a Tink AEAD encryption key from KMS Supports GCP, AWS, and Vault

func HashToAlg added in v1.2.0 

func HashToAlg(signerHashAlg string) (crypto.Hash, error)

func KeyHandleToSigner 

func KeyHandleToSigner(kh *keyset.Handle) (crypto.Signer, error)

KeyHandleToSigner converts a key handle to the crypto.Signer interface. Heavily pulls from Tink's signature and subtle packages.

func NewCryptoSigner 

func NewCryptoSigner(ctx context.Context, hash crypto.Hash, signer, kmsKey, tinkKmsKey, tinkKeysetPath, hcVaultToken, fileSignerPath, fileSignerPasswd string) (crypto.Signer, error)

func NewTimestampingCertWithChain 

func NewTimestampingCertWithChain(signer crypto.Signer) ([]*x509.Certificate, error)

NewTimestampingCertWithChain generates an in-memory certificate chain.

func NewTinkSigner 

func NewTinkSigner(_ context.Context, tinkKeysetPath string, primaryKey tink.AEAD) (crypto.Signer, error)

NewTinkSigner creates a signer by decrypting a local Tink keyset with a remote KMS encryption key

Types

type File 

type File struct {
	crypto.Signer
}

File returns a file-based signer and verifier, used for local testing

func NewFileSigner 

func NewFileSigner(keyPath, keyPass string, hash crypto.Hash) (*File, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.