filekms

package
v0.0.0-...-94a1697 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 4, 2024 License: MIT Imports: 15 Imported by: 0

Documentation

Overview

Package filekms implements crypto.Signer and crypto.Decrypter for keys stored on the filesystem.

Unless file is backed by in memory file-system this may be insecure. Keys MUST NOT be password protected. Keys may be base64 encoded.

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Decrypter 

type Decrypter struct {
	// contains filtered or unexported fields
}

Decrypter.

Example 
package main

import (
	"context"
	"crypto/rand"
	"crypto/rsa"
	"fmt"

	"github.com/tprasadtp/cryptokms/filekms"
)

func main() {
	ctx := context.Background()

	// Please replace this with path to your PEM encoded key file.
	keyFile := "internal/testdata/rsa-3072.pem"

	// Create a new Decrypter
	decrypter, err := filekms.NewDecrypter(keyFile)
	if err != nil {
		// TODO: Handle error
		panic(err)
	}

	// Message you want to encrypt
	// A nod to https://en.wikipedia.org/wiki/Stellar_classification.
	msg := []byte(`Oh Be A Fine Girl Kiss Me`)

	// Encrypt the message using public key.
	encrypted, err := rsa.EncryptOAEP(
		decrypter.HashFunc().New(),
		rand.Reader,
		decrypter.Public().(*rsa.PublicKey),
		msg,
		nil,
	)
	if err != nil {
		// TODO: Handle error
		panic(err)
	}

	// Decrypt the message
	plaintext, err := decrypter.DecryptContext(ctx, nil, encrypted, nil)
	if err != nil {
		// TODO: Handle error
		panic(err)
	}

	fmt.Printf("Plaintext: %s", string(plaintext))
}

Output:

Plaintext: Oh Be A Fine Girl Kiss Me

func NewDecrypter 

func NewDecrypter(path string) (*Decrypter, error)

NewDecrypter returns a new decrypter based on key in the path specified.

func (*Decrypter) Algorithm 

func (d *Decrypter) Algorithm() cryptokms.Algorithm

Algorithm returns key algorithm.

func (*Decrypter) CreatedAt 

func (d *Decrypter) CreatedAt() time.Time

CreatedAt returns time at which the key file was last modified.

func (*Decrypter) Decrypt 

func (d *Decrypter) Decrypt(_ io.Reader, ciphertext []byte, opts crypto.DecrypterOpts) ([]byte, error)

Sign is a wrapper around SignContext.

func (*Decrypter) DecryptContext 

func (d *Decrypter) DecryptContext(ctx context.Context, _ io.Reader, ciphertext []byte, opts crypto.DecrypterOpts) ([]byte, error)

DecryptContext decrypts the message with asymmetric key. The rand parameter is ignored, and it can be nil.

func (*Decrypter) HashFunc 

func (d *Decrypter) HashFunc() crypto.Hash

HashFunc returns the hash algorithm used for computing the digest.

func (*Decrypter) Public 

func (d *Decrypter) Public() crypto.PublicKey

Public returns the public key for the Decrypter.

func (*Decrypter) WithContext 

func (d *Decrypter) WithContext(ctx context.Context) *Decrypter

WithContext adds the given context to the signer.

type Signer 

type Signer struct {
	// contains filtered or unexported fields
}

Signer.

Example 
package main

import (
	"context"
	"encoding/hex"
	"fmt"

	"github.com/tprasadtp/cryptokms"
	"github.com/tprasadtp/cryptokms/filekms"
)

func main() {
	ctx := context.Background()

	// Please replace this with path to your PEM encoded key file.
	keyFile := "internal/testdata/ec-p256.pem"

	// Create a new Signer.
	signer, err := filekms.NewSigner(keyFile)
	if err != nil {
		// TODO: Handle error
		panic(err)
	}

	// Message you want to sign
	// A nod to https://en.wikipedia.org/wiki/Stellar_classification.
	msg := []byte(`Oh Be A Fine Girl Kiss Me`)

	// hash the message you want to sign.
	// with defined hash function.
	h := signer.HashFunc().New()
	h.Write(msg)
	digest := h.Sum(nil)

	// Sign the digest
	signature, err := signer.SignContext(ctx, nil, digest, nil)
	if err != nil {
		// TODO: Handle error
		panic(err)
	}

	// Verify the signature
	err = cryptokms.VerifyDigestSignature(signer.Public(), signer.HashFunc(), digest, signature)
	if err != nil {
		// TODO: Handle error
		panic(err)
	}
	fmt.Printf("Digest   : %s\n", hex.EncodeToString(digest))
	fmt.Printf("Signature: Verified\n")

}

Output:

Digest   : 381d492615cee4337ef441d9fb2e3682c0306fb99b82ff966af4cc5dc8db61b7
Signature: Verified

func NewSigner 

func NewSigner(input string) (*Signer, error)

NewSigner returns a new signer based on key in the path specified.

func (*Signer) Algorithm 

func (s *Signer) Algorithm() cryptokms.Algorithm

Algorithm returns key algorithm.

func (*Signer) CreatedAt 

func (s *Signer) CreatedAt() time.Time

CreatedAt returns time at which the key file was last modified.

func (*Signer) HashFunc 

func (s *Signer) HashFunc() crypto.Hash

HashFunc returns the hash algorithm used for computing the digest.

func (*Signer) Public 

func (s *Signer) Public() crypto.PublicKey

Public returns the public key for the Signer.

func (*Signer) Sign 

func (s *Signer) Sign(_ io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)

Sign is a wrapper around SignContext.

func (*Signer) SignContext 

func (s *Signer) SignContext(ctx context.Context, _ io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)

SignContext signs the given digest with asymmetric key. The random parameter is ignored, and thus it can be as nil and is always set to crypto/rand.Reader.

func (*Signer) WithContext 

func (s *Signer) WithContext(ctx context.Context) *Signer

WithContext adds the given context to the signer.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.