Documentation ¶
Index ¶
- Constants
- func ValidReference(ref string) error
- type SignerVerifier
- func (h SignerVerifier) CreateKey(_ context.Context, algorithm string) (crypto.PublicKey, error)
- func (h *SignerVerifier) CryptoSigner(ctx context.Context, errFunc func(error)) (crypto.Signer, crypto.SignerOpts, error)
- func (h *SignerVerifier) DefaultAlgorithm() string
- func (h SignerVerifier) PublicKey(_ ...signature.PublicKeyOption) (crypto.PublicKey, error)
- func (h *SignerVerifier) Sign(ctx context.Context, payload []byte) ([]byte, []byte, error)
- func (h SignerVerifier) SignMessage(message io.Reader, opts ...signature.SignOption) ([]byte, error)
- func (h *SignerVerifier) SupportedAlgorithms() []string
- func (h SignerVerifier) VerifySignature(sig, message io.Reader, opts ...signature.VerifyOption) error
Constants ¶
const ( // use a consistent key for cache lookups CacheKey = "signer" ReferenceScheme = "hashivault://" )
const ( Algorithm_ECDSA_P256 = "ecdsa-p256" Algorithm_ECDSA_P384 = "ecdsa-p384" Algorithm_ECDSA_P521 = "ecdsa-p521" Algorithm_ED25519 = "ed25519" Algorithm_RSA_2048 = "rsa-2048" Algorithm_RSA_3072 = "rsa-3072" Algorithm_RSA_4096 = "rsa-4096" )
Variables ¶
This section is empty.
Functions ¶
func ValidReference ¶
Types ¶
type SignerVerifier ¶
type SignerVerifier struct {
// contains filtered or unexported fields
}
func LoadSignerVerifier ¶
func LoadSignerVerifier(referenceStr string, hashFunc crypto.Hash) (*SignerVerifier, error)
LoadSignerVerifier generates signatures using the specified key object in Vault and hash algorithm.
It also can verify signatures (via a remote vall to the Vault instance). hashFunc should be set to crypto.Hash(0) if the key referred to by referenceStr is an ED25519 signing key.
func (SignerVerifier) CreateKey ¶
CreateKey attempts to create a new key in Vault with the specified algorithm.
func (*SignerVerifier) CryptoSigner ¶
func (h *SignerVerifier) CryptoSigner(ctx context.Context, errFunc func(error)) (crypto.Signer, crypto.SignerOpts, error)
func (*SignerVerifier) DefaultAlgorithm ¶
func (h *SignerVerifier) DefaultAlgorithm() string
func (SignerVerifier) PublicKey ¶
func (h SignerVerifier) PublicKey(_ ...signature.PublicKeyOption) (crypto.PublicKey, error)
PublicKey returns the public key that can be used to verify signatures created by this signer. All options provided in arguments to this method are ignored.
func (SignerVerifier) SignMessage ¶
func (h SignerVerifier) SignMessage(message io.Reader, opts ...signature.SignOption) ([]byte, error)
SignMessage signs the provided message using Hashivault KMS. If the message is provided, this method will compute the digest according to the hash function specified when the HashivaultSigner was created.
SignMessage recognizes the following Options listed in order of preference:
- WithDigest()
All other options are ignored if specified.
func (*SignerVerifier) SupportedAlgorithms ¶
func (h *SignerVerifier) SupportedAlgorithms() []string
func (SignerVerifier) VerifySignature ¶
func (h SignerVerifier) VerifySignature(sig, message io.Reader, opts ...signature.VerifyOption) error
VerifySignature verifies the signature for the given message. Unless provided in an option, the digest of the message will be computed using the hash function specified when the SignerVerifier was created.
This function returns nil if the verification succeeded, and an error message otherwise.
This function recognizes the following Options listed in order of preference:
- WithDigest()
- WithCryptoSignerOpts()
All other options are ignored if specified.