pkcrypto

package
v0.0.0-...-5f226fc Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 24, 2024 License: MIT Imports: 16 Imported by: 2

Documentation

Overview

Package pkcrypto contains a set of helper functions and constants to perform common cryptographic operations like:

* Signing and verification

* Public and private key generation

* Certification generation

Index

Constants

View Source 
const (
	// BlockLabelEcPrivateKey is the value to define a block label of EC private key
	// (which is used here only for backwards compatibility). Use a general PKCS#8
	// encoding instead.
	BlockLabelEcPrivateKey = "EC PRIVATE KEY"
	// BlockLabelPrivateKey is the value to define a block label of general private key
	// (used for PKCS#8-encoded private keys of type RSA, ECDSA, and others).
	BlockLabelPrivateKey = "PRIVATE KEY"
	// BlockLabelPublicKey is the value to define a block label of general public key
	// (used for PKIX-encoded public keys of type RSA, ECDSA, and others).
	BlockLabelPublicKey = "PUBLIC KEY"
	// BlockLabelCertificate is the value to define a block label of certificates.
	BlockLabelCertificate = "CERTIFICATE"
	// BlockLabelExtension is the value to define a block label of certificate extensions.
	BlockLabelExtension = "EXTENSION"
)
View Source 
const (
	// StorjPSSSaltLength holds the correct value for the PSS salt length
	// when signing with RSA in Storj code and verifying RSA signatures
	// from Storj.
	StorjPSSSaltLength = rsa.PSSSaltLengthAuto

	// StorjRSAKeyBits holds the number of bits to use for new RSA keys
	// by default.
	StorjRSAKeyBits = 2048
)

Variables

View Source 
var (
	// ErrUnsupportedKey is used when key type is not supported.
	ErrUnsupportedKey = errs.Class("unsupported key type")
	// ErrParse is used when an error occurs while parsing a certificate or key.
	ErrParse = errs.Class("unable to parse")
	// ErrSign is used when something goes wrong while generating a signature.
	ErrSign = errs.Class("unable to generate signature")
	// ErrVerifySignature is used when a signature verification error occurs.
	ErrVerifySignature = errs.Class("signature verification")
	// ErrChainLength is used when the length of a cert chain isn't what was expected.
	ErrChainLength = errs.Class("cert chain length")
)

Functions

func CertFromDER 

func CertFromDER(certDER []byte) (*x509.Certificate, error)

CertFromDER parses an X.509 certificate from its DER encoding.

func CertFromPEM 

func CertFromPEM(certPEM []byte) (*x509.Certificate, error)

CertFromPEM parses an X.509 certificate from its PEM-enveloped DER encoding.

func CertToDER 

func CertToDER(cert *x509.Certificate) ([]byte, error)

CertToDER returns the bytes of the certificate, in a DER encoding.

Note that this is fairly useless, as x509.Certificate objects are always supposed to have a member containing the raw DER encoding. But this is included for completeness with the rest of this module's API.

func CertToPEM 

func CertToPEM(cert *x509.Certificate) []byte

CertToPEM returns the bytes of the certificate, in a PEM-enveloped DER encoding.

func CertsFromDER 

func CertsFromDER(rawCerts [][]byte) ([]*x509.Certificate, error)

CertsFromDER parses an x509 certificate from each of the given byte slices, which should be encoded in DER.

func CertsFromPEM 

func CertsFromPEM(pemBytes []byte) ([]*x509.Certificate, error)

CertsFromPEM parses a PEM chain from a single byte string (the PEM-enveloped certificates should be concatenated). The PEM blocks may include PKIX extensions.

func GeneratePrivateECDSAKey 

func GeneratePrivateECDSAKey(curve elliptic.Curve) (*ecdsa.PrivateKey, error)

GeneratePrivateECDSAKey returns a new private ECDSA key for signing messages.

func GeneratePrivateKey 

func GeneratePrivateKey() (crypto.PrivateKey, error)

GeneratePrivateKey returns a new PrivateKey for signing messages.

func GeneratePrivateRSAKey 

func GeneratePrivateRSAKey(bits int) (*rsa.PrivateKey, error)

GeneratePrivateRSAKey returns a new private RSA key for signing messages.

func HashAndSign 

func HashAndSign(key crypto.PrivateKey, data []byte) ([]byte, error)

HashAndSign signs a SHA-256 digest of the given data and returns the new signature.

func HashAndVerifySignature 

func HashAndVerifySignature(key crypto.PublicKey, data, signature []byte) error

HashAndVerifySignature checks that signature was made by the private key corresponding to the given public key, over a SHA-256 digest of the given data. It returns an error if verification fails, or nil otherwise.

func NewHash 

func NewHash() hash.Hash

NewHash returns default hash in storj.

func PrivateKeyFromPEM 

func PrivateKeyFromPEM(keyBytes []byte) (crypto.PrivateKey, error)

PrivateKeyFromPEM parses a private key from its PEM-enveloped PKCS#8 encoding.

func PrivateKeyFromPKCS8 

func PrivateKeyFromPKCS8(keyBytes []byte) (crypto.PrivateKey, error)

PrivateKeyFromPKCS8 parses a private key from its PKCS#8 encoding.

func PrivateKeyToPEM 

func PrivateKeyToPEM(key crypto.PrivateKey) ([]byte, error)

PrivateKeyToPEM serializes a private key to a PEM-enveloped PKCS#8 form.

func PrivateKeyToPKCS8 

func PrivateKeyToPKCS8(key crypto.PrivateKey) ([]byte, error)

PrivateKeyToPKCS8 serializes a private key to a PKCS#8-encoded form.

func PublicKeyEqual 

func PublicKeyEqual(a, b crypto.PublicKey) bool

PublicKeyEqual returns true if two public keys are the same.

func PublicKeyFromPEM 

func PublicKeyFromPEM(pemData []byte) (crypto.PublicKey, error)

PublicKeyFromPEM parses a public key from its PEM-enveloped PKIX encoding.

func PublicKeyFromPKIX 

func PublicKeyFromPKIX(pkixData []byte) (crypto.PublicKey, error)

PublicKeyFromPKIX parses a public key from its PKIX encoding.

func PublicKeyFromPrivate 

func PublicKeyFromPrivate(privKey crypto.PrivateKey) (crypto.PublicKey, error)

PublicKeyFromPrivate returns the public key corresponding to a given private key. It returns an error if the key isn't of an accepted implementation.

func PublicKeyToPEM 

func PublicKeyToPEM(key crypto.PublicKey) ([]byte, error)

PublicKeyToPEM encodes a public key to a PEM-enveloped PKIX form.

func PublicKeyToPKIX 

func PublicKeyToPKIX(key crypto.PublicKey) ([]byte, error)

PublicKeyToPKIX serializes a public key to a PKIX-encoded form.

func SHA256Hash 

func SHA256Hash(data []byte) []byte

SHA256Hash calculates the SHA256 hash of the input data.

func SignHMACSHA256 

func SignHMACSHA256(privKey crypto.PrivateKey, data []byte) ([]byte, error)

SignHMACSHA256 signs the given data with HMAC-SHA256 using privKey as the secret.

func SignWithoutHashing 

func SignWithoutHashing(privKey crypto.PrivateKey, digest []byte) ([]byte, error)

SignWithoutHashing signs the given digest with the private key and returns the new signature.

func VerifyHMACSHA256 

func VerifyHMACSHA256(privKey crypto.PrivateKey, data, signature []byte) error

VerifyHMACSHA256 checks that signature matches the HMAC-SHA256 of data using privKey as the secret.

func VerifySignatureWithoutHashing 

func VerifySignatureWithoutHashing(pubKey crypto.PublicKey, digest, signature []byte) error

VerifySignatureWithoutHashing checks the signature against the passed data (which is normally a digest) and public key. It returns an error if verification fails, or nil otherwise.

func WriteCertPEM 

func WriteCertPEM(w io.Writer, certs ...*x509.Certificate) error

WriteCertPEM writes the certificate to the writer, in a PEM-enveloped DER encoding.

func WritePrivateKeyPEM 

func WritePrivateKeyPEM(w io.Writer, key crypto.PrivateKey) error

WritePrivateKeyPEM writes the private key to the writer, in a PEM-enveloped PKCS#8 form.

func WritePublicKeyPEM 

func WritePublicKeyPEM(w io.Writer, key crypto.PublicKey) error

WritePublicKeyPEM writes the public key, in a PEM-enveloped PKIX form.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.