secrets

package

v0.3.3 Latest Latest Go to latest Published: Apr 4, 2024 License: BSD-2-Clause Imports: 15 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

git.glasklar.is/system-transparency/core/stprov

Links

Open Source Insights

Documentation ¶

Overview ¶

package secrets provides utilities to derive short-term and long-term secrets. These secrets are used during and after platform provisioning.

Index ¶

Constants
func Reader(secret []byte, label string, context uint) io.Reader
type Entropy
- func NewEntropy() (*Entropy, error)
type OneTimePassword
- func NewOneTimePassword(secret string) (*OneTimePassword, error)
type UniqueDeviceSecret
- func NewUniqueDeviceSecret(ext *Entropy) (*UniqueDeviceSecret, error)

Constants ¶

View Source

const DummyServerName = "stprov"

View Source

const EntropyBytes = 32 // 256 bits

Variables ¶

This section is empty.

Functions ¶

func Reader ¶

func Reader(secret []byte, label string, context uint) io.Reader

Reader generates randomness using HKDF with SHA256 as the hash function

Types ¶

type Entropy ¶

type Entropy [EntropyBytes]byte

Entropy is a buffer storing 256 bits of entropy

func NewEntropy ¶

func NewEntropy() (*Entropy, error)

NewEntropy generates entropy using crypto/rand

type OneTimePassword ¶

type OneTimePassword Entropy

OneTimePassword is a one time password used to bootstrap mutually authenticated HTTPS. TLS 1.3 and a proper PSK mode should replace this in the future if the standard Go library adds such support.

func NewOneTimePassword ¶

func NewOneTimePassword(secret string) (*OneTimePassword, error)

NewOneTimePassword derives a one-time password from a shared secret

func (*OneTimePassword) BasicAuthPassword ¶

func (otp *OneTimePassword) BasicAuthPassword() (string, error)

BasicAuthPassword derives a basic auth password

func (OneTimePassword) TLSCertificate ¶

func (otp OneTimePassword) TLSCertificate(ip net.IP) (*tls.Certificate, error)

TLSCertificate derives a TLS certificate struct containing a private key and the same public X.509 certificate that is derived by X509Certificate()

func (*OneTimePassword) X509Certificate ¶

func (otp *OneTimePassword) X509Certificate(ip net.IP) (*x509.Certificate, error)

X509 derives an X509 certificate for a given IP address

type UniqueDeviceSecret ¶

type UniqueDeviceSecret Entropy

UniqueDeviceSecret is secret used to derive other long-term secrets

func NewUniqueDeviceSecret ¶

func NewUniqueDeviceSecret(ext *Entropy) (*UniqueDeviceSecret, error)

NewUniqueDeviceSecret generates a unique device secret by mixing entropy from an external and an internal source

func (*UniqueDeviceSecret) Authentication ¶

func (uds *UniqueDeviceSecret) Authentication() (*Entropy, error)

Authentication derives a platform's authentication parameter, see https://github.com/system-transparency/system-transparency#authentication---json-string-or-null

func (*UniqueDeviceSecret) Identity ¶

func (uds *UniqueDeviceSecret) Identity() (*Entropy, error)

Identity derives a platform's identity parameter, see https://github.com/system-transparency/system-transparency#identity---json-string-or-null

func (*UniqueDeviceSecret) SSH ¶

func (uds *UniqueDeviceSecret) SSH() (*ssh.HostKey, error)

SSH derives a platform's Ed25519 host key (not a general ST parameter)

Source Files ¶

View all Source files

secrets.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL