security

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 17, 2023 License: BSD-3-Clause Imports: 36 Imported by: 59

Documentation

Overview

Package security implements utilities for creating and using Vanadium security primitives. In particular it provides support for creating and using persistent Vanadium principals whose keys and blessings are stored in a local file system directory. The blessings may be updated asynchronously and reloaded by a running service. Services may run in read-only mode whereby they can access updated blessings but cannot generate blessings of their own and hence only need access to a public key. Support is also provided for hosting private keys in ssh agents rather than the local file system and for all signing operations to be carried out by the agent.

This file was auto-generated by the vanadium vdl tool. Package: security

Index

Constants

View Source 
const DischargeRefreshFraction = 0.5

DischargeRefreshFraction determines how early before their expiration time we refresh discharges. A value of 0.5 means we refresh when it is only half way to is expiration time.

Variables

View Source 
var (
	// ErrBadPassphrase is a possible return error from LoadPersistentPrincipal()
	ErrBadPassphrase = verror.NewID("errBadPassphrase")
	// ErrPassphraseRequired is a possible return error from LoadPersistentPrincipal()
	ErrPassphraseRequired = verror.NewID("errPassphraseRequired")
)

Functions

func APIForKey added in v0.2.0 

func APIForKey(key crypto.PrivateKey) (keys.API, error)

APIForKey calls APIForKey on KeyRegistrar().

func ConvertPrivateKeyForPrincipal added in v0.2.0 

func ConvertPrivateKeyForPrincipal(ctx context.Context, dir string, passphrase []byte) error

ConvertPrivateKeyForPrincipal will convert a private key encoded in a PEM block in any supported format to a PEM block of type 'PRIVATE KEY' encoded as PKCS8. It is intended for updating existing Vanadium principals that use 'EC PRIVATE KEY' and PEM encryption to PKCS8 format and encryption.

func CreatePersistentPrincipal 

func CreatePersistentPrincipal(dir string, passphrase []byte) (security.Principal, error)

CreatePersistentPrincipal wraps CreatePersistentPrincipalUsingKey to create a new Principal using a newly generated ECSDA key using the P.256 curve.

func CreatePersistentPrincipalUsingKey added in v0.1.10 

func CreatePersistentPrincipalUsingKey(ctx context.Context, key crypto.PrivateKey, dir string, passphrase []byte) (security.Principal, error)

CreatePersistentPrincipalUsingKey creates a new Principal using the supplied key and commits all state changes to the provided directory.

The private key is serialized and saved encrypted if the 'passphrase' is non-nil, and unencrypted otherwise.

If the directory has any preexisting principal data, an error is returned.

The specified directory may not exist, in which case it will be created.

func CreatePrincipalOpts added in v0.2.0 

func CreatePrincipalOpts(ctx context.Context, opts ...CreatePrincipalOption) (security.Principal, error)

CreatePrincipalOpts creates a Principal using the specified options. It is intended to replace the other 'Create' methods provided by this package. If no private key was specified via an option then a plaintext ecdsa key with the P256 curve will be created and used.

func DecodeBlessingsBase64 added in v0.2.0 

func DecodeBlessingsBase64(encoded string) (security.Blessings, error)

DecodeBlessingsBase64 decodes blessings from the supplied base64 url encoded string.

func DecodePublicKeyBase64 added in v0.2.0 

func DecodePublicKeyBase64(key string) (security.PublicKey, error)

DecodePublicKeyBase64 decodes a public key from the supplied base64 url encoded string. It assumes that the underlying data format is DER.

func EncodeBlessingsBase64 added in v0.2.0 

func EncodeBlessingsBase64(blessings security.Blessings) (string, error)

EncodeBlessingsBase64 encodes the supplied blessings as a base 64 url encoded string.

func EncodePublicKeyBase64 added in v0.2.0 

func EncodePublicKeyBase64(key security.PublicKey) (string, error)

EncodePublicKeyBase64 encodes the supplied public key as a base64 url encoded string. The underlying data format is DER.

func FixedBlessingsStore 

func FixedBlessingsStore(b security.Blessings, dcache DischargeCache) security.BlessingStore

FixedBlessingsStore returns a BlessingStore implementation that always returns a fixed set of blessings (b) for both Default and ForPeer.

If dcache is non-nil, then it will be used to cache discharges, otherwise it will create a cache of its own.

func ForkPrincipal 

func ForkPrincipal(p security.Principal, store security.BlessingStore, roots security.BlessingRoots) (security.Principal, error)

ForkPrincipal returns a principal that has the same private key as p but uses store and roots instead of the BlessingStore and BlessingRoots in p.

func ImmutableBlessingRoots 

func ImmutableBlessingRoots(r security.BlessingRoots) security.BlessingRoots

ImmutableBlessingRoots returns a BlessingRoots implementation that is identical to r, except that all mutation operations fail.

func ImmutableBlessingStore 

func ImmutableBlessingStore(s security.BlessingStore) security.BlessingStore

ImmutableBlessingStore returns a BlessingStore implementation that is identical to r, except that Set* methods will fail. (Mutation in the form of adding discharges via CacheDischarge are still allowed).

func ImportPrivateKeyFile added in v0.2.0 

func ImportPrivateKeyFile(filename string) ([]byte, error)

ImportPrivateKeyFile returns the byte representation for an imported private key file.

func InitDefaultBlessings 

func InitDefaultBlessings(p security.Principal, name string) error

InitDefaultBlessings uses the provided principal to create a self blessing for name 'name', sets it as default on the principal's BlessingStore and adds it as root to the principal's BlessingRoots. TODO(ataly): Get rid this function given that we have SetDefaultBlessings.

func KeyRegistrar added in v0.2.0 

func KeyRegistrar() *keys.Registrar

KeyRegistrar exposes the keys.Registrar used by this package to allow for external packages to extend the set of supported key types.

func LoadPersistentPrincipal 

func LoadPersistentPrincipal(dir string, passphrase []byte) (security.Principal, error)

LoadPersistentPrincipal reads state for a principal (private key, BlessingRoots, BlessingStore) from the provided directory 'dir' and commits all state changes to the same directory. If private key file does not exist then an error 'err' is returned such that os.IsNotExist(err) is true. If private key file exists then 'passphrase' must be correct, otherwise ErrBadPassphrase will be returned. The newly loaded is principal's persistent store is locked and the returned unlock function must be called to release that lock.

func LoadPersistentPrincipalDaemon added in v0.1.10 

func LoadPersistentPrincipalDaemon(ctx context.Context, dir string, passphrase []byte, readonly bool, update time.Duration) (security.Principal, error)

LoadPersistentPrincipalDaemon is like LoadPersistentPrincipal but is intended for use in long running applications which may not need to initiate changes to the principal but may need to reload their blessings roots and stores. If readonly is true, the principal will not write changes to its underlying persistent store. If a non-zero update duration is specified then the principal will be reloaded at the frequency implied by that duration. In addition, on systems that support it, a SIGHUP can be used to request an immediate reload. If passphrase is nil, readonly is true and the private key file is encrypted LoadPersistentPrincipalDaemon will not attempt to create a signer and will instead just use the principal's public key.

func LoadPersistentPrincipalWithPassphrasePrompt added in v0.1.10 

func LoadPersistentPrincipalWithPassphrasePrompt(dir string) (security.Principal, error)

LoadPersistentPrincipalWithPassphrasePrompt is like LoadPersistentPrincipal but will prompt for a passphrase if one is required.

func LoadPrincipalOpts added in v0.2.0 

func LoadPrincipalOpts(ctx context.Context, opts ...LoadPrincipalOption) (security.Principal, error)

LoadPrincipalOpts loads the state required to create a principal according to the specified options. The most common use case is to load a principal from a filesystem directory, as in: 

LoadPrincipalOpts(ctx, LoadFrom(FilesystemStoreWriter(dir)))

func MarshalPrivateKey added in v0.2.0 

func MarshalPrivateKey(key crypto.PrivateKey, passphrase []byte) ([]byte, error)

MarshalPrivateKey calls MarshalPrivateKey on KeyRegistrar().

func MarshalPublicKey added in v0.2.0 

func MarshalPublicKey(key crypto.PublicKey) ([]byte, error)

MarshalPublicKey calls MarshalPublicKey on KeyRegistrar().

func MustForkPrincipal 

func MustForkPrincipal(p security.Principal, store security.BlessingStore, roots security.BlessingRoots) security.Principal

MustForkPrincipal is identical to ForkPrincipal, except that it panics on error (such as if store is bound to a different PublicKey than p).

func NewBlessingRoots 

func NewBlessingRoots() security.BlessingRoots

NewBlessingRoots returns an implementation of security.BlessingRoots that keeps all state in memory. The returned BlessingRoots is initialized with an empty set of keys.

func NewBlessingRootsOpts added in v0.2.0 

func NewBlessingRootsOpts(ctx context.Context, opts ...BlessingRootsOption) (security.BlessingRoots, error)

NewBlessingRootsOpts returns an implementation of security.BlessingRoots according to the supplied options. If no options are supplied all state is kept in memory.

func NewBlessingStore added in v0.1.10 

func NewBlessingStore(publicKey security.PublicKey) security.BlessingStore

NewBlessingStore returns an in-memory security.BlessingStore for a principal with the provided PublicKey.

The returned BlessingStore is initialized with an empty set of blessings.

func NewBlessingStoreOpts added in v0.2.0 

func NewBlessingStoreOpts(ctx context.Context, publicKey security.PublicKey, opts ...BlessingStoreOption) (security.BlessingStore, error)

NewBlessingStore returns an implementation of security.BlessingStore according to the supplied options. If no options are supplied all state is kept in memory.

func NewPrincipal 

func NewPrincipal() (security.Principal, error)

NewPrincipal mints a new private (ecdsa) key and generates a principal based on this key, storing its BlessingRoots and BlessingStore in memory.

func NewPrincipalFromSigner 

func NewPrincipalFromSigner(signer security.Signer) (security.Principal, error)

NewPrincipalFromSigner creates a new Principal using the provided Signer with in-memory blessing roots and blessings store.

func NewSigner added in v0.2.0 

func NewSigner(ctx context.Context, keyType keys.CryptoAlgo) (security.Signer, error)

NewSigner returns a new security.Signer using a new private key of the requested type.

func NewSignerFromKey added in v0.2.0 

func NewSignerFromKey(ctx context.Context, key crypto.PrivateKey) (security.Signer, error)

NewSignerFromKey returns a new security.Signer using the supplied private key.

func ParsePrivateKey added in v0.2.0 

func ParsePrivateKey(ctx context.Context, data, passphrase []byte) (crypto.PrivateKey, error)

ParsePrivateKey calls ParsePrivateKey on KeyRegistrar().

func ParsePublicKey added in v0.2.0 

func ParsePublicKey(data []byte) (crypto.PublicKey, error)

ParsePublicKey calls ParsePublicKey on KeyRegistrar().

func PrepareDischarges 

func PrepareDischarges(
	ctx *context.T,
	blessings security.Blessings,
	serverBlessings []string,
	method string,
	args []interface{}) (security.Discharges, time.Time)

PrepareDischarges retrieves the caveat discharges required for using blessings at server. The discharges are either found in the dischargeCache, in the call options, or requested from the discharge issuer indicated on the caveat. Note that requesting a discharge is an rpc call, so one copy of this function must be able to successfully terminate while another is blocked. PrepareDischarges also returns a refreshTime, which is the time at which PrepareDischarges should be called again (or zero if none of the discharges expire).

func PrivateKeyFromFileWithPrompt added in v0.2.0 

func PrivateKeyFromFileWithPrompt(ctx context.Context, filename string) (crypto.PrivateKey, error)

PrivateKeyFromFileWithPrompt reads a private key file from the specified file and will only prompt for a passphrase if the contents of the file are encrypted.

func PrivateKeyWithPrompt added in v0.2.0 

func PrivateKeyWithPrompt(ctx context.Context, privKeyBytes []byte, prompt string) (crypto.PrivateKey, error)

PrivateKeyWithPrompt parses the supplied key bytes to obtain a private key and will only prompt for a passphrase if those

func SetDefaultBlessings 

func SetDefaultBlessings(p security.Principal, blessings security.Blessings) error

SetDefault`Blessings `sets the provided blessings as default and shareable with all peers on provided principal's BlessingStore, and also adds it as a root to the principal's BlessingRoots.

func ZeroPassphrase added in v0.1.10 

func ZeroPassphrase(pass []byte)

ZeroPassphrase overwrites the passphrase.

Types

type BlessingRootsOption added in v0.2.0 

type BlessingRootsOption func(*blessingRootsOptions)

BlessingRootsOption represents an option to NewBlessingRootOpts.

func BlessingRootsReadonly added in v0.2.0 

func BlessingRootsReadonly(store CredentialsStoreReader, publicKey security.PublicKey) BlessingRootsOption

BlessingRootsReadonly specifies a readonly store from which blessings can be read.

func BlessingRootsUpdate added in v0.2.0 

func BlessingRootsUpdate(interval time.Duration) BlessingRootsOption

BlessingRootsUpdate specifies that blessing roots should be periodically reloaded to obtain any changes made to them by another entity.

func BlessingRootsWriteable added in v0.2.0 

func BlessingRootsWriteable(store CredentialsStoreReadWriter, signer security.Signer) BlessingRootsOption

BlessingRootsWriteable specifies a writeable store on which blessings can be stored.

func BlessingRootsX509VerifyOptions added in v0.2.0 

func BlessingRootsX509VerifyOptions(opts x509.VerifyOptions) BlessingRootsOption

BlessingRootsX509VerifyOptions specifies the x509 verification options to use with a blessing roots store.

type BlessingStoreOption added in v0.2.0 

type BlessingStoreOption func(*blessingsStoreOptions)

BlessingStoreOption represents an option to NewBlessingStoreOpts.

func BlessingStoreReadonly added in v0.2.0 

func BlessingStoreReadonly(store CredentialsStoreReader, publicKey security.PublicKey) BlessingStoreOption

BlessingStoreReadonly specifies a readonly store from which blessings can be read.

func BlessingStoreUpdate added in v0.2.0 

func BlessingStoreUpdate(interval time.Duration) BlessingStoreOption

BlessingStoreUpdate specifies that blessings should be periodically reloaded to obtain any changes made to them by another entity.

func BlessingStoreWriteable added in v0.2.0 

func BlessingStoreWriteable(store CredentialsStoreReadWriter, signer security.Signer) BlessingStoreOption

BlessingStoreWriteable specifies a writeable store on which blessings can be stored.

type CachedDischarge 

type CachedDischarge struct {
	Discharge security.Discharge
	// CacheTime is the time at which the discharge was first cached.
	CacheTime time.Time
}

func (CachedDischarge) VDLIsZero 

func (x CachedDischarge) VDLIsZero() bool

func (*CachedDischarge) VDLRead 

func (x *CachedDischarge) VDLRead(dec vdl.Decoder) error

func (CachedDischarge) VDLReflect 

func (CachedDischarge) VDLReflect(struct {
	Name string `vdl:"v.io/x/ref/lib/security.CachedDischarge"`
})

func (CachedDischarge) VDLWrite 

func (x CachedDischarge) VDLWrite(enc vdl.Encoder) error

type CreateBlessingRoots added in v0.2.0 

type CreateBlessingRoots func(context.Context, security.PublicKey, security.Signer) (security.BlessingRoots, error)

CreateBlessingRoots is invoked by LoadPrincipalOpts to create a custom security.BlessingRoots using the supplied key information. Signer may be nil but a public key is always provided.

type CreateBlessingStore added in v0.2.0 

type CreateBlessingStore func(context.Context, security.PublicKey, security.Signer) (security.BlessingStore, error)

CreateBlessingStore is invoked by LoadPrincipalOpts to create a custom security.BlessingStore using the supplied key information. Signer may be nil but a public key is always provided.

type CreatePrincipalOption added in v0.2.0 

type CreatePrincipalOption func(o *createPrincipalOptions) error

CreatePrincipalOption represents an option to CreatePrincipalOpts.

func WithBlessingRoots added in v0.2.0 

func WithBlessingRoots(roots security.BlessingRoots) CreatePrincipalOption

WithBlessingRoots specifies the security.BlessingRoots to use for the new principal.

func WithBlessingStore added in v0.2.0 

func WithBlessingStore(store security.BlessingStore) CreatePrincipalOption

WithBlessingStore specifies the security.BlessingStore to use for the new principal.

func WithPrivateKey added in v0.2.0 

func WithPrivateKey(key crypto.PrivateKey, passphrase []byte) CreatePrincipalOption

WithPrivateKey specifies the private key to use for the new principal. WithPrivateKey takes precedence over WithPrivateKeyBytes. Passphrase is zeroed.

func WithPrivateKeyBytes added in v0.2.0 

func WithPrivateKeyBytes(ctx context.Context, publicKeyBytes, privateKeyBytes, passphrase []byte) CreatePrincipalOption

WithPrivateKeyBytes specifies the public and private key bytes to use when creating a principal. The passphrase is zeroed. If publicKeyBytes are nil then the public key will be derived from the private key. If not, the public key will be parsed from the supplied bytes. If the public key bytes encode a CERTIFICATE PEM block then that Certificate will be retained and associated with the principal as opposed to just the public key portion of the certificate.

func WithPublicKeyBytes added in v0.2.0 

func WithPublicKeyBytes(keyBytes []byte) CreatePrincipalOption

WithPublicKeyBytes specifies the public key bytes to use when creating a public-key only principal. If the public key bytes encode a CERTIFICATE PEM block then that Certificate will be retained and associated with the principal as opposed to just the public key portion of the certificate.

func WithPublicKeyOnly added in v0.2.0 

func WithPublicKeyOnly(allow bool) CreatePrincipalOption

WithPublicKeyOnly specifies whether the principal to be created can be restricted to having only a public key. Such a principal can verify credentials but not create any of its own.

func WithSigner added in v0.2.0 

func WithSigner(signer security.Signer) CreatePrincipalOption

WithSigner specifies the security.Signer to use for the new principal. WithSigner takes precedence over WithPrivateKey or WithPrivateKeyBytes.

func WithStore added in v0.2.0 

func WithStore(store CredentialsStoreCreator) CreatePrincipalOption

WithStore specifies the credentials store to use for creating a new principal. Such a store must support persisting key information.

func WithX509Certificate added in v0.2.0 

func WithX509Certificate(cert *x509.Certificate) CreatePrincipalOption

WithX509Certificate specifies the x509 certificate to associate with this principal. It's public key must match the public key already set for this principal if one has already been set via a private key, a signer or as bytes. Note that if the public key bytes specified via WithPublicKeyBytes is a PEM CERTIFICATE block then the x509 Certificate will be used from that also.

type CredentialsStoreCreator added in v0.2.0 

type CredentialsStoreCreator interface {
	CredentialsStoreReadWriter
	// WriteKeyPair writes the specified key information to the store.
	// Note the public key bytes must always be provided but the private
	// key bytes may be nil.
	//
	// WriteKeyPair must be guarded by a lock of scope LockKeyStore.
	WriteKeyPair(ctx context.Context, public, private []byte) error
}

CredentialsStoreCreator represents the operations to create a new credentials store.

func CreateFilesystemStore added in v0.2.0 

func CreateFilesystemStore(dir string) (CredentialsStoreCreator, error)

CreateFilesystemStore returns a store hosted on the local filesystem that can be used to create a new credentials store (and hence principal).

type CredentialsStoreReadWriter added in v0.2.0 

type CredentialsStoreReadWriter interface {
	CredentialsStoreReader
	CredentialsStoreWriter
}

CredentialsStoreReadWriter represents a mutable credentials store.

func FilesystemStoreWriter added in v0.2.0 

func FilesystemStoreWriter(dir string) CredentialsStoreReadWriter

FilesystemStoreWriter returns a CredentialsStoreReadWriter for an existing local file system credentials store.

type CredentialsStoreReader added in v0.2.0 

type CredentialsStoreReader interface {
	RLock(context.Context, LockScope) (func(), error)
	NewSigner(ctx context.Context, passphrase []byte) (security.Signer, error)
	NewPublicKey(ctx context.Context) (security.PublicKey, *x509.Certificate, error)
	BlessingsReader(context.Context) (SerializerReader, error)
	RootsReader(context.Context) (SerializerReader, error)
}

CredentialsStoreReader represents the read-only operations on a credentials store. The CredentialsStore interfaces allow for alternative implementations of credentials stores to be used with the rest of this package. For example, a store that uses AWS S3 could simply implement these APIs and then be usable by the existing blessings store and blessing roots implementations.

All operations must be guarded by a read-only lock as obtained via RLock for the appropriate lock scope. NewSigner and NewPublicKey should be guarded by a LockKeyStore scope, BlessingsReader by LockBlessingStore and RootsReader by LockBlessingRoots.

func FilesystemStoreReader added in v0.2.0 

func FilesystemStoreReader(dir string) CredentialsStoreReader

FilesystemStoreReader returns a CredentialsStoreReader for an existing local file system credentials store.

type CredentialsStoreWriter added in v0.2.0 

type CredentialsStoreWriter interface {
	Lock(context.Context, LockScope) (func(), error)
	BlessingsWriter(context.Context) (SerializerWriter, error)
	RootsWriter(context.Context) (SerializerWriter, error)
}

CredentialsStoreWriter represents the write operations on a credentials store.

All operations must be guarded by a as obtained via LLock for the appropriate lock scope. BlessingsWriter should be guarded by LockBlessingStore and RootsWriter by LockBlessingRoots.

type DischargeCache 

type DischargeCache interface {
	CacheDischarge(discharge security.Discharge, caveat security.Caveat, impetus security.DischargeImpetus) error
	ClearDischarges(discharges ...security.Discharge)
	Discharge(caveat security.Caveat, impetus security.DischargeImpetus) (security.Discharge, time.Time)
}

DischargeCache is a subset of the security.BlessingStore interface that deals with caching discharges.

type LoadPrincipalOption added in v0.2.0 

type LoadPrincipalOption func(o *principalOptions) error

LoadPrincipalOption represents an option to LoadPrincipalOpts.

func FromBlessingRoots added in v0.2.0 

func FromBlessingRoots(factory CreateBlessingRoots) LoadPrincipalOption

FromBlessingRoots specifies a security.BlessingRoots to use with the new principal. If not specified, a security.BlessingRoots will be created by LoadPrincipalOpts.

func FromBlessingStore added in v0.2.0 

func FromBlessingStore(factory CreateBlessingStore) LoadPrincipalOption

FromBlessingStore specifies a If not specified, a security.BlessingStore will be created by LoadPrincipalOpts.

func FromPassphrase added in v0.2.0 

func FromPassphrase(passphrase []byte) LoadPrincipalOption

FromPassphrase specifies the passphrase to use for decrypting private key information. The supplied passphrase is zeroed.

func FromPublicKeyOnly added in v0.2.0 

func FromPublicKeyOnly(allow bool) LoadPrincipalOption

FromPublicKeyOnly specifies whether the principal to be created can be restricted to having only a public key. Such a principal can verify credentials but not create any of its own.

func FromReadonly added in v0.2.0 

func FromReadonly(store CredentialsStoreReader) LoadPrincipalOption

FromReadonly specifies a readonly store from which credentials information can be read. This includes keys, blessings and blessing roots.

func FromWritable added in v0.2.0 

func FromWritable(store CredentialsStoreReadWriter) LoadPrincipalOption

FromWritable specifies a writeable store from credentials information can be read. This includes keys, blessings and blessing roots.

func RefreshInterval added in v0.2.0 

func RefreshInterval(interval time.Duration) LoadPrincipalOption

RefreshInterval specifies that credentials state should be periodically reloaed to obtain any changes made to them by another entity.

type LockScope added in v0.2.0 

type LockScope int

LockScope represents the scope of a read/write or read-only lock on a credentials store. 

const (
	// LockKeyStore requests a lock on the key information.
	LockKeyStore LockScope = iota
	// LockBlessingStore requests a lock on the blessings store.
	LockBlessingStore
	// LockBlessingRoots requests a lock on the blessings roots.
	LockBlessingRoots
)

type SerializerReader added in v0.1.10 

type SerializerReader interface {
	// Readers returns io.ReadCloser for reading serialized data and its
	// integrity signature.
	Readers() (data io.ReadCloser, signature io.ReadCloser, err error)
}

SerializerWriter is a factory for managing the readers used for deserialization of signed data.

type SerializerWriter added in v0.1.10 

type SerializerWriter interface {
	// Writers returns io.WriteCloser for writing serialized data and its
	// integrity signature.
	Writers() (data io.WriteCloser, signature io.WriteCloser, err error)
}

SerializerWriter is a factory for managing the writers used for serialization of signed data.

Source Files

View all Source files

Directories

Path Synopsis
Package audit implements a mechanism for writing auditable events to an audit log.
 Package audit implements a mechanism for writing auditable events to an audit log.
This file was auto-generated by the vanadium vdl tool.
 This file was auto-generated by the vanadium vdl tool.
internal
lockedfile
Package lockedfile creates and manipulates files whose contents should only change atomically.
 Package lockedfile creates and manipulates files whose contents should only change atomically.
lockedfile/filelock
Package filelock provides a platform-independent API for advisory file locking.
 Package filelock provides a platform-independent API for advisory file locking.
lockedfile/testenv
Package keys provides support for working with an extensible set of cryptographic keys.
 Package keys provides support for working with an extensible set of cryptographic keys.
indirectkeyfiles
Package indirectkeyfiles provides support for key files whose contents refer to another keyfile.
 Package indirectkeyfiles provides support for key files whose contents refer to another keyfile.
internal
sshkeys
Package sshkeys provides support for using ssh keys with the security/keys package, including private keys hosted within an ssh agent.
 Package sshkeys provides support for using ssh keys with the security/keys package, including private keys hosted within an ssh agent.
x509keys
Package x509 provides support for using x509/ssl keys with the security/keys package.
 Package x509 provides support for using x509/ssl keys with the security/keys package.
Package passphrase contains utilities for reading a passphrase.
 Package passphrase contains utilities for reading a passphrase.
Package securityflag implements utilities for creating security objects based on flags.
 Package securityflag implements utilities for creating security objects based on flags.
Package serialization implements utilities for reading and writing data with signature-based integrity checking.
 Package serialization implements utilities for reading and writing data with signature-based integrity checking.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.