signing

package

v1.4.4 Latest Latest Go to latest Published: Apr 8, 2026 License: MIT Imports: 25 Imported by: 0

Details

Package signing manages keys the auth service uses for signing and verification

Package signing manages keys the auth service uses for signing and verification

View Source

const (
	MinPassphraseLength  = 8
	MinPassphraseEntropy = 3
)

Constants for creating RSA keys and key set

This section is empty.

func NewHMACSigner(secret cmn.Censored) tok.Signer

type AsymmetricKeySigner interface {
	GetPubKey() string
	RotateKey() error
}

type JWKSProvider interface {
	GetJWKS() (jwk.Set, error)
}

type RSAKeyManager struct {
	// contains filtered or unexported fields
}

RSAKeyManager is responsible for the lifecycle of RSA key pairs

func NewRSAKeyManager(conf *config.RSAKeyConfig, passphrase cmn.Censored, db kvdb.AuthStorageDriver) *RSAKeyManager

func (r *RSAKeyManager) GetJWKS() (jwk.Set, error)

func (r *RSAKeyManager) GetPubKey() string

func (r *RSAKeyManager) Init() error

Init sets up an RSA key pair, using one from disk if provided Must only be called at init time -- key rotation not yet implemented

func (r *RSAKeyManager) ResolveKey(_ context.Context, t *jwt.Token) (any, error)

func (r *RSAKeyManager) RotateKey() error

func (r *RSAKeyManager) SignToken(c jwt.Claims) (string, error)

SignToken signs JWT claims with the current RSA private key and includes the key ID header

func (r *RSAKeyManager) ValidationConf() *authn.ServerConf