key

package
v0.3.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 13, 2026 License: Apache-2.0 Imports: 17 Imported by: 17

Documentation

Index

Constants

View Source 
const (
	RSA     Type = "rsa"
	ECDSA   Type = "ecdsa"
	ED25519 Type = "ed25519"

	RsaSsaPssSha256     Scheme = "rsassa-pss-sha256"
	RsaSsaPssSha384     Scheme = "rsassa-pss-sha384"
	RsaSsaPssSha512     Scheme = "rsassa-pss-sha512"
	EcdsaSha2nistP224   Scheme = "ecdsa-sha2-nistp224"
	EcdsaSha2nistP256   Scheme = "ecdsa-sha2-nistp256"
	EcdsaSha2nistP384   Scheme = "ecdsa-sha2-nistp384"
	EcdsaSha2nistP521   Scheme = "ecdsa-sha2-nistp521"
	EcdsaSha256nistP256 Scheme = "ecdsa-sha256-nistp256"
	EcdsaSha384nistP384 Scheme = "ecdsa-sha384-nistp384"
	Ed25519             Scheme = "ed25519"
)

Variables

View Source 
var (
	ErrUnknownScheme          = errors.New("unknown key scheme")
	ErrIncorrectKeySchema     = errors.New("unable to set key scheme, incorrect key type")
	ErrIncorrectEllipticCurve = errors.New("schema curve does not match key")
	ErrUnknownEllipticCurve   = errors.New("unsupported elliptic curve")
)
View Source 
var DefaultGenerateOptions = GenerateOptions{
	Type:        ECDSA,
	Curve:       elliptic.P256(),
	RSAHashType: crypto.SHA256,
	KeyLength:   4096,
}

DefaultGenerateOptions default key generation options

Functions

This section is empty.

Types

type FnGenOpt 

type FnGenOpt func(*GenerateOptions) error

func WithEllipticCurve 

func WithEllipticCurve(cv elliptic.Curve) FnGenOpt

func WithKeyLength 

func WithKeyLength(l int) FnGenOpt

func WithKeyType 

func WithKeyType(t Type) FnGenOpt

type FnOpt 

type FnOpt func(*KeyParseOptions)

func WithScheme 

func WithScheme(scheme Scheme) FnOpt

WithScheme defines a scheme for a key.

type GenerateOptions 

type GenerateOptions struct {
	Type         Type
	Curve        elliptic.Curve
	UseECMarshal bool
	RSAHashType  crypto.Hash
	KeyLength    int
}

type Generator 

type Generator struct{}

Generator is a key generator that returns keys wrapped in our key wrappers. The key generator supports ECDSA, RSA and ED25519 and some basic options such as key length and defininig the elliptic curve to use.

func NewGenerator 

func NewGenerator() *Generator

func (*Generator) GenerateKeyPair 

func (gen *Generator) GenerateKeyPair(funcs ...FnGenOpt) (*Private, error)

GenerateKeyPair creates a new keypair

type KeyParseOptions 

type KeyParseOptions struct {
	Scheme Scheme
}

type Parser 

type Parser struct{}

func NewParser 

func NewParser() *Parser

func (*Parser) ParsePublicKey 

func (p *Parser) ParsePublicKey(pubKeyData []byte, funcs ...FnOpt) (*Public, error)

ParsePublicKey parses a public key that can be used to verify

type Private 

type Private struct {
	Type      Type
	Scheme    Scheme
	HashType  crypto.Hash
	Data      string
	Key       crypto.PublicKey
	NotBefore *time.Time `json:"not_before"`
	NotAfter  *time.Time `json:"not_after"`
}

Private abstracts a private key use mainly to sign.

func (*Private) ID added in v0.2.1 

func (p *Private) ID() string

ID computes a key id by hashing the key data and triming it to the first 8 bytes

func (*Private) PrivateKey 

func (p *Private) PrivateKey() (*Private, error)

PrivateKey implements the PrivateKeyProvider interface

func (*Private) PublicKey 

func (p *Private) PublicKey() (*Public, error)

PublicKey derives the public key from the provate one and returns a Public abstraction that can be used to verify signed things.

type PrivateKeyProvider 

type PrivateKeyProvider interface {
	PrivateKey() (*Private, error)
}

type Public 

type Public struct {
	Type      Type
	Scheme    Scheme
	HashType  crypto.Hash
	Data      string
	Key       crypto.PublicKey
	NotBefore *time.Time `json:"not_before"`
	NotAfter  *time.Time `json:"not_after"`
}

Public key abstracts a public key data and all its features required to verify. After parsing, the original key data is preserved in the srtuct.

func (*Public) Curve 

func (p *Public) Curve() string

Curve returns the nist name of elliptic curve used in the key. If it cannot be read or the key is not an elliptic curve key then this function returns an empty string.

func (*Public) ID added in v0.2.1 

func (p *Public) ID() string

ID computes a key id by hashing the key data and triming it to the first bytes

func (*Public) PublicKey 

func (p *Public) PublicKey() (*Public, error)

Public is the most basic public key provider. It just returns itself

func (*Public) SetScheme 

func (p *Public) SetScheme(scheme Scheme) error

SetScheme sets the scheme string in the key, verifying consistency and defining some features of the key.

type PublicKeyProvider 

type PublicKeyProvider interface {
	PublicKey() (*Public, error)
}

type Scheme 

type Scheme string

type Signer 

type Signer struct{}

func NewSigner 

func NewSigner() *Signer

func (*Signer) SignDigest 

func (s *Signer) SignDigest(keyProvider PrivateKeyProvider, digest []byte) ([]byte, error)

SignDigest signs the digest byte sequence using the key obtained from a key provider

func (*Signer) SignDigestString 

func (s *Signer) SignDigestString(keyProvider PrivateKeyProvider, digestString string) ([]byte, error)

SignDigestString signs a digest in hex string representation

func (*Signer) SignMessage 

func (s *Signer) SignMessage(keyProvider PrivateKeyProvider, message []byte) ([]byte, error)

SignMessage signs a supplied message

type Type 

type Type string

type VerificationResult 

type VerificationResult struct {
	Keys     []*Public
	Time     time.Time
	Digest   map[string]string
	Verified bool
}

VerificationResult captures the key verification result

type Verifier 

type Verifier struct{}

func NewVerifier 

func NewVerifier() *Verifier

func (*Verifier) VerifyDigest 

func (v *Verifier) VerifyDigest(pkeyProv PublicKeyProvider, digest, signature []byte) (bool, error)

VerifyDigest checks a sigest signature against a digest byte slice

func (*Verifier) VerifyDigestString 

func (v *Verifier) VerifyDigestString(pkeyProv PublicKeyProvider, digestString string, signature []byte) (bool, error)

VerifyDigestString verifies the signature from a digest string. The provided string must be a hex encoded string of a hash produced by algorithm defined in the public key abstraction.

func (*Verifier) VerifyMessage 

func (v *Verifier) VerifyMessage(pkeyProv PublicKeyProvider, message, signature []byte) (bool, error)

VerifyMessage verifies the signature by getting the whole message

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.