key

package
v0.3.7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 13, 2026 License: Apache-2.0 Imports: 18 Imported by: 17

Documentation

Index

Constants

View Source 
const (
	RSA     Type = "rsa"
	ECDSA   Type = "ecdsa"
	ED25519 Type = "ed25519"

	RsaSsaPssSha256     Scheme = "rsassa-pss-sha256"
	RsaSsaPssSha384     Scheme = "rsassa-pss-sha384"
	RsaSsaPssSha512     Scheme = "rsassa-pss-sha512"
	EcdsaSha2nistP224   Scheme = "ecdsa-sha2-nistp224"
	EcdsaSha2nistP256   Scheme = "ecdsa-sha2-nistp256"
	EcdsaSha2nistP384   Scheme = "ecdsa-sha2-nistp384"
	EcdsaSha2nistP521   Scheme = "ecdsa-sha2-nistp521"
	EcdsaSha256nistP256 Scheme = "ecdsa-sha256-nistp256"
	EcdsaSha384nistP384 Scheme = "ecdsa-sha384-nistp384"
	Ed25519             Scheme = "ed25519"
)

Variables

View Source 
var (
	ErrUnknownScheme          = errors.New("unknown key scheme")
	ErrIncorrectKeySchema     = errors.New("unable to set key scheme, incorrect key type")
	ErrIncorrectEllipticCurve = errors.New("schema curve does not match key")
	ErrUnknownEllipticCurve   = errors.New("unsupported elliptic curve")
)
View Source 
var DefaultGenerateOptions = GenerateOptions{
	Type:        ECDSA,
	Curve:       elliptic.P256(),
	RSAHashType: crypto.SHA256,
	KeyLength:   4096,
}

DefaultGenerateOptions default key generation options

Functions

This section is empty.

Types

type FnGenOpt 

type FnGenOpt func(*GenerateOptions) error

func WithEllipticCurve 

func WithEllipticCurve(cv elliptic.Curve) FnGenOpt

func WithKeyLength 

func WithKeyLength(l int) FnGenOpt

func WithKeyType 

func WithKeyType(t Type) FnGenOpt

type FnOpt 

type FnOpt func(*KeyParseOptions)

func WithScheme 

func WithScheme(scheme Scheme) FnOpt

WithScheme defines a scheme for a key.

type GenerateOptions 

type GenerateOptions struct {
	Type         Type
	Curve        elliptic.Curve
	UseECMarshal bool
	RSAHashType  crypto.Hash
	KeyLength    int
}

type Generator 

type Generator struct{}

Generator is a key generator that returns keys wrapped in our key wrappers. The key generator supports ECDSA, RSA and ED25519 and some basic options such as key length and defininig the elliptic curve to use.

func NewGenerator 

func NewGenerator() *Generator

func (*Generator) GenerateKeyPair 

func (gen *Generator) GenerateKeyPair(funcs ...FnGenOpt) (*Private, error)

GenerateKeyPair creates a new keypair

type Key added in v0.3.7 

type Key interface {
	GetType() Type
	GetScheme() Scheme
	GetHashType() crypto.Hash
	GetData() string
	GetKey() crypto.PublicKey
	GetNotBefore() *time.Time
	GetNotAfter() *time.Time
}

Key is an interface to group both public and private keys

type KeyParseOptions 

type KeyParseOptions struct {
	Scheme Scheme
}

type KeySet added in v0.3.7 

type KeySet []Key

func (KeySet) ActiveKeys added in v0.3.7 

func (ks KeySet) ActiveKeys() KeySet

ActiveKeys returns all keys whose dates are currently valid or have no dates. A key is active if its NotBefore date has passed (or is nil) and its NotAfter date has not passed (or is nil).

func (KeySet) ActiveOrRecentlyExpiredKeys added in v0.3.7 

func (ks KeySet) ActiveOrRecentlyExpiredKeys(threshold time.Duration) KeySet

ActiveOrRecentlyExpiredKeys returns all active keys plus keys that expired within the given threshold duration.

func (KeySet) GetLatestKey added in v0.3.7 

func (ks KeySet) GetLatestKey() Key

GetLatestKey returns the most "recent" key from the set based on validity dates. It filters out expired keys and keys whose NotBefore date hasn't passed yet, then orders by NotBefore date (descending), then by NotAfter date for keys without NotBefore, and finally by original array order for keys with neither date.

type Parser 

type Parser struct{}

func NewParser 

func NewParser() *Parser

func (*Parser) ParsePublicKey 

func (p *Parser) ParsePublicKey(pubKeyData []byte, funcs ...FnOpt) (*Public, error)

ParsePublicKey parses a public key that can be used to verify

type Private 

type Private struct {
	Type      Type
	Scheme    Scheme
	HashType  crypto.Hash
	Data      string
	Key       crypto.PublicKey
	NotBefore *time.Time `json:"not_before"`
	NotAfter  *time.Time `json:"not_after"`
}

Private abstracts a private key use mainly to sign.

func (*Private) ID added in v0.2.1 

func (p *Private) ID() string

ID computes a key id by hashing the key data and triming it to the first 8 bytes

func (*Private) PrivateKey 

func (p *Private) PrivateKey() (*Private, error)

PrivateKey implements the PrivateKeyProvider interface

func (*Private) PublicKey 

func (p *Private) PublicKey() (*Public, error)

PublicKey derives the public key from the provate one and returns a Public abstraction that can be used to verify signed things.

type PrivateKeyProvider 

type PrivateKeyProvider interface {
	PrivateKey() (*Private, error)
}

type Public 

type Public struct {
	Type      Type
	Scheme    Scheme
	HashType  crypto.Hash
	Data      string
	Key       crypto.PublicKey
	NotBefore *time.Time `json:"not_before"`
	NotAfter  *time.Time `json:"not_after"`
}

Public key abstracts a public key data and all its features required to verify. After parsing, the original key data is preserved in the srtuct.

func (*Public) Curve 

func (p *Public) Curve() string

Curve returns the nist name of elliptic curve used in the key. If it cannot be read or the key is not an elliptic curve key then this function returns an empty string.

func (*Public) ID added in v0.2.1 

func (p *Public) ID() string

ID computes a key id by hashing the key data and triming it to the first bytes

func (*Public) PublicKey 

func (p *Public) PublicKey() (*Public, error)

Public is the most basic public key provider. It just returns itself

func (*Public) SetScheme 

func (p *Public) SetScheme(scheme Scheme) error

SetScheme sets the scheme string in the key, verifying consistency and defining some features of the key.

type PublicKeyProvider 

type PublicKeyProvider interface {
	PublicKey() (*Public, error)
}

type Scheme 

type Scheme string

type Signer 

type Signer struct{}

func NewSigner 

func NewSigner() *Signer

func (*Signer) SignDigest 

func (s *Signer) SignDigest(keyProvider PrivateKeyProvider, digest []byte) ([]byte, error)

SignDigest signs the digest byte sequence using the key obtained from a key provider

func (*Signer) SignDigestString 

func (s *Signer) SignDigestString(keyProvider PrivateKeyProvider, digestString string) ([]byte, error)

SignDigestString signs a digest in hex string representation

func (*Signer) SignMessage 

func (s *Signer) SignMessage(keyProvider PrivateKeyProvider, message []byte) ([]byte, error)

SignMessage signs a supplied message

type Type 

type Type string

type VerificationResult 

type VerificationResult struct {
	Keys     []*Public
	Time     time.Time
	Digest   map[string]string
	Verified bool
}

VerificationResult captures the key verification result

type Verifier 

type Verifier struct{}

func NewVerifier 

func NewVerifier() *Verifier

func (*Verifier) VerifyDigest 

func (v *Verifier) VerifyDigest(pkeyProv PublicKeyProvider, digest, signature []byte) (bool, error)

VerifyDigest checks a sigest signature against a digest byte slice

func (*Verifier) VerifyDigestString 

func (v *Verifier) VerifyDigestString(pkeyProv PublicKeyProvider, digestString string, signature []byte) (bool, error)

VerifyDigestString verifies the signature from a digest string. The provided string must be a hex encoded string of a hash produced by algorithm defined in the public key abstraction.

func (*Verifier) VerifyMessage 

func (v *Verifier) VerifyMessage(pkeyProv PublicKeyProvider, message, signature []byte) (bool, error)

VerifyMessage verifies the signature by getting the whole message

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.