crypto

package
v0.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 11, 2024 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source 
const AdminCommonName = "flightctl-admin"
View Source 
const ClientBootstrapCommonName = "client-enrollment"

Wraps openshift/library-go/pkg/crypto to use ECDSA and simplify the interface

View Source 
const ClientBootstrapCommonNamePrefix = "client-enrollment-"
View Source 
const DeviceCommonNamePrefix = "device:"

Variables

This section is empty.

Functions

func BootstrapCNFromName added in v0.2.0 

func BootstrapCNFromName(name string) (string, error)

func CNFromDeviceFingerprint 

func CNFromDeviceFingerprint(fingerprint string) (string, error)

func DecryptKeyBytes added in v0.3.0 

func DecryptKeyBytes(pemKeyEncrypted []byte, pw []byte) ([]byte, error)

func EnsureKey 

func EnsureKey(keyFile string) (crypto.PublicKey, crypto.PrivateKey, bool, error)

func GetPEMBlock added in v0.3.0 

func GetPEMBlock(pemKey []byte) (*pem.Block, error)

func HashPublicKey 

func HashPublicKey(key crypto.PublicKey) ([]byte, error)

func IsEncryptedPEMKey added in v0.3.0 

func IsEncryptedPEMKey(pemKey []byte) (bool, error)

func LoadKey 

func LoadKey(keyFile string) (crypto.PrivateKey, error)

func MakeCSR 

func MakeCSR(privateKey crypto.Signer, subjectName string) ([]byte, error)

func NewKeyPair 

func NewKeyPair() (crypto.PublicKey, crypto.PrivateKey, error)

func NewKeyPairWithHash 

func NewKeyPairWithHash() (crypto.PublicKey, crypto.PrivateKey, []byte, error)

func PEMEncodeKey 

func PEMEncodeKey(key crypto.PrivateKey) ([]byte, error)

func ParseCSR 

func ParseCSR(csrPEM []byte) (*x509.CertificateRequest, error)

func ParseKeyPEM 

func ParseKeyPEM(pemKey []byte) (crypto.PrivateKey, error)

func TLSConfigForClient 

func TLSConfigForClient(caConfig, clientConfig *TLSCertificateConfig) (*tls.Config, error)

func TLSConfigForServer 

func TLSConfigForServer(caConfig, serverConfig *TLSCertificateConfig) (*tls.Config, *tls.Config, *tls.Config, error)

func WriteKey 

func WriteKey(keyPath string, key crypto.PrivateKey) error

func WritePasswordEncryptedKey added in v0.3.0 

func WritePasswordEncryptedKey(keyPath string, key crypto.PrivateKey, password []byte) error

this copies functionality from sigstore's cosign to encrypt the private key using functionality from secure systems lab, which relies on golang crypto's secretbox and scrypt. see: https://github.com/sigstore/cosign/blob/77f71e0d7470e31ed4ed5653fe5a7c8e3b283606/pkg/cosign/keys.go#L158 https://github.com/secure-systems-lab/go-securesystemslib/blob/7dd9eabdaf9ea98ba33653cdfbdec7057bd662fd/encrypted/encrypted.go#L158

Types

type CA 

type CA struct {
	Config *TLSCertificateConfig

	SerialGenerator oscrypto.SerialGenerator
}

func EnsureCA 

func EnsureCA(certFile, keyFile, serialFile, subjectName string, expireDays int) (*CA, bool, error)

func GetCA 

func GetCA(certFile, keyFile, serialFile string) (*CA, error)

func MakeSelfSignedCA 

func MakeSelfSignedCA(certFile, keyFile, serialFile, subjectName string, expiryDays int) (*CA, error)

func (*CA) EnsureClientCertificate 

func (ca *CA) EnsureClientCertificate(certFile, keyFile string, subjectName string, expireDays int) (*TLSCertificateConfig, bool, error)

func (*CA) EnsureServerCertificate 

func (ca *CA) EnsureServerCertificate(certFile, keyFile string, hostnames []string, expireDays int) (*TLSCertificateConfig, bool, error)

func (*CA) IssueRequestedClientCertificate 

func (ca *CA) IssueRequestedClientCertificate(csr *x509.CertificateRequest, expirySeconds int) ([]byte, error)

IssueRequestedClientCertificate issues a client certificate based on the provided Certificate Signing Request (CSR) and the desired expiration time in seconds. This currently processes both enrollment cert and management cert signing requests, which both are signed by the FC service's internal CA instance named 'ca'.

func (*CA) MakeAndWriteServerCert 

func (ca *CA) MakeAndWriteServerCert(certFile, keyFile string, hostnames []string, expireDays int) (*TLSCertificateConfig, error)

func (*CA) MakeClientCertificate 

func (ca *CA) MakeClientCertificate(certFile, keyFile string, subject string, expiryDays int) (*TLSCertificateConfig, error)

func (*CA) MakeServerCert 

func (ca *CA) MakeServerCert(hostnames []string, expiryDays int, fns ...CertificateExtensionFunc) (*TLSCertificateConfig, error)

type CertificateExtensionFunc 

type CertificateExtensionFunc func(*x509.Certificate) error

type TLSCertificateConfig 

type TLSCertificateConfig oscrypto.TLSCertificateConfig

func GetClientCertificate 

func GetClientCertificate(certFile, keyFile string, subjectName string) (*TLSCertificateConfig, error)

func GetServerCert 

func GetServerCert(certFile, keyFile string, hostnames []string) (*TLSCertificateConfig, error)

func GetTLSCertificateConfig 

func GetTLSCertificateConfig(certFile, keyFile string) (*TLSCertificateConfig, error)

func (*TLSCertificateConfig) GetPEMBytes 

func (c *TLSCertificateConfig) GetPEMBytes() ([]byte, []byte, error)

func (*TLSCertificateConfig) WriteCertConfigFile 

func (c *TLSCertificateConfig) WriteCertConfigFile(certFile, keyFile string) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.