crypto

package

v1.0.2 Latest Latest Go to latest Published: Jan 7, 2026 License: Apache-2.0 Imports: 19 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/flightctl/flightctl

Links

Open Source Insights

Documentation ¶

Index ¶

func DecryptKeyBytes(pemKeyEncrypted []byte, pw []byte) ([]byte, error)
func EncodeCertificatePEM(cert *x509.Certificate) ([]byte, error)
func EnsureKey(keyFile string) (crypto.PublicKey, crypto.PrivateKey, bool, error)
func GetCSRExtensionValueAsStr(csr *x509.CertificateRequest, oid asn1.ObjectIdentifier) (string, error)
func GetCertificateExtensionValueAsStr(cert *x509.Certificate, oid asn1.ObjectIdentifier) (string, error)
func GetPEMBlock(pemKey []byte) (*pem.Block, error)
func HashPublicKey(key crypto.PublicKey) ([]byte, error)
func IsEncryptedPEMKey(pemKey []byte) (bool, error)
func LoadKey(keyFile string) (crypto.PrivateKey, error)
func MakeCSR(privateKey crypto.Signer, subjectName string, opts ...CSROption) ([]byte, error)
func NewKeyPair() (crypto.PublicKey, crypto.PrivateKey, error)
func NewKeyPairWithHash() (crypto.PublicKey, crypto.PrivateKey, []byte, error)
func PEMEncodeKey(key crypto.PrivateKey) ([]byte, error)
func ParseCSR(csrPEM []byte) (*x509.CertificateRequest, error)
func ParseCertificatePEM(certPEM []byte) (*x509.Certificate, error)
func ParseKeyPEM(pemKey []byte) (crypto.PrivateKey, error)
func ParsePEMCertificate(pemData []byte) (*x509.Certificate, error)
func ValidateX509CSR(c *x509.CertificateRequest) error
func WriteKey(keyPath string, key crypto.PrivateKey) error
func WritePasswordEncryptedKey(keyPath string, key crypto.PrivateKey, password []byte) error
type CSROption
- func WithDNSNames(names ...string) CSROption
- func WithExtraExtension(oid asn1.ObjectIdentifier, value string) CSROption
- func WithIPAddresses(ips ...net.IP) CSROption
- func WithSubject(subject pkix.Name) CSROption
- func WithURIs(uris ...*urlpkg.URL) CSROption

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func DecryptKeyBytes ¶

func DecryptKeyBytes(pemKeyEncrypted []byte, pw []byte) ([]byte, error)

func EncodeCertificatePEM ¶ added in v0.10.0

func EncodeCertificatePEM(cert *x509.Certificate) ([]byte, error)

EncodeCertificatePEM encodes a single x509.Certificate into PEM bytes.

func EnsureKey ¶

func EnsureKey(keyFile string) (crypto.PublicKey, crypto.PrivateKey, bool, error)

func GetCSRExtensionValueAsStr ¶ added in v0.10.0

func GetCSRExtensionValueAsStr(csr *x509.CertificateRequest, oid asn1.ObjectIdentifier) (string, error)

GetCSRExtensionValueAsStr retrieves a specific extension from a CSR as a string.

func GetCertificateExtensionValueAsStr ¶ added in v0.10.0

func GetCertificateExtensionValueAsStr(cert *x509.Certificate, oid asn1.ObjectIdentifier) (string, error)

func GetPEMBlock ¶

func GetPEMBlock(pemKey []byte) (*pem.Block, error)

func HashPublicKey ¶

func HashPublicKey(key crypto.PublicKey) ([]byte, error)

func IsEncryptedPEMKey ¶

func IsEncryptedPEMKey(pemKey []byte) (bool, error)

func LoadKey ¶

func LoadKey(keyFile string) (crypto.PrivateKey, error)

func MakeCSR ¶

func MakeCSR(privateKey crypto.Signer, subjectName string, opts ...CSROption) ([]byte, error)

MakeCSR creates a PEM-encoded CSR using the provided private key,

func NewKeyPair ¶

func NewKeyPair() (crypto.PublicKey, crypto.PrivateKey, error)

func NewKeyPairWithHash ¶

func NewKeyPairWithHash() (crypto.PublicKey, crypto.PrivateKey, []byte, error)

func PEMEncodeKey ¶

func PEMEncodeKey(key crypto.PrivateKey) ([]byte, error)

func ParseCSR ¶

func ParseCSR(csrPEM []byte) (*x509.CertificateRequest, error)

func ParseCertificatePEM ¶ added in v0.10.0

func ParseCertificatePEM(certPEM []byte) (*x509.Certificate, error)

ParseCertificatePEM parses a single x509.Certificate from PEM bytes.

func ParseKeyPEM ¶

func ParseKeyPEM(pemKey []byte) (crypto.PrivateKey, error)

func ParsePEMCertificate ¶ added in v0.10.0

func ParsePEMCertificate(pemData []byte) (*x509.Certificate, error)

ParsePEMCertificate parses a PEM-encoded certificate and returns an *x509.Certificate. It validates the PEM block type and ensures the certificate is properly formatted.

func ValidateX509CSR ¶ added in v0.10.0

func ValidateX509CSR(c *x509.CertificateRequest) error

func WriteKey ¶

func WriteKey(keyPath string, key crypto.PrivateKey) error

func WritePasswordEncryptedKey ¶

func WritePasswordEncryptedKey(keyPath string, key crypto.PrivateKey, password []byte) error

this copies functionality from sigstore's cosign to encrypt the private key using functionality from secure systems lab, which relies on golang crypto's secretbox and scrypt. see: https://github.com/sigstore/cosign/blob/77f71e0d7470e31ed4ed5653fe5a7c8e3b283606/pkg/cosign/keys.go#L158 https://github.com/secure-systems-lab/go-securesystemslib/blob/7dd9eabdaf9ea98ba33653cdfbdec7057bd662fd/encrypted/encrypted.go#L158

Types ¶

type CSROption ¶ added in v0.10.0

type CSROption func(*x509.CertificateRequest) error

CSROption allows callers to customize the x509.CertificateRequest template before the CSR is created.

func WithDNSNames ¶ added in v0.10.0

func WithDNSNames(names ...string) CSROption

WithDNSNames sets one or more DNS SANs on the CSR.

func WithExtraExtension ¶ added in v0.10.0

func WithExtraExtension(oid asn1.ObjectIdentifier, value string) CSROption

WithExtraExtension adds a non-critical extra extension (value ASN.1-encoded string).

func WithIPAddresses ¶ added in v0.10.0

func WithIPAddresses(ips ...net.IP) CSROption

WithIPAddresses sets one or more IP SANs on the CSR.

func WithSubject ¶ added in v0.10.0

func WithSubject(subject pkix.Name) CSROption

WithSubject overrides the Subject for the CSR.

func WithURIs ¶ added in v0.10.0

func WithURIs(uris ...*urlpkg.URL) CSROption

WithURIs sets one or more URI SANs on the CSR.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL