keys

package module
v0.0.48-fix Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 27, 2020 License: MIT Imports: 47 Imported by: 53

README

keys.pub

GoDoc

☢ This project is in development and has not been audited or reviewed. Use at your own risk. ☢

Documentation

Visit keys.pub.

Repositories

Repo Description
keys-pub/keys Key management, signing and encryption, including keys/saltpack and keys/keyring.
keys-pub/keys-ext Extensions: Service (gRPC), command line client, DB, Firestore, HTTP API/Client/Server, Git, Wormhole, etc.
keys-pub/app Desktop app.

Documentation

Index

Examples

Constants

View Source 
const RevokeLabel = "revoke"

RevokeLabel is label for revoking an earlier statement

Variables

This section is empty.

Functions

func BoxOpen 

func BoxOpen(encrypted []byte, sender *X25519PublicKey, recipient *X25519Key) ([]byte, error)

BoxOpen decrypts a message from a sender.

func BoxSeal 

func BoxSeal(b []byte, recipient *X25519PublicKey, sender *X25519Key) []byte

BoxSeal encrypts a message to a recipient.

Example 
package main

import (
	"fmt"
	"log"

	"github.com/keys-pub/keys"
)

func main() {
	ak := keys.GenerateX25519Key()
	bk := keys.GenerateX25519Key()

	msg := "Hey bob, it's alice. The passcode is 12345."
	encrypted := keys.BoxSeal([]byte(msg), bk.PublicKey(), ak)

	out, err := keys.BoxOpen(encrypted, ak.PublicKey(), bk)
	if err != nil {
		log.Fatal(err)
	}

	fmt.Printf("%s\n", string(out))
}

Output:

Hey bob, it's alice. The passcode is 12345.

func Bytes16 

func Bytes16(b []byte) *[16]byte

Bytes16 converts byte slice to *[16]byte.

func Bytes24 

func Bytes24(b []byte) *[24]byte

Bytes24 converts byte slice to *[24]byte.

func Bytes32 

func Bytes32(b []byte) *[32]byte

Bytes32 converts byte slice to *[32]byte.

func Bytes64 

func Bytes64(b []byte) *[64]byte

Bytes64 converts byte slice to *[64]byte.

func DecryptWithPassword 

func DecryptWithPassword(encrypted []byte, password string) ([]byte, error)

DecryptWithPassword decrypts bytes using a password. It assumes a 16 byte salt before the encrypted bytes.

func EncodeKeyToSaltpack 

func EncodeKeyToSaltpack(key Key, password string) (string, error)

EncodeKeyToSaltpack encrypts a key to saltpack with password.

func EncryptWithPassword 

func EncryptWithPassword(b []byte, password string) []byte

EncryptWithPassword encrypts bytes with a password. Uses argon2.IDKey(password, salt, 1, 64*1024, 4, 32) with 16 byte salt. The salt bytes are prepended to the encrypted bytes. This uses nacl.secretbox, so the bytes/message should be small. If you need to encrypt large amounts of data, use Saltpack instead (TODO: More details here).

func HKDFSHA256 

func HKDFSHA256(secret []byte, len int, salt []byte, info []byte) []byte

HKDFSHA256 expands a secret into another secret using HKDF with SHA256. Info is non-secret context info, optional (can be empty). Salt is non-secret salt, optional (can be nil), recommended: hash-length random value.

func HMACSHA256 

func HMACSHA256(key []byte, msg []byte) []byte

HMACSHA256 does a HMAC-SHA256 on msg with key.

func IDsToString 

func IDsToString(ids []ID, delim string) string

IDsToString returns string for joined Ikeys.

func IDsToStrings 

func IDsToStrings(ids []ID) []string

IDsToStrings returns []strings for []ID.

func IsTemporaryError 

func IsTemporaryError(err error) bool

IsTemporaryError returns true if the error has Temporary() function and that returns true

func IsValidID 

func IsValidID(s string) bool

IsValidID returns true if string is a valid ID.

func ItemForKey 

func ItemForKey(key Key) *keyring.Item

ItemForKey returns *keyring.Item for a Key.

func NewCertificateKeyItem 

func NewCertificateKeyItem(id string, certKey *CertificateKey) *keyring.Item

NewCertificateKeyItem creates an Item for a certificate private key.

func NewErrNotFound 

func NewErrNotFound(id string) error

NewErrNotFound constructs a ErrNotFound.

func PublicKeyIDEquals 

func PublicKeyIDEquals(expected ID, kid ID) bool

PublicKeyIDEquals returns true if public keys are equal. It will also compare EdX25519 public key and X25519 public keys.

func Rand16 

func Rand16() *[16]byte

Rand16 generates random 16 bytes.

func Rand24 

func Rand24() *[24]byte

Rand24 generates random 24 bytes.

func Rand32 

func Rand32() *[32]byte

Rand32 generates random 32 bytes.

func Rand3262 

func Rand3262() string

Rand3262 returns random 32 bytes Base62 encoded (length 43).

func Rand32P4 

func Rand32P4(n uint32) *[32]byte

Rand32P4 is random 32 bytes with 4 byte prefix.

func RandBytes 

func RandBytes(length int) []byte

RandBytes returns random bytes of length.

func RandPassword 

func RandPassword(length int) string

RandPassword returns a random password. It uses a-zA-Z0-9. It will contain an uppercase, a lowercase and a number. It will try not to repeat characters.

func RandPhrase 

func RandPhrase() string

RandPhrase creates random phrase (BIP39 encoded random 32 bytes).

func RandTempPath 

func RandTempPath() string

RandTempPath returns a unique random path in os.TempDir. RandTempPath() => "/tmp/CTGMMOLLZCXMGP7VR4BHKAI7PE"

func RandUsername 

func RandUsername(length int) string

RandUsername returns random lowercase string of length.

func RandWords 

func RandWords(numWords int) string

RandWords returns random (BIP39) words. numWords must be 1 to 24.

func RetryE 

func RetryE(fn func() error) error

RetryE will retry the fn (error) if the error is temporary (such as a temporary net.Error)

func RetrySE 

func RetrySE(fn func() (string, error)) (string, error)

RetrySE will retry the fn (string, error) if the error is temporary (such as a temporary net.Error)

func SHA256 

func SHA256(b []byte) []byte

SHA256 for bytes.

func SecretBoxOpen 

func SecretBoxOpen(encrypted []byte, secretKey *[32]byte) ([]byte, error)

SecretBoxOpen decrypt using a key. It assumes a 24 byte nonce before the encrypted bytes.

func SecretBoxSeal 

func SecretBoxSeal(b []byte, secretKey *[32]byte) []byte

SecretBoxSeal encrypts using a key. It prepends a 24 byte nonce to the the encrypted bytes.

func SetLogger 

func SetLogger(l Logger)

SetLogger sets logger for the package.

func SigchainHash 

func SigchainHash(st *Statement) (*[32]byte, error)

SigchainHash returns hash for Sigchain Statement.

func StatementKey 

func StatementKey(kid ID, seq int) string

StatementKey returns key for Statement kid,seq. If seq is <= 0, then there is no key. Path looks like "kpe1a4yj333g68pvd6hfqvufqkv4vy54jfe6t33ljd3kc9rpfty8xlgsfte2sn-000000000000001".

Types

type Address 

type Address struct {
	// contains filtered or unexported fields
}

Address is a canonical list of IDs.

func NewAddress 

func NewAddress(ids ...ID) (*Address, error)

NewAddress returns an Address from a list of IDs.

func ParseAddress 

func ParseAddress(saddrs ...string) (*Address, error)

ParseAddress returns address from a string.

func (*Address) Contains 

func (a *Address) Contains(id ID) bool

Contains returns true if address contains the specified id.

func (*Address) String 

func (a *Address) String() string

String returns a canonical string representation of an address. The first address part is less than the second part. 

NewAddress("bob", "alice").String() => "alice:bob"

func (*Address) Strings 

func (a *Address) Strings() []string

Strings returns IDs as strings.

type Brand 

type Brand string

Brand is saltpack brand. 

const EdX25519Brand Brand = "EDX25519 KEY"

EdX25519Brand is saltpack brand for EdX25519 key. 

const X25519Brand Brand = "X25519 KEY"

X25519Brand is saltpack brand for X25519 key.

type CertificateKey 

type CertificateKey struct {
	// contains filtered or unexported fields
}

CertificateKey with is a PEM encoded X.509v3 certificate (public key) and a PEM encoded EC private key.

func AsCertificateKey 

func AsCertificateKey(item *keyring.Item) (*CertificateKey, error)

AsCertificateKey returns CertificateKey for keyring Item.

func GenerateCertificateKey 

func GenerateCertificateKey(commonName string, isCA bool, parent *x509.Certificate) (*CertificateKey, error)

GenerateCertificateKey creates a certificate key.

func NewCertificateKey 

func NewCertificateKey(private string, public string) (*CertificateKey, error)

NewCertificateKey from PEM encoded X.509v3 certificate data and PEM encoded EC private key ASN.1, DER format

func (CertificateKey) Private 

func (c CertificateKey) Private() string

Private returns a PEM encoded EC private key ASN.1, DER format.

func (CertificateKey) Public 

func (c CertificateKey) Public() string

Public returns a PEM encoded X.509v3 certificate.

func (CertificateKey) TLSCertificate 

func (c CertificateKey) TLSCertificate() tls.Certificate

TLSCertificate returns a tls.Certificate.

func (CertificateKey) X509Certificate 

func (c CertificateKey) X509Certificate() (*x509.Certificate, error)

X509Certificate returns a x509.Certificate.

type ContextLogger 

type ContextLogger interface {
	Debugf(ctx context.Context, format string, args ...interface{})
	Infof(ctx context.Context, format string, args ...interface{})
	Warningf(ctx context.Context, format string, args ...interface{})
	Errorf(ctx context.Context, format string, args ...interface{})
}

ContextLogger interface used in this package with request context.

func NewContextLogger 

func NewContextLogger(lev LogLevel) ContextLogger

NewContextLogger ...

type DataType 

type DataType = string

DataType is the type of key data. 

const (
	// UnknownType is unknown
	UnknownType DataType = ""
	// IDType is string identifier (keys.ID)
	IDType DataType = "id"

	// SaltpackArmoredType is armored saltpack encoding.
	SaltpackArmoredType DataType = "saltpack-armored"

	// SSHPublicType is ssh public key "ssh-ed25519 AAAAC3Nz..."
	SSHPublicType DataType = "ssh-public"
	// SSHType is ssh private key "-----BEGIN OPENSSH PRIVATE..."
	SSHType DataType = "ssh"
)

func DetectDataType 

func DetectDataType(b []byte) ([]byte, DataType)

DetectDataType tries to find out what data type the bytes are. Returns bytes which may be different from input (for example, if whitespace is stripped).

type EdX25519Key 

type EdX25519Key struct {
	// contains filtered or unexported fields
}

EdX25519Key is a EdX25519 key capable of signing and encryption (converted to a X25519 key).

func AsEdX25519Key 

func AsEdX25519Key(item *keyring.Item) (*EdX25519Key, error)

AsEdX25519Key returns EdX25519Key for keyring Item.

func GenerateEdX25519Key 

func GenerateEdX25519Key() *EdX25519Key

GenerateEdX25519Key generates a EdX25519Key (EdX25519).

Example 
package main

import (
	"fmt"

	"github.com/keys-pub/keys"
)

func main() {
	alice := keys.GenerateEdX25519Key()
	fmt.Printf("Alice: %s\n", alice.ID())
}

func NewEdX25519KeyFromPrivateKey 

func NewEdX25519KeyFromPrivateKey(privateKey *[ed25519.PrivateKeySize]byte) *EdX25519Key

NewEdX25519KeyFromPrivateKey constructs EdX25519Key from a private key. The public key is derived from the private key.

func NewEdX25519KeyFromSeed 

func NewEdX25519KeyFromSeed(seed *[ed25519.SeedSize]byte) *EdX25519Key

NewEdX25519KeyFromSeed constructs EdX25519Key from an ed25519 seed. The private key is derived from this seed and the public key is derived from the private key.

func (*EdX25519Key) Bytes 

func (k *EdX25519Key) Bytes() []byte

Bytes for key.

func (*EdX25519Key) Bytes64 

func (k *EdX25519Key) Bytes64() *[64]byte

Bytes64 for key.

func (*EdX25519Key) EncodeToSSH 

func (k *EdX25519Key) EncodeToSSH(password []byte) ([]byte, error)

EncodeToSSH encodes a EdX25519Key for SSH.

func (*EdX25519Key) ID 

func (k *EdX25519Key) ID() ID

ID ...

func (*EdX25519Key) PrivateKey 

func (k *EdX25519Key) PrivateKey() *[ed25519.PrivateKeySize]byte

PrivateKey returns private key part.

func (*EdX25519Key) PublicKey 

func (k *EdX25519Key) PublicKey() *EdX25519PublicKey

PublicKey returns public part.

func (*EdX25519Key) SSHSigner 

func (k *EdX25519Key) SSHSigner() ssh.Signer

SSHSigner interface.

func (*EdX25519Key) Seed 

func (k *EdX25519Key) Seed() *[ed25519.SeedSize]byte

Seed returns information on how to generate this key from ed25519 package seed.

func (*EdX25519Key) Sign 

func (k *EdX25519Key) Sign(b []byte) []byte

Sign bytes with the (sign) private key.

Example 
package main

import (
	"fmt"
	"log"

	"github.com/keys-pub/keys"
)

func main() {
	alice := keys.GenerateEdX25519Key()
	msg := "I'm alice 🤓"
	sig := alice.Sign([]byte(msg))
	out, err := alice.PublicKey().Verify(sig)
	if err != nil {
		log.Fatal(err)
	}
	fmt.Printf("%s\n", string(out))
}

Output:

I'm alice 🤓

func (*EdX25519Key) SignDetached 

func (k *EdX25519Key) SignDetached(b []byte) []byte

SignDetached sign bytes detached.

func (*EdX25519Key) Signer 

func (k *EdX25519Key) Signer() crypto.Signer

Signer interface.

func (*EdX25519Key) String 

func (k *EdX25519Key) String() string

func (*EdX25519Key) Type 

func (k *EdX25519Key) Type() KeyType

Type ...

func (*EdX25519Key) X25519Key 

func (k *EdX25519Key) X25519Key() *X25519Key

X25519Key converts EdX25519Key to X25519Key.

type EdX25519PublicKey 

type EdX25519PublicKey struct {
	// contains filtered or unexported fields
}

EdX25519PublicKey is the public part of EdX25519 key pair.

func AsEdX25519PublicKey 

func AsEdX25519PublicKey(item *keyring.Item) (*EdX25519PublicKey, error)

AsEdX25519PublicKey returns EdX25519PublicKey for keyring Item.

func NewEdX25519PublicKey 

func NewEdX25519PublicKey(b *[ed25519.PublicKeySize]byte) *EdX25519PublicKey

NewEdX25519PublicKey creates a EdX25519PublicKey. Metadata is optional.

func NewEdX25519PublicKeyFromID 

func NewEdX25519PublicKeyFromID(id ID) (*EdX25519PublicKey, error)

NewEdX25519PublicKeyFromID converts ID to EdX25519PublicKey.

func (*EdX25519PublicKey) Bytes 

func (s *EdX25519PublicKey) Bytes() []byte

Bytes for key.

func (*EdX25519PublicKey) Bytes32 

func (s *EdX25519PublicKey) Bytes32() *[32]byte

Bytes32 for key.

func (*EdX25519PublicKey) EncodeToSSHAuthorized 

func (k *EdX25519PublicKey) EncodeToSSHAuthorized() []byte

EncodeToSSHAuthorized encodes a EdX25519PublicKey for SSH.

func (*EdX25519PublicKey) ID 

func (s *EdX25519PublicKey) ID() ID

ID for EdX25519Key.

func (*EdX25519PublicKey) String 

func (s *EdX25519PublicKey) String() string

func (*EdX25519PublicKey) Type 

func (s *EdX25519PublicKey) Type() KeyType

Type ...

func (*EdX25519PublicKey) Verify 

func (s *EdX25519PublicKey) Verify(b []byte) ([]byte, error)

Verify verifies a message and signature with public key.

func (*EdX25519PublicKey) VerifyDetached 

func (s *EdX25519PublicKey) VerifyDetached(sig []byte, b []byte) error

VerifyDetached verifies a detached message.

func (*EdX25519PublicKey) X25519PublicKey 

func (s *EdX25519PublicKey) X25519PublicKey() *X25519PublicKey

X25519PublicKey converts the ed25519 public key to a x25519 public key.

type ErrNotFound 

type ErrNotFound struct {
	ID string
}

ErrNotFound describes a key not found error when a key is required.

func (ErrNotFound) Error 

func (e ErrNotFound) Error() string

type ID 

type ID string

ID a bech32 encoded string.

func MustID 

func MustID(hrp string, b []byte) ID

MustID returns ID from HRP (human readable part) and bytes, or panics if invalid.

func NewID 

func NewID(hrp string, b []byte) (ID, error)

NewID creates ID from HRP (human readable part) and bytes.

func ParseID 

func ParseID(s string) (ID, error)

ParseID parses a string and validates an ID.

func ParseIDs 

func ParseIDs(strs []string) ([]ID, error)

ParseIDs returns IDs from strings.

func RandID 

func RandID(hrp string) ID

RandID returns random ID

func (ID) Bytes 

func (i ID) Bytes() []byte

Bytes are key data.

func (ID) Decode 

func (i ID) Decode() (string, []byte, error)

Decode ID into HRP (human readable part) and bytes (data).

func (ID) ID 

func (i ID) ID() ID

ID for Keys interface.

func (ID) IsEdX25519 

func (i ID) IsEdX25519() bool

IsEdX25519 returns true if ID represents a EdX25519 key.

func (ID) IsX25519 

func (i ID) IsX25519() bool

IsX25519 returns true if ID represents a X25519 key.

func (ID) PublicKeyType 

func (i ID) PublicKeyType() KeyType

PublicKeyType returns public key type that ID represents or empty string if unknown.

func (ID) String 

func (i ID) String() string

func (ID) Type 

func (i ID) Type() KeyType

Type of key.

func (ID) WithSeq 

func (i ID) WithSeq(seq int) string

WithSeq returns string with a sequence value appended to the ID.

type IDSet 

type IDSet struct {
	// contains filtered or unexported fields
}

IDSet is a set of strings.

func NewIDSet 

func NewIDSet(ids ...ID) *IDSet

NewIDSet creates IDSet.

func NewIDSetWithCapacity 

func NewIDSetWithCapacity(capacity int) *IDSet

NewIDSetWithCapacity ..

func (*IDSet) Add 

func (s *IDSet) Add(id ID)

Add to set.

func (*IDSet) AddAll 

func (s *IDSet) AddAll(ids []ID)

AddAll to set.

func (*IDSet) Clear 

func (s *IDSet) Clear()

Clear set.

func (*IDSet) Contains 

func (s *IDSet) Contains(id ID) bool

Contains returns true if set contains string.

func (*IDSet) IDs 

func (s *IDSet) IDs() []ID

IDs returns IDs in set.

func (*IDSet) Size 

func (s *IDSet) Size() int

Size for set.

type Key 

type Key interface {
	// ID for the key.
	ID() ID

	// Type of key.
	Type() KeyType

	// Bytes are key data.
	Bytes() []byte
}

Key with identifier, bytes and a type.

func DecodeKeyFromSaltpack 

func DecodeKeyFromSaltpack(msg string, password string, isHTML bool) (Key, error)

DecodeKeyFromSaltpack decrypts a saltpack encrypted key.

func KeyForItem 

func KeyForItem(item *keyring.Item) (Key, error)

KeyForItem returns Key from *keyring.Item or nil if not recognized as a Key.

func ParseKey 

func ParseKey(b []byte, password string) (Key, error)

ParseKey tries to determine what key type and parses the key bytes.

func ParseSSHKey 

func ParseSSHKey(pemBytes []byte, passphrase []byte, trim bool) (Key, error)

ParseSSHKey parses a SSH private key.

func ParseSSHPublicKey 

func ParseSSHPublicKey(s string) (Key, error)

ParseSSHPublicKey parses a SSH public key.

type KeyType 

type KeyType string

KeyType ... 

const EdX25519 KeyType = "edx25519"

EdX25519 key. 

const EdX25519Public KeyType = "ed25519-public"

EdX25519Public public key. 

const X25519 KeyType = "x25519"

X25519 key type. 

const X25519Public KeyType = "x25519-public"

X25519Public public key type.

type LogLevel 

type LogLevel int

LogLevel ... 

const (
	// DebugLevel ...
	DebugLevel LogLevel = 3
	// InfoLevel ...
	InfoLevel LogLevel = 2
	// WarnLevel ...
	WarnLevel LogLevel = 1
	// ErrLevel ...
	ErrLevel LogLevel = 0
)

func (LogLevel) String 

func (l LogLevel) String() string

type Logger 

type Logger interface {
	Debugf(format string, args ...interface{})
	Infof(format string, args ...interface{})
	Warningf(format string, args ...interface{})
	Errorf(format string, args ...interface{})
	Fatalf(format string, args ...interface{})
}

Logger interface used in this package.

func NewLogger 

func NewLogger(lev LogLevel) Logger

NewLogger ...

type Opts 

type Opts struct {
	Types []KeyType
}

Opts are options for listing keys.

type Sigchain 

type Sigchain struct {
	// contains filtered or unexported fields
}

Sigchain is a chain of signed statements by a sign key.

func NewSigchain 

func NewSigchain(kid ID) *Sigchain

NewSigchain returns a new Sigchain for a EdX25519PublicKey.

Example 
package main

import (
	"fmt"
	"log"

	"github.com/keys-pub/keys"
	"github.com/keys-pub/keys/tsutil"
)

func main() {
	clock := tsutil.NewClock()
	alice := keys.GenerateEdX25519Key()
	sc := keys.NewSigchain(alice.ID())

	// Create root statement
	st, err := keys.NewSigchainStatement(sc, []byte("hi! 🤓"), alice, "", clock.Now())
	if err != nil {
		log.Fatal(err)
	}
	if err := sc.Add(st); err != nil {
		log.Fatal(err)
	}

	// Add 2nd statement
	st2, err := keys.NewSigchainStatement(sc, []byte("2nd message"), alice, "", clock.Now())
	if err != nil {
		log.Fatal(err)
	}
	if err := sc.Add(st2); err != nil {
		log.Fatal(err)
	}

	// Revoke 2nd statement
	_, err = sc.Revoke(2, alice)
	if err != nil {
		log.Fatal(err)
	}

	// Spew
	spew := sc.Spew()
	fmt.Println(spew.String())
}

func (*Sigchain) Add 

func (s *Sigchain) Add(st *Statement) error

Add signed statement to the Sigchain.

func (*Sigchain) AddAll 

func (s *Sigchain) AddAll(statements []*Statement) error

AddAll pushes signed statements to the Sigchain.

func (*Sigchain) FindAll 

func (s *Sigchain) FindAll(typ string) []*Statement

FindAll returns statements of type.

func (*Sigchain) FindLast 

func (s *Sigchain) FindLast(typ string) *Statement

FindLast search from the last statement to the first, returning after If type is specified, we will search for that statement type. If we found a statement and it was revoked, we return nil.

func (*Sigchain) IsRevoked 

func (s *Sigchain) IsRevoked(seq int) bool

IsRevoked returns true if statement was revoked.

func (*Sigchain) KID 

func (s *Sigchain) KID() ID

KID ...

func (*Sigchain) Last 

func (s *Sigchain) Last() *Statement

Last returns last statement or nil if none.

func (*Sigchain) LastSeq 

func (s *Sigchain) LastSeq() int

LastSeq returns last signed statment seq (or 0 if no signed statements exist).

func (*Sigchain) Length 

func (s *Sigchain) Length() int

Length of Sigchain.

func (*Sigchain) Revoke 

func (s *Sigchain) Revoke(revoke int, sk *EdX25519Key) (*Statement, error)

Revoke a signed statement in the Sigchain.

func (*Sigchain) Spew 

func (s *Sigchain) Spew() *bytes.Buffer

Spew shows formatted sigchain output.

func (*Sigchain) Statements 

func (s *Sigchain) Statements() []*Statement

Statements are all the signed statements.

func (*Sigchain) VerifyStatement 

func (s *Sigchain) VerifyStatement(st *Statement, prev *Statement) error

VerifyStatement verifies a signed statement against a previous statement (in a Sigchain).

type SigchainStore 

type SigchainStore interface {
	// KIDs returns all the sigchain KIDs.
	KIDs() ([]ID, error)

	// Sigchain for kid.
	Sigchain(kid ID) (*Sigchain, error)

	// SaveSigchain saves sigchain to the store.
	SaveSigchain(sc *Sigchain) error
	// DeleteSigchain deletes sigchain from the store.
	DeleteSigchain(kid ID) (bool, error)

	// SigchainExists if true, has sigchain.
	SigchainExists(kid ID) (bool, error)

	// Now is current time.
	Now() time.Time
	// SetTimeNow sets clock.
	SetTimeNow(nowFn func() time.Time)
}

SigchainStore provides access to sigchains, usually backed by a DocumentStore, such as a local db.

func NewSigchainStore 

func NewSigchainStore(dst ds.DocumentStore) SigchainStore

NewSigchainStore creates a SigchainStore from a DocumentStore.

type Statement 

type Statement struct {
	// Sig is the signature bytes.
	Sig []byte

	// Data.
	Data []byte
	// KID is the key that signed.
	KID ID

	// Seq in a sigchain (1 is root, optional if not in sigchain).
	Seq int
	// Prev is a hash of the previous item in the sigchain (optional if root).
	Prev []byte
	// Revoke refers to a previous signed seq to revoke (optional).
	Revoke int

	// Type (optional).
	Type string

	// Timestamp (optional).
	Timestamp time.Time
	// contains filtered or unexported fields
}

Statement signed.

func NewRevokeStatement 

func NewRevokeStatement(sc *Sigchain, revoke int, sk *EdX25519Key) (*Statement, error)

NewRevokeStatement creates a revoke Statement.

func NewSigchainStatement 

func NewSigchainStatement(sc *Sigchain, b []byte, sk *EdX25519Key, typ string, ts time.Time) (*Statement, error)

NewSigchainStatement creates a signed Statement to be added to the Sigchain.

func NewSignedStatement 

func NewSignedStatement(b []byte, sk *EdX25519Key, typ string, ts time.Time) *Statement

NewSignedStatement creates a signed Statement. Use NewSigchainStatement if part of a Sigchain.

Example 
clock := tsutil.NewClock()

sk := keys.NewEdX25519KeyFromSeed(testSeed(0x01))

st := keys.NewSignedStatement(bytes.Repeat([]byte{0x01}, 16), sk, "", clock.Now())

data := st.SpecificSerialization()
fmt.Printf("%s\n", string(data))

b, err := st.Bytes()
if err != nil {
	log.Fatal(err)
}
fmt.Printf("%s\n", string(b))

Output:

{".sig":"","data":"AQEBAQEBAQEBAQEBAQEBAQ==","kid":"kex132yw8ht5p8cetl2jmvknewjawt9xwzdlrk2pyxlnwjyqrdq0dawqqph077","ts":1234567890001}
{".sig":"XcDbICx+rKfYUPgwqU08lLChmjJL5Eco/LxLHNA2C0oZILITnVng04XzFK4wCj2qObkAEyzYywKUb/zn3VACDA==","data":"AQEBAQEBAQEBAQEBAQEBAQ==","kid":"kex132yw8ht5p8cetl2jmvknewjawt9xwzdlrk2pyxlnwjyqrdq0dawqqph077","ts":1234567890001}

func NewStatement 

func NewStatement(sig []byte, data []byte, spk StatementPublicKey, seq int, prev []byte, revoke int, typ string, ts time.Time) (*Statement, error)

NewStatement creates a new statement from specified parameters. Use NewSigchainStatement for a signed Sigchain Statement. Use NewSignedStatement for a signed Statement outside a Sigchain.

func NewUnverifiedStatement 

func NewUnverifiedStatement(sig []byte, data []byte, kid ID, seq int, prev []byte, revoke int, typ string, ts time.Time) (*Statement, error)

NewUnverifiedStatement creates an unverified statement.

func (*Statement) Bytes 

func (s *Statement) Bytes() ([]byte, error)

Bytes is the serialized Statement.

func (*Statement) Key 

func (s *Statement) Key() string

Key for a Statement. If Seq is not set, then there is no key. Key looks like "kpe1a4yj333g68pvd6hfqvufqkv4vy54jfe6t33ljd3kc9rpfty8xlgsfte2sn-000000000000001".

func (*Statement) MarshalJSON 

func (s *Statement) MarshalJSON() ([]byte, error)

MarshalJSON marshals statement to JSON.

func (*Statement) SpecificSerialization 

func (s *Statement) SpecificSerialization() []byte

SpecificSerialization is the specific serialization or the bytes to sign. It is the statement serialized without the sig value.

func (*Statement) URL 

func (s *Statement) URL() string

URL returns path string for a Statement in the HTTP API. If Seq is not set, then there is no path. Path looks like "/ed1a4yj333g68pvd6hfqvufqkv4vy54jfe6t33ljd3kc9rpfty8xlgsfte2sn/1".

func (*Statement) UnmarshalJSON 

func (s *Statement) UnmarshalJSON(b []byte) error

UnmarshalJSON unmarshals a statement from JSON.

func (*Statement) Verify 

func (s *Statement) Verify() error

Verify statement.

type StatementPublicKey 

type StatementPublicKey interface {
	ID() ID
	Verify(b []byte) ([]byte, error)
	VerifyDetached(sig []byte, b []byte) error
}

StatementPublicKey is public key for a Statement.

func StatementPublicKeyFromID 

func StatementPublicKeyFromID(id ID) (StatementPublicKey, error)

StatementPublicKeyFromID converts ID to StatementPublicKey. TODO: Support other key types.

type Store 

type Store struct {
	// contains filtered or unexported fields
}

Store saves keys to the keyring.

func NewMemStore 

func NewMemStore(setup bool) *Store

NewMemStore returns Store backed by an in memory keyring. This is useful for testing or ephemeral key stores. If setup is true, the mem keyring will be setup with a random key.

func NewStore 

func NewStore(kr *keyring.Keyring) *Store

NewStore constructs a Store.

func (*Store) Delete 

func (k *Store) Delete(kid ID) (bool, error)

Delete removes an item from the keyring.

func (*Store) EdX25519Key 

func (k *Store) EdX25519Key(kid ID) (*EdX25519Key, error)

EdX25519Key returns an EdX25519Key from the keyring.

func (*Store) EdX25519Keys 

func (k *Store) EdX25519Keys() ([]*EdX25519Key, error)

EdX25519Keys from the keyring.

func (*Store) EdX25519PublicKey 

func (k *Store) EdX25519PublicKey(kid ID) (*EdX25519PublicKey, error)

EdX25519PublicKey returns EdX25519 public key from the keyring. Since the public key itself is in the ID, you can convert the ID without getting it from the Store via NewEdX25519PublicKeyFromID.

func (*Store) EdX25519PublicKeys 

func (k *Store) EdX25519PublicKeys() ([]*EdX25519PublicKey, error)

EdX25519PublicKeys from the keyring. Includes public keys of EdX25519Key's.

func (*Store) ExportSaltpack 

func (k *Store) ExportSaltpack(id ID, password string) (string, error)

ExportSaltpack exports key from the keyring to a Saltpack message.

func (*Store) FindEdX25519PublicKey 

func (k *Store) FindEdX25519PublicKey(kid ID) (*EdX25519PublicKey, error)

FindEdX25519PublicKey searches all our EdX25519 public keys for a match to a converted X25519 public key.

func (*Store) ImportSaltpack 

func (k *Store) ImportSaltpack(msg string, password string, isHTML bool) (Key, error)

ImportSaltpack imports key into the keyring from a Saltpack message.

func (*Store) Key 

func (k *Store) Key(id ID) (Key, error)

Key for id.

func (*Store) Keys 

func (k *Store) Keys(opts *Opts) ([]Key, error)

Keys lists keys in the keyring. It ignores keyring items that aren't keys or of the specified types.

func (*Store) Save 

func (k *Store) Save(key Key) error

Save saves a Key to the keyring. Returns keyring.ErrItemAlreadyExists if key exists already.

func (*Store) X25519Key 

func (k *Store) X25519Key(kid ID) (*X25519Key, error)

X25519Key returns an X25519Key from the keyring.

func (*Store) X25519Keys 

func (k *Store) X25519Keys() ([]*X25519Key, error)

X25519Keys from the keyring. Also includes edx25519 keys converted to x25519 keys.

func (*Store) X25519PublicKey 

func (k *Store) X25519PublicKey(kid ID) (*X25519PublicKey, error)

X25519PublicKey returns box public key from the keyring. Since the public key itself is in the ID, you can convert the ID without getting it from the Store via X25519PublicKeyForID.

type X25519Key 

type X25519Key struct {
	// contains filtered or unexported fields
}

X25519Key is a X25519 assymmetric encryption key.

func AsX25519Key 

func AsX25519Key(item *keyring.Item) (*X25519Key, error)

AsX25519Key returns X25519Key for keyring Item. If item is EdX25519Key returns converted to X25519Key.

func GenerateX25519Key 

func GenerateX25519Key() *X25519Key

GenerateX25519Key creates a new X25519Key.

Example 
package main

import (
	"fmt"

	"github.com/keys-pub/keys"
)

func main() {
	alice := keys.GenerateX25519Key()
	fmt.Printf("Alice: %s\n", alice.ID())
}

func NewX25519KeyFromPrivateKey 

func NewX25519KeyFromPrivateKey(privateKey *[32]byte) *X25519Key

NewX25519KeyFromPrivateKey creates a X25519Key from private key bytes.

func NewX25519KeyFromSeed 

func NewX25519KeyFromSeed(seed *[32]byte) *X25519Key

NewX25519KeyFromSeed from seed.

func (*X25519Key) Bytes 

func (k *X25519Key) Bytes() []byte

Bytes for key.

func (*X25519Key) Bytes32 

func (k *X25519Key) Bytes32() *[32]byte

Bytes32 for key.

func (*X25519Key) ID 

func (k *X25519Key) ID() ID

ID is key identifer.

func (*X25519Key) Open 

func (k *X25519Key) Open(b []byte, nonce *[24]byte, sender *X25519PublicKey) ([]byte, bool)

Open decrypts message with nacl.box Open.

func (*X25519Key) PrivateKey 

func (k *X25519Key) PrivateKey() *[32]byte

PrivateKey returns private part of this X25519Key.

func (*X25519Key) PublicKey 

func (k *X25519Key) PublicKey() *X25519PublicKey

PublicKey returns public part of this X25519Key.

func (*X25519Key) Seal 

func (k *X25519Key) Seal(b []byte, nonce *[24]byte, recipient *X25519PublicKey) []byte

Seal encrypts message with nacl.box Seal.

func (*X25519Key) Type 

func (k *X25519Key) Type() KeyType

Type of key.

type X25519PublicKey 

type X25519PublicKey struct {
	// contains filtered or unexported fields
}

X25519PublicKey is the public key part of a x25519 key.

func AsX25519PublicKey 

func AsX25519PublicKey(item *keyring.Item) (*X25519PublicKey, error)

AsX25519PublicKey returns X25519PublicKey for keyring Item.

func NewX25519PublicKey 

func NewX25519PublicKey(b *[32]byte) *X25519PublicKey

NewX25519PublicKey creates X25519PublicKey. Metadata is optional.

func NewX25519PublicKeyFromEdX25519ID 

func NewX25519PublicKeyFromEdX25519ID(id ID) (*X25519PublicKey, error)

NewX25519PublicKeyFromEdX25519ID creates public key from EdX25519 key ID.

func NewX25519PublicKeyFromID 

func NewX25519PublicKeyFromID(id ID) (*X25519PublicKey, error)

NewX25519PublicKeyFromID converts ID to X25519PublicKey.

func (*X25519PublicKey) Bytes 

func (k *X25519PublicKey) Bytes() []byte

Bytes for key.

func (*X25519PublicKey) Bytes32 

func (k *X25519PublicKey) Bytes32() *[32]byte

Bytes32 for key.

func (*X25519PublicKey) ID 

func (k *X25519PublicKey) ID() ID

ID for box public key.

func (*X25519PublicKey) Type 

func (k *X25519PublicKey) Type() KeyType

Type of key.

Source Files

View all Source files

Directories

Path Synopsis
Package bech32 is a modified version of the reference implementation of BIP173.
 Package bech32 is a modified version of the reference implementation of BIP173.
Package ds provides a Document store.
 Package ds provides a Document store.
Package encoding provides encoding and decoding of different formats like Base62, Saltpack, BIP39.
 Package encoding provides encoding and decoding of different formats like Base62, Saltpack, BIP39.
Package json provides a simpler JSON marshaller.
 Package json provides a simpler JSON marshaller.
Package keyring provides a cross-platform secure keyring.
 Package keyring provides a cross-platform secure keyring.
cmd/keyring command
Package link defines services capable of linking keys to users.
 Package link defines services capable of linking keys to users.
Package noise integrates keys with the Noise protocol.
 Package noise integrates keys with the Noise protocol.
Package request provides clients for requesting data.
 Package request provides clients for requesting data.
Package saltpack integrates keys with Saltpack (saltpack.org).
 Package saltpack integrates keys with Saltpack (saltpack.org).
Package secret defines secret types for storing in a keyring.
 Package secret defines secret types for storing in a keyring.
Package tsutil provides timestamp and time utilities.
 Package tsutil provides timestamp and time utilities.
Package user defines user statements, store and search.
 Package user defines user statements, store and search.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.