trust

package
v0.13.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 18, 2026 License: BSD-3-Clause-Clear Imports: 12 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type DelegatingKeyService 

type DelegatingKeyService struct {
	// contains filtered or unexported fields
}

DelegatingKeyService is a key service that multiplexes between key managers based on the key's mode.

func NewDelegatingKeyService 

func NewDelegatingKeyService(index KeyIndex, l *logger.Logger, c *cache.Cache) *DelegatingKeyService

func (*DelegatingKeyService) Close 

func (d *DelegatingKeyService) Close()

func (*DelegatingKeyService) Decrypt 

func (d *DelegatingKeyService) Decrypt(ctx context.Context, keyID KeyIdentifier, ciphertext []byte, ephemeralPublicKey []byte) (ocrypto.ProtectedKey, error)

func (*DelegatingKeyService) DeriveKey 

func (d *DelegatingKeyService) DeriveKey(ctx context.Context, keyID KeyIdentifier, ephemeralPublicKeyBytes []byte, curve elliptic.Curve) (ProtectedKey, error)

func (*DelegatingKeyService) FindKeyByAlgorithm 

func (d *DelegatingKeyService) FindKeyByAlgorithm(ctx context.Context, algorithm string, includeLegacy bool) (KeyDetails, error)

Implementing KeyIndex methods

func (*DelegatingKeyService) FindKeyByID 

func (d *DelegatingKeyService) FindKeyByID(ctx context.Context, id KeyIdentifier) (KeyDetails, error)

func (*DelegatingKeyService) GenerateECSessionKey 

func (d *DelegatingKeyService) GenerateECSessionKey(ctx context.Context, ephemeralPublicKey string) (Encapsulator, error)

func (*DelegatingKeyService) ListKeys 

func (d *DelegatingKeyService) ListKeys(ctx context.Context) ([]KeyDetails, error)

func (*DelegatingKeyService) ListKeysWith added in v0.9.0 

func (d *DelegatingKeyService) ListKeysWith(ctx context.Context, opts ListKeyOptions) ([]KeyDetails, error)

func (*DelegatingKeyService) Name 

func (d *DelegatingKeyService) Name() string

Implementing KeyManager methods

func (*DelegatingKeyService) RegisterKeyManagerCtx added in v0.10.0 

func (d *DelegatingKeyService) RegisterKeyManagerCtx(name string, factory KeyManagerFactoryCtx)

func (*DelegatingKeyService) SetDefaultMode added in v0.5.5 

func (d *DelegatingKeyService) SetDefaultMode(manager, name string, cfg []byte)

type Encapsulator deprecated 

type Encapsulator = ocrypto.Encapsulator

Deprecated: use ocrypto.Encapsulator

type KeyDetails 

type KeyDetails interface {
	// ID returns the unique identifier for the key
	ID() KeyIdentifier

	// Algorithm returns the algorithm used by the key
	Algorithm() ocrypto.KeyType

	// IsLegacy returns true if this is a legacy key that should only be used for decryption
	IsLegacy() bool

	// ExportPrivateKey exports the private key in the specified format
	// Returns error if key is not exportable
	ExportPrivateKey(ctx context.Context) (*PrivateKey, error)

	// ExportPublicKey exports the public key in the specified format
	ExportPublicKey(ctx context.Context, format KeyType) (string, error)

	// ExportCertificate exports the certificate associated with the key, if available
	ExportCertificate(ctx context.Context) (string, error)

	// Gets the mode indicator for the key; this is used to lookup the appropriate KeyManager.
	System() string

	// Get the provider configutaiton for the key
	ProviderConfig() *policy.KeyProviderConfig
}

KeyDetails provides information about a specific key

type KeyIdentifier 

type KeyIdentifier string

KeyIdentifier uniquely identifies a key

type KeyIndex 

type KeyIndex interface {
	fmt.Stringer
	slog.LogValuer
	// FindKeyByAlgorithm returns a key for the specified algorithm
	// If includeLegacy is true, legacy keys will be included in the search
	FindKeyByAlgorithm(ctx context.Context, algorithm string, includeLegacy bool) (KeyDetails, error)

	// FindKeyByID returns a key with the specified ID
	FindKeyByID(ctx context.Context, id KeyIdentifier) (KeyDetails, error)

	// ListKeys returns all available keys
	ListKeys(ctx context.Context) ([]KeyDetails, error)

	// List keys with options
	ListKeysWith(ctx context.Context, opts ListKeyOptions) ([]KeyDetails, error)
}

KeyIndex provides methods to locate keys by various criteria

type KeyManager 

type KeyManager interface {
	// Name is a unique identifier for the key manager.
	// This can be used by the KeyDetail.System() method to determine which KeyManager to use,
	// when multiple KeyManagers are installed.
	Name() string

	// Decrypt decrypts data that was encrypted with the key identified by keyID
	// For EC keys, ephemeralPublicKey must be non-nil
	// For RSA keys, ephemeralPublicKey should be nil
	// Returns an UnwrappedKeyData interface for further operations
	Decrypt(ctx context.Context, key KeyDetails, ciphertext []byte, ephemeralPublicKey []byte) (ProtectedKey, error)

	// DeriveKey computes an agreed upon secret key derived from an ECDH exchange.
	DeriveKey(ctx context.Context, key KeyDetails, ephemeralPublicKeyBytes []byte, curve elliptic.Curve) (ProtectedKey, error)

	// GenerateECSessionKey generates a private session key, for use with a client-provided ephemeral public key
	GenerateECSessionKey(ctx context.Context, ephemeralPublicKey string) (Encapsulator, error)

	// Close releases any resources held by the provider
	Close()
}

KeyManager combines key lookup functionality with cryptographic operations

type KeyManagerFactory 

type KeyManagerFactory func(opts *KeyManagerFactoryOptions) (KeyManager, error)

KeyManagerFactory defines the signature for functions that can create KeyManager instances. KeyManagerFactoryCtx is preferred.

type KeyManagerFactoryCtx added in v0.10.0 

type KeyManagerFactoryCtx func(ctx context.Context, opts *KeyManagerFactoryOptions) (KeyManager, error)

KeyManagerFactoryCtx defines the signature for functions that can create KeyManager instances.

type KeyManagerFactoryOptions added in v0.7.0 

type KeyManagerFactoryOptions struct {
	Logger *logger.Logger
	Cache  *cache.Cache
	Config *policy.KeyProviderConfig
}

type KeyService 

type KeyService interface {
	KeyIndex
	KeyManager
}

Helper interface for unified key management objects

type KeyType 

type KeyType int

KeyType represents the format in which a key can be exported 

const (
	// KeyTypeJWK represents a key in JWK format
	KeyTypeJWK KeyType = iota
	// KeyTypePKCS8 represents a key in PKCS8 format
	KeyTypePKCS8
)

type ListKeyOptions added in v0.9.0 

type ListKeyOptions struct {
	LegacyOnly bool
}

Key Options to pass into ListKeysWith when filtering keys

type NamedKeyManagerCtxFactory added in v0.10.0 

type NamedKeyManagerCtxFactory struct {
	Name    string
	Factory KeyManagerFactoryCtx
}

NamedKeyManagerCtxFactory pairs a KeyManagerFactoryCtx with its intended registration name.

type NamedKeyManagerFactory added in v0.7.0 

type NamedKeyManagerFactory struct {
	Name    string
	Factory KeyManagerFactory
}

NamedKeyManagerFactory pairs a KeyManagerFactory with its intended registration name. Use NamedKeyManagerCtxFactory instead.

type PrivateKey added in v0.5.5 

type PrivateKey struct {
	// Key ID of the Key used to wrap the private key
	WrappingKeyID KeyIdentifier
	// Wrapped Key is the encrypted private key
	WrappedKey string
}

type ProtectedKey deprecated 

type ProtectedKey = ocrypto.ProtectedKey

Deprecated: use ocrypto.ProtectedKey

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.