auth_method_pem

package

v0.51.2 Latest Latest Go to latest Published: May 7, 2026 License: Apache-2.0 Imports: 7 Imported by: 0

Details

Package auth_method_pem implements a PEM backup key auth method.

View Source

const MethodID = "pem"

MethodID is the auth method ID for PEM backup keys.

This section is empty.

func GenerateBackupKey() (privPem []byte, pubPem []byte, err error)

GenerateBackupKey creates a new Ed25519 keypair for PEM backup. Returns the private key PEM and public key PEM bytes.

func NewMethod(
	ctx context.Context,
	le *logrus.Entry,
	handler auth_method.Handler,
) (auth_method.Method, error)

NewMethod constructs the PEM method as an auth method.

type PemMethod struct{}

PemMethod implements the auth method interface for PEM backup keys.

func NewPemMethod() *PemMethod

NewPemMethod constructs a PemMethod.

func (p *PemMethod) Authenticate(paramsi auth_method.Parameters, authSecretData []byte) (crypto.PrivKey, error)

Authenticate authenticates with existing auth parameters. authSecretData is the full PEM private key file bytes.

func (p *PemMethod) Close()

Close closes all resources related to the auth method.

func (p *PemMethod) Execute(ctx context.Context) error

Execute executes the auth method.

func (p *PemMethod) GetMethodID() string

GetMethodID returns the auth method ID.

func (p *PemMethod) UnmarshalParameters(data []byte) (auth_method.Parameters, error)

UnmarshalParameters unmarshals+validates parameters from binary. The data is the PEM-encoded public key bytes.

type PemParameters struct {
	// PubKeyPem is the PEM-encoded public key bytes.
	PubKeyPem []byte
}

PemParameters stores the PEM-encoded public key for verification.

func (p *PemParameters) MarshalBlock() ([]byte, error)

MarshalBlock marshals the parameters to binary.

func (p *PemParameters) Validate() error

Validate validates the parameters by parsing the PEM public key.