crypto

package
v0.53.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 18, 2026 License: Apache-2.0 Imports: 11 Imported by: 2

Documentation

Overview

Package crypto provides access to CryptoManagerKmip methods used to manage cryptographic key providers. For creating and delete native providers, see package vapi/crypto.

Index

Examples

Constants

View Source 
const (
	VMwareURLPrefix             = "vmware:"
	VMwareURLDelim              = '/'
	VMwareURLCategoryKL         = "key"
	VMwareURLCompoundLeftDelim  = '('
	VMwareURLCompoundRightDelim = ')'
	VMwareURLCompoundDelim      = ','
	VMwareURLNullElem           = "<VMWARE-NULL>"
	VMwareURLEmptyStringElem    = "<VMWARE-EMPTYSTRING>"
)

URL constants

View Source 
const (
	CheckKeyAvailable   = int32(0x01)
	CheckKeyUsedByVms   = int32(0x02)
	CheckKeyUsedByHosts = int32(0x04)
	CheckKeyUsedByOther = int32(0x08)
)

Variables

This section is empty.

Functions

func KeyLocatorRoleToName added in v0.53.0 

func KeyLocatorRoleToName(role KeyLocatorRole) string

KeyLocatorRoleToName returns the name for a key locator role

func KeyLocatorTypeToName added in v0.53.0 

func KeyLocatorTypeToName(klType KeyLocatorType) string

keyLocatorTypeToName returns the name for a key locator type.

func URLEscape added in v0.53.0 

func URLEscape(input []byte) string

URLEscape escapes all non-alphanumeric characters in the string for URL inclusion.

func URLUnescape added in v0.53.0 

func URLUnescape(input string) ([]byte, error)

URLUnescape unescapes a URL-encoded string.

Types

type KeyLocator added in v0.53.0 

type KeyLocator struct {
	Type KeyLocatorType

	// Union of type-specific data
	Key      []byte              // for atomic class (raw key data)
	Indirect *KeyLocatorIndirect // for indirect class
	Pair     *KeyLocatorPair     // for compound class, pair type
	List     []*KeyLocator       // for compound class, list type
}

KeyLocator represents a key locator

Example (Manual)

Example demonstrates creating a simple KeyLocator programmatically 

package main

import (
	"fmt"
	"log"

	"github.com/vmware/govmomi/crypto"
)

func main() {
	// Create an FQID KeyLocator manually
	kl := &crypto.KeyLocator{
		Type: crypto.KeyLocatorTypeFQID,
		Indirect: &crypto.KeyLocatorIndirect{
			Type:     crypto.KeyLocatorTypeFQID,
			UniqueID: "my-unique-id",
			FQID: crypto.KeyLocatorFQIDParams{
				KeyServerID: "production-server",
				KeyID:       "encryption-key-001",
			},
		},
	}

	// Export it to URL format
	url := kl.String()
	fmt.Printf("Generated URL: %s\n", url)

	// Import it back to verify
	imported, err := crypto.ImportKeyLocator(string(url))
	if err != nil {
		log.Fatalf("Failed to import back: %v", err)
	}

	fmt.Printf("Round-trip successful: %t\n",
		imported.Indirect.FQID.KeyServerID == kl.Indirect.FQID.KeyServerID &&
			imported.Indirect.FQID.KeyID == kl.Indirect.FQID.KeyID)

}

Output:

Generated URL: vmware:key/fqid/my%2dunique%2did/production%2dserver/encryption%2dkey%2d001
Round-trip successful: true

func ImportKeyLocator added in v0.53.0 

func ImportKeyLocator(s string) (*KeyLocator, error)

ImportKeyLocator constructs a KeyLocator from the specified opaque string, which was originally exported by KeyLocator.String.

Example

ExampleImportKeyLocator demonstrates importing and parsing a KeyLocator URL. 

package main

import (
	"fmt"
	"log"

	"github.com/vmware/govmomi/crypto"
)

func main() {
	testURL := `vmware:key/list/(pair/(fqid/<VMWARE-NULL>/local/ASEAAgEAIexBYS7MTFOGo6XyS0PZfQEIAAwAEAAgAAQAQUVTLTI1NgCmT8mZIAuAGqLaFVU3pBlaT7%2fzDJm3%2fy%2f05n9y9%2bxv1aVSfBY9e6rBrhvKIkB2G%2fsvF7L%2bLGpoojr136%2bghgEA,HMAC%2dSHA%2d256,kIc7z%2fJowrpzVUAand6fC4ixT5BY6KwNTbAPFQErmxFRkmhJNOTp1VyQFnkn5kLgvKpt7KJKlm%2fvLkO6YxkVe61EMdtdsR2nL9DWMsDWov9syEh%2ftVED%2fzCct1fFpUaqSa29J%2fFk9%2bD22HiA0%2flumBPwt9M5aW0HB9T9lEMxNEVpSOBPmOW63DzLzAq1EC7%2fIWuCimTL%2b15%2be4uwDvxEYI5RDofZ2fm9oyM9MLHDTYPo%2fsFo8GU1LK%2frLsQcj20XijOe%2bfLnDlbJcH1nCmyoO8tweHwDs%2fmwhbpQudvXbGVM3jboiXoPj9rki%2boGeE8clTcBUyRxHE6n56MuZ6HmH1GHt9tBLyAHvk4oj2wNGGc%3d))`

	// Import the KeyLocator
	kl, err := crypto.ImportKeyLocator(testURL)
	if err != nil {
		log.Fatalf("Failed to import KeyLocator: %v", err)
	}

	// Analyze the structure
	fmt.Printf("Root type: %s\n", crypto.KeyLocatorTypeToName(kl.Type))
	fmt.Printf("List contains %d element(s)\n", len(kl.List))

	// Get the first (and only) element - it's a pair
	pair := kl.List[0]
	fmt.Printf("First element type: %s\n", crypto.KeyLocatorTypeToName(pair.Type))

	// Examine the locker
	locker := pair.Pair.Locker
	fmt.Printf("Locker type: %s\n", crypto.KeyLocatorTypeToName(locker.Type))
	fmt.Printf("Key server: %s\n", locker.Indirect.FQID.KeyServerID)
	fmt.Printf("Key ID length: %d characters\n", len(locker.Indirect.FQID.KeyID))

	// Examine the pair details
	fmt.Printf("Crypto MAC: %s\n", pair.Pair.CryptoMAC)
	fmt.Printf("Locked data size: %d bytes\n", len(pair.Pair.LockedData))

}

Output:

Root type: list
List contains 1 element(s)
First element type: pair
Locker type: fqid
Key server: local
Key ID length: 140 characters
Crypto MAC: HMAC-SHA-256
Locked data size: 272 bytes

func (*KeyLocator) GetClass added in v0.53.0 

func (kl *KeyLocator) GetClass() KeyLocatorClass

GetClass returns the class of the key locator type

func (KeyLocator) MarshalText added in v0.53.0 

func (kl KeyLocator) MarshalText() ([]byte, error)

func (KeyLocator) String added in v0.53.0 

func (kl KeyLocator) String() string
Example

ExampleKeyLocator_String demonstrates exporting a KeyLocator back to URL format. 

package main

import (
	"fmt"
	"log"

	"github.com/vmware/govmomi/crypto"
)

func main() {
	// First import a KeyLocator
	testURL := `vmware:key/fqid/unique-123/server1/key-abc`

	kl, err := crypto.ImportKeyLocator(testURL)
	if err != nil {
		log.Fatalf("Failed to import: %v", err)
	}

	// Now export it back
	exported := kl.String()

	fmt.Printf("Original:  %s\n", testURL)
	fmt.Printf("Exported:  %s\n", exported)

}

Output:

Original:  vmware:key/fqid/unique-123/server1/key-abc
Exported:  vmware:key/fqid/unique%2d123/server1/key%2dabc

func (*KeyLocator) UnmarshalText added in v0.53.0 

func (kl *KeyLocator) UnmarshalText(text []byte) error

type KeyLocatorClass added in v0.53.0 

type KeyLocatorClass int

KeyLocatorClass represents the class of a key locator 

const (
	KeyLocatorClassAtomic KeyLocatorClass = iota
	KeyLocatorClassIndirect
	KeyLocatorClassCompound
)

func KeyLocatorTypeToClass added in v0.53.0 

func KeyLocatorTypeToClass(klType KeyLocatorType) KeyLocatorClass

KeyLocatorTypeToClass returns the class for a given type

type KeyLocatorFQIDParams added in v0.53.0 

type KeyLocatorFQIDParams struct {
	KeyServerID string
	KeyID       string
}

KeyLocatorFQIDParams holds parameters for FQID-based key locators

type KeyLocatorIndirect added in v0.53.0 

type KeyLocatorIndirect struct {
	Type     KeyLocatorType
	UniqueID string

	// Union of type-specific parameters
	Phrase KeyLocatorPassphraseParams
	LDAP   KeyLocatorLDAPParams
	Script KeyLocatorScriptParams
	Role   KeyLocatorRole
	FQID   KeyLocatorFQIDParams
}

KeyLocatorIndirect represents the contents of an indirect key locator

type KeyLocatorLDAPParams added in v0.53.0 

type KeyLocatorLDAPParams struct {
	Server string
	Domain string
	Port   uint32
	UseSSL bool
	Path   string
}

KeyLocatorLDAPParams holds parameters for LDAP-based key locators

type KeyLocatorPair added in v0.53.0 

type KeyLocatorPair struct {
	Locker         *KeyLocator
	CryptoMAC      string // Name of the MAC algorithm
	LockedData     []byte
	LockedDataSize int
}

KeyLocatorPair represents the contents of a pair key locator

type KeyLocatorPassphraseParams added in v0.53.0 

type KeyLocatorPassphraseParams struct {
	KeyGenData     []byte
	KeyGenDataSize int
}

KeyLocatorPassphraseParams holds parameters for passphrase-based key locators

type KeyLocatorRole added in v0.53.0 

type KeyLocatorRole int

KeyLocatorRole identifies well-known keys managed by this module 

const (
	KeyLocatorRoleObfuscation KeyLocatorRole = iota
	KeyLocatorRoleAdminIdent
	KeyLocatorRoleAdminRecovery
	KeyLocatorRoleServer
)

func KeyLocatorNameToRole added in v0.53.0 

func KeyLocatorNameToRole(name string) (KeyLocatorRole, bool)

KeyLocatorNameToRole returns the role for a key locator name

type KeyLocatorScriptParams added in v0.53.0 

type KeyLocatorScriptParams struct {
	RelPath       string
	Signature     []byte
	SignatureSize int
}

KeyLocatorScriptParams holds parameters for script-based key locators

type KeyLocatorType added in v0.53.0 

type KeyLocatorType int

KeyLocatorType identifies different types of key locators 

const (
	KeyLocatorTypeInvalid KeyLocatorType = iota

	// Atomic types
	KeyLocatorTypeNull // the null key locator
	KeyLocatorTypeKey  // encodes a key directly

	// Indirect types
	KeyLocatorTypePassphrase // generates a key from a passphrase
	KeyLocatorTypeLDAP       // data in an LDAP server
	KeyLocatorTypeScript     // get key from external script
	KeyLocatorTypeRole       // data at a well known location
	KeyLocatorTypeFQID       // fully-qualified key ID

	// Compound types
	KeyLocatorTypeList // list of KLs (KeySafe possibly)
	KeyLocatorTypePair // A KL and associated encrypted data
)

func KeyLocatorNameToType added in v0.53.0 

func KeyLocatorNameToType(name string) (KeyLocatorType, bool)

KeyLocatorNameToType returns the type for a key locator name

type ManagerKmip 

type ManagerKmip struct {
	object.Common
}

func GetManagerKmip 

func GetManagerKmip(c *vim25.Client) (*ManagerKmip, error)

GetManagerKmip wraps NewManager, returning ErrNotSupported when the client is not connected to a vCenter instance.

func NewManagerKmip 

func NewManagerKmip(c *vim25.Client) *ManagerKmip

func (ManagerKmip) GenerateKey 

func (m ManagerKmip) GenerateKey(
	ctx context.Context,
	providerID string) (string, error)

func (ManagerKmip) GetClusterStatus 

func (m ManagerKmip) GetClusterStatus(
	ctx context.Context,
	providerID string) (*types.CryptoManagerKmipClusterStatus, error)

func (ManagerKmip) GetDefaultKmsClusterID 

func (m ManagerKmip) GetDefaultKmsClusterID(
	ctx context.Context,
	entity *types.ManagedObjectReference,
	defaultsToParent bool) (string, error)

func (ManagerKmip) GetServerStatus 

func (m ManagerKmip) GetServerStatus(
	ctx context.Context,
	providerID, serverName string) (*types.CryptoManagerKmipServerStatus, error)

func (ManagerKmip) GetStatus 

func (m ManagerKmip) GetStatus(
	ctx context.Context,
	clusters ...types.KmipClusterInfo) ([]types.CryptoManagerKmipClusterStatus, error)

func (ManagerKmip) IsDefaultProviderNative 

func (m ManagerKmip) IsDefaultProviderNative(
	ctx context.Context,
	entity *types.ManagedObjectReference,
	defaultsToParent bool) (bool, error)

func (ManagerKmip) IsNativeProvider 

func (m ManagerKmip) IsNativeProvider(
	ctx context.Context,
	providerID string) (bool, error)

func (ManagerKmip) IsValidKey 

func (m ManagerKmip) IsValidKey(
	ctx context.Context,
	providerID,
	keyID string) (bool, error)

IsValidKey returns true if QueryCryptoKeyStatus results indicate the key is available or unavailable reason is `KeyStateNotActiveOrEnabled`. This method is only valid for standard providers and will always return false for native providers.

func (ManagerKmip) IsValidProvider 

func (m ManagerKmip) IsValidProvider(
	ctx context.Context,
	providerID string) (bool, error)

func (ManagerKmip) IsValidServer 

func (m ManagerKmip) IsValidServer(
	ctx context.Context,
	providerID, serverName string) (bool, error)

func (ManagerKmip) ListKeys 

func (m ManagerKmip) ListKeys(
	ctx context.Context,
	limit *int32) ([]types.CryptoKeyId, error)

func (ManagerKmip) ListKmipServers 

func (m ManagerKmip) ListKmipServers(
	ctx context.Context,
	limit *int32) ([]types.KmipClusterInfo, error)

func (ManagerKmip) MarkDefault 

func (m ManagerKmip) MarkDefault(
	ctx context.Context,
	providerID string) error

func (ManagerKmip) QueryCryptoKeyStatus added in v0.46.0 

func (m ManagerKmip) QueryCryptoKeyStatus(
	ctx context.Context,
	ids []types.CryptoKeyId,
	check int32) ([]types.CryptoManagerKmipCryptoKeyStatus, error)

func (ManagerKmip) RegisterKmipServer 

func (m ManagerKmip) RegisterKmipServer(
	ctx context.Context,
	server types.KmipServerSpec) error

func (ManagerKmip) RegisterKmsCluster 

func (m ManagerKmip) RegisterKmsCluster(
	ctx context.Context,
	providerID string,
	managementType types.KmipClusterInfoKmsManagementType) error

func (ManagerKmip) RemoveKeys added in v0.46.0 

func (m ManagerKmip) RemoveKeys(
	ctx context.Context,
	ids []types.CryptoKeyId,
	force bool) error

func (ManagerKmip) RemoveKmipServer 

func (m ManagerKmip) RemoveKmipServer(
	ctx context.Context,
	providerID, serverName string) error

func (ManagerKmip) SetDefaultKmsClusterId 

func (m ManagerKmip) SetDefaultKmsClusterId(
	ctx context.Context,
	providerID string,
	entity *types.ManagedObjectReference) error

func (ManagerKmip) UnregisterKmsCluster 

func (m ManagerKmip) UnregisterKmsCluster(
	ctx context.Context,
	providerID string) error

func (ManagerKmip) UpdateKmipServer 

func (m ManagerKmip) UpdateKmipServer(
	ctx context.Context,
	server types.KmipServerSpec) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.