Documentation
¶
Index ¶
- Constants
- Variables
- func Encrypt(recipients []string, dst io.WriteCloser) (e io.WriteCloser, err error)
- func EncryptForAll(store string, dst io.WriteCloser) (e io.WriteCloser, err error)
- func EstimateEntropy(length int, charset []rune) (entropy int)
- func GenPass(length int, charset []rune) (pass io.Reader, err error)
- func SecretToIdentity(secret []byte) (age.Identity, error)
- func SpanTable(table *unicode.RangeTable) (res []rune)
- type P256TagIdentity
- type PKCS11
- type PKCS11KeyExchanger
Constants ¶
const (
DEFAULT_PKCS11_LIB_PATH = "/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so"
)
Variables ¶
var ( // Table for ASCII alphanumeric runes TableAlphanumASCII = unicode.RangeTable{ R16: []unicode.Range16{ {Lo: '0', Hi: '9', Stride: 1}, {Lo: 'a', Hi: 'z', Stride: 1}, {Lo: 'A', Hi: 'Z', Stride: 1}, }, } // Table for ASCII alphanumeric and symbols runes TableAlphanumSymASCII = unicode.RangeTable{ R16: append([]unicode.Range16{ {Lo: '!', Hi: '/', Stride: 1}, }, TableAlphanumASCII.R16...), } ErrBadLength = errors.New("bad password length") ErrBadCharsetLength = errors.New("bad charset size") )
var ( ErrPKCS11BadLib = errors.New("failed to load pkcs11 library") ErrPKCS11InitFailed = errors.New("could not initialize pkcs11") ErrPKCS11NoSlot = errors.New("no pkcs11 slot w/ present tokens found") ErrPKCS11SessionFailed = errors.New("could not establish a session with token") ErrPKCS11LoginFailed = errors.New("could not login into the token") ErrPKCS11NoMatchingAttr = errors.New("no matching attribute found") )
var (
ErrBadRecipient = errors.New("could not parse raw recipient")
)
Functions ¶
func Encrypt ¶
func Encrypt(recipients []string, dst io.WriteCloser) (e io.WriteCloser, err error)
Encrypts the plain text for all given recipients.
func EncryptForAll ¶
func EncryptForAll(store string, dst io.WriteCloser) (e io.WriteCloser, err error)
Encrypts for all recipients in store.
func EstimateEntropy ¶
Optimistically estimates the entropy of a password from given charset and with the given length.
func SecretToIdentity ¶
Creates an age.Identity from an HMAC secret.
func SpanTable ¶
func SpanTable(table *unicode.RangeTable) (res []rune)
Creates a slice of runes described by the given table.
Types ¶
type P256TagIdentity ¶
type P256TagIdentity struct {
// contains filtered or unexported fields
}
An age.Identity for hardware P256 keys over PKCS#11.
func NewP256TagIdentity ¶
func NewP256TagIdentity(p *PKCS11) *P256TagIdentity
Creates a new PKCS#11 p256 identity.
type PKCS11 ¶
type PKCS11 struct {
Library string
// contains filtered or unexported fields
}
Convenient wrapper struct for pkcs11
func (*PKCS11) GetFirstECKeyPair ¶
func (p *PKCS11) GetFirstECKeyPair() (cert *x509.Certificate, pubKey *ecdsa.PublicKey, privHandle *pkcs11.ObjectHandle, err error)
Return certificate and handle to the private key of the first found EC key pair.
func (*PKCS11) PKCS11FindECKeypairID ¶
Finds the ID (CKA_ID) of the first EC key pair found on the token.
Note: if using a PIV smart card, ID does not correspond to PIV slots. Check your card specifications for more information (e.g., see Yubikey mapping)
type PKCS11KeyExchanger ¶
type PKCS11KeyExchanger struct {
// contains filtered or unexported fields
}
func NewPKCS11KeyExchanger ¶
func NewPKCS11KeyExchanger(p *PKCS11) (ke *PKCS11KeyExchanger, err error)
Creates a new KeyExchanger backed by the provided PKCS11 instance. The instances must be initialized and logged in.
See also ecdh.KeyExchanger.
func (*PKCS11KeyExchanger) Curve ¶
func (ke *PKCS11KeyExchanger) Curve() ecdh.Curve
func (*PKCS11KeyExchanger) ECDH ¶
func (ke *PKCS11KeyExchanger) ECDH(pk *ecdh.PublicKey) ([]byte, error)
func (*PKCS11KeyExchanger) PublicKey ¶
func (ke *PKCS11KeyExchanger) PublicKey() *ecdh.PublicKey
Source Files