Documentation
¶
Index ¶
- Constants
- func DeserializeVerifier(id driver.Identity) (driver.Verifier, error)
- func GetBCCSPFromConf(conf *BCCSP, keyStore bccsp.KeyStore) (bccsp.BCCSP, error)
- func GetDefaultBCCSP(keyStore bccsp.KeyStore) (bccsp.BCCSP, error)
- func GetEnrollmentID(id []byte) (string, error)
- func GetPKCS11BCCSP(conf *BCCSP, keyStore bccsp.KeyStore) (bccsp.BCCSP, error)
- func GetRevocationHandle(id []byte) ([]byte, error)
- func GetSigningIdentity(conf *Config, bccspConfig *BCCSP, keyStore bccsp.KeyStore) (driver.FullIdentity, error)
- func Info(raw []byte) (string, error)
- func IsLowS(k *ecdsa.PublicKey, s *big.Int) (bool, error)
- func MarshalConfig(config *Config) ([]byte, error)
- func NewECDSAVerifier(pk *ecdsa.PublicKey) *ecdsaVerifier
- func NewSKIBasedSigner(csp bccsp.BCCSP, ski []byte, pk crypto.PublicKey) (crypto.Signer, error)
- func PemDecodeCert(pemBytes []byte) (*x509.Certificate, error)
- func PemDecodeKey(keyBytes []byte) (interface{}, error)
- func SerializeIdentity(conf *Config) ([]byte, error)
- func ToPKCS11OptsOpts(o *PKCS11) *pkcs11.PKCS11Opts
- type BCCSP
- type Config
- type CryptoConfig
- type ECDSASignature
- type IdentityFactory
- type KeyIDMapping
- type KeyInfo
- type KeyStore
- type Opts
- type PKCS11
- type SKIBasedSigner
- type SigningIdentityInfo
- type SoftwareProvider
Constants ¶
const ( SignCertsDirName = "signcerts" KeyStoreDirName = "keystore" PrivSKFileName = "priv_sk" ProtobufProtocolVersionV1 uint64 = 1 )
Variables ¶
This section is empty.
Functions ¶
func GetBCCSPFromConf ¶
GetBCCSPFromConf returns a BCCSP instance and its relative key store from the passed configuration. If no configuration is passed, the default one is used, namely the `SW` provider.
func GetDefaultBCCSP ¶
GetDefaultBCCSP returns a new instance of the software-based BCCSP
func GetEnrollmentID ¶
func GetPKCS11BCCSP ¶
GetPKCS11BCCSP returns a new instance of the HSM-based BCCSP
func GetRevocationHandle ¶
func GetSigningIdentity ¶
func GetSigningIdentity(conf *Config, bccspConfig *BCCSP, keyStore bccsp.KeyStore) (driver.FullIdentity, error)
GetSigningIdentity retrieves a signing identity from the passed arguments. If keyStorePath is empty, then it is assumed that the key is at configPath/keystore
func MarshalConfig ¶
func NewECDSAVerifier ¶
func NewSKIBasedSigner ¶
NewSKIBasedSigner returns a new SKIBasedSigner
func PemDecodeCert ¶
func PemDecodeCert(pemBytes []byte) (*x509.Certificate, error)
func PemDecodeKey ¶
PemDecodeKey takes bytes and returns a Go key
func SerializeIdentity ¶
func ToPKCS11OptsOpts ¶
func ToPKCS11OptsOpts(o *PKCS11) *pkcs11.PKCS11Opts
Types ¶
type BCCSP ¶
type BCCSP struct {
Default string `yaml:"Default,omitempty"`
SW *SoftwareProvider `yaml:"SW,omitempty"`
PKCS11 *PKCS11 `yaml:"PKCS11,omitempty"`
}
func BCCSPOpts ¶
BCCSPOpts returns a `BCCSP` instance. `defaultProvider` sets the `Default` value of the BCCSP, that is denoting the which provider impl is used. `defaultProvider` currently supports `SW` and `PKCS11`.
func ToBCCSPOpts ¶
ToBCCSPOpts converts the passed opts to `config.BCCSP`
type Config ¶
func LoadConfigWithIdentityInfo ¶
func LoadConfigWithIdentityInfo(signingIdentityInfo *SigningIdentityInfo) (*Config, error)
func RemovePrivateSigner ¶
func UnmarshalConfig ¶
type CryptoConfig ¶
type CryptoConfig = config.CryptoConfig
type ECDSASignature ¶
type IdentityFactory ¶
type IdentityFactory struct {
SignatureHashFamily string
// contains filtered or unexported fields
}
func NewIdentityFactory ¶
func NewIdentityFactory(bccsp bccsp.BCCSP, signatureHashFamily string) *IdentityFactory
func (*IdentityFactory) GetFullIdentity ¶
func (f *IdentityFactory) GetFullIdentity(sidInfo *SigningIdentityInfo) (*fullIdentity, error)
func (*IdentityFactory) GetIdentity ¶
func (f *IdentityFactory) GetIdentity(sidInfo *SigningIdentityInfo) (*verifyingIdentity, error)
type KeyIDMapping ¶
type PKCS11 ¶
type PKCS11 struct {
// Default algorithms when not specified (Deprecated?)
Security int `yaml:"Security"`
Hash string `yaml:"Hash"`
// PKCS11 options
Library string `yaml:"Library"`
Label string `yaml:"Label"`
Pin string `yaml:"Pin"`
SoftwareVerify bool `yaml:"SoftwareVerify,omitempty"`
Immutable bool `yaml:"Immutable,omitempty"`
AltID string `yaml:"AltId,omitempty"`
KeyIDs []KeyIDMapping `yaml:"KeyIds,omitempty" mapstructure:"KeyIds"`
}
type SKIBasedSigner ¶
type SKIBasedSigner struct {
SKI []byte
// contains filtered or unexported fields
}
SKIBasedSigner implements a crypto.Signer based on the bccsp
func (*SKIBasedSigner) Public ¶
func (s *SKIBasedSigner) Public() crypto.PublicKey
Public returns the public key corresponding to the opaque, private key.
func (*SKIBasedSigner) Sign ¶
func (s *SKIBasedSigner) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)
Sign signs digest with the private key, possibly using entropy from rand. For an (EC)DSA key, it should be a DER-serialised, ASN.1 signature structure.
Hash implements the SignerOpts interface and, in most cases, one can simply pass in the hash function used as opts. Sign may also attempt to type assert opts to other types in order to obtain algorithm specific values. See the documentation in each package for details.
Note that when a signature of a hash of a larger message is needed, the caller is responsible for hashing the larger message and passing the hash (as digest) and the hash function (as opts) to Sign.
type SigningIdentityInfo ¶
type SigningIdentityInfo = config.SigningIdentityInfo
Source Files
Directories