keys

package
v0.0.0-...-f61c53a Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 18, 2025 License: MIT Imports: 15 Imported by: 0

Documentation

Overview

Package keys with key generation

Package keys with key management for certificates and JWT

Index

Constants

View Source 
const KPFileExt = ".key"

KPFileExt defines the filename extension under which public/private keys are stored in the keys directory.

View Source 
const PubKeyFileExt = ".pub"

PubKeyFileExt defines the filename extension under which public key is stored in the keys directory.

Variables

This section is empty.

Functions

This section is empty.

Types

type EcdsaKey 

type EcdsaKey struct {
	// Reuse RSA functionality
	RsaKey
}

EcdsaKey implements the secp256k ECDSA key. This implements the IHiveKeys interface.

func (*EcdsaKey) ImportPrivate 

func (k *EcdsaKey) ImportPrivate(privatePEM string) (err error)

ImportPrivate reads the key-pair from the PEM private key and determines its key type. This returns an error if the PEM is not a valid key.

func (*EcdsaKey) ImportPrivateFromFile 

func (k *EcdsaKey) ImportPrivateFromFile(pemPath string) (err error)

ImportPrivateFromFile loads public/private key pair from PEM file and determines its key type.

func (*EcdsaKey) ImportPublic 

func (k *EcdsaKey) ImportPublic(publicPEM string) (err error)

ImportPublic reads the public key from the PEM data. This returns an error if the PEM is not a valid public key

publicPEM must contain either a PEM encoded string, or its base64 encoded content

func (*EcdsaKey) ImportPublicFromFile 

func (k *EcdsaKey) ImportPublicFromFile(pemPath string) (err error)

ImportPublicFromFile loads ECDSA public key from PEM file

func (*EcdsaKey) Initialize 

func (k *EcdsaKey) Initialize() IHiveKey

Initialize generates a new key

func (*EcdsaKey) KeyType 

func (k *EcdsaKey) KeyType() KeyType

KeyType returns this key's type, eg ecdsa

func (*EcdsaKey) Sign 

func (k *EcdsaKey) Sign(msg []byte) (signature []byte, err error)

Sign returns the signature of a message signed using this key This signs the SHA256 hash of the message this requires a private key to be created or imported

func (*EcdsaKey) Verify 

func (k *EcdsaKey) Verify(msg []byte, signature []byte) (valid bool)

Verify the signature of a message using this key's public key This verifies using the SHA256 hash of the message. this requires a public key to be created or imported returns true if the signature is valid for the message

type Ed25519Key 

type Ed25519Key struct {
	// contains filtered or unexported fields
}

Ed25519Key contains the ED25519 cryptographic key set for signing and authentication. This implements the IHiveKeys interface.

func (*Ed25519Key) ExportPrivate 

func (k *Ed25519Key) ExportPrivate() string

ExportPrivate returns the PEM encoded private key

func (*Ed25519Key) ExportPrivateToFile 

func (k *Ed25519Key) ExportPrivateToFile(pemPath string) error

ExportPrivateToFile saves the private key set to file in PEM format. The file permissions are set to 0400, current user only, read-write permissions. 

Returns error in case the key is invalid or file cannot be written.

func (*Ed25519Key) ExportPublic 

func (k *Ed25519Key) ExportPublic() (pemKey string)

ExportPublic returns the PEM encoded public key if available

func (*Ed25519Key) ExportPublicToFile 

func (k *Ed25519Key) ExportPublicToFile(pemPath string) error

ExportPublicToFile saves the public key to file in PEM format. The file permissions are set to 0644, current user can write, rest can read. 

Returns error in case the public key is invalid or file cannot be written.

func (*Ed25519Key) ImportPrivate 

func (k *Ed25519Key) ImportPrivate(privatePEM string) (err error)

ImportPrivate reads the key-pair from PEM format. This returns an error if the PEM is not a valid key.

func (*Ed25519Key) ImportPrivateFromFile 

func (k *Ed25519Key) ImportPrivateFromFile(pemPath string) (err error)

ImportPrivateFromFile loads public/private key pair from PEM file and determines its key type.

func (*Ed25519Key) ImportPublic 

func (k *Ed25519Key) ImportPublic(publicPEM string) (err error)

ImportPublic reads the public key from the PEM data. This returns an error if the PEM is not a valid public key

publicPEM must contain either a PEM encoded string, or its base64 encoded content

func (*Ed25519Key) ImportPublicFromFile 

func (k *Ed25519Key) ImportPublicFromFile(pemPath string) (err error)

ImportPublicFromFile loads ED25519 public key from PEM file

func (*Ed25519Key) Initialize 

func (k *Ed25519Key) Initialize() IHiveKey

Initialize generates a new key

func (*Ed25519Key) KeyType 

func (k *Ed25519Key) KeyType() KeyType

KeyType returns this key's type, eg ED25519

func (*Ed25519Key) PrivateKey 

func (k *Ed25519Key) PrivateKey() crypto.PrivateKey

PrivateKey returns the native private key pointer

func (*Ed25519Key) PublicKey 

func (k *Ed25519Key) PublicKey() crypto.PublicKey

PublicKey returns the native public key pointer

func (*Ed25519Key) Sign 

func (k *Ed25519Key) Sign(msg []byte) (signature []byte, err error)

Sign returns the signature of a message signed using this key This signs the SHA256 hash of the message this requires a private key to be created or imported

func (*Ed25519Key) Verify 

func (k *Ed25519Key) Verify(msg []byte, signature []byte) (valid bool)

Verify the signature of a message using this key's public key. This verifies using the SHA256 hash of the message. this requires a public key to be created or imported returns true if the signature is valid for the message

type IHiveKey 

type IHiveKey interface {

	// ExportPrivate returns the serialized private key if available
	// This defaults to PEM encoding unless the key type doesn't support it.
	//  key type ecdsa, rsa use PEM encoding
	//  key type ed25519 encodes it to base64
	//  key type nkeys encodes when generating its seed
	ExportPrivate() string

	// ExportPrivateToFile saves the private/public key to a key file
	ExportPrivateToFile(keyPath string) error

	// ExportPublic returns the serialized public key if available
	// This defaults to PEM encoding unless the key type doesn't support it.
	ExportPublic() string

	// ExportPublicToFile exports the public key and write to file.
	// This defaults to PEM encoding unless the key type doesn't support it.
	ExportPublicToFile(pemPath string) error

	// ImportPrivate decodes the key-pair from the serialized private key
	// This returns an error if the encoding can't be determined
	ImportPrivate(privateEnc string) error

	// ImportPrivateFromFile private/public key from a PEM file
	ImportPrivateFromFile(pemPath string) error

	// ImportPublic reads the public key from the given encoded data.
	// Intended for verifying signatures using the public key.
	// This returns an error if the encoding can't be determined
	ImportPublic(publicEnc string) error

	// ImportPublicFromFile reads the public key from file.
	// The encoding depends on the key type. ed25519, ecdsa and rsa uses pem format.
	// Intended for verifying signatures using the public key.
	// This returns an error if the file cannot be read or is not a valid public key
	// Note that after ImportPublicFrom...(), the private key is not available.
	ImportPublicFromFile(pemPath string) error

	// Initialize generates a new key set using its curve algorithm
	Initialize() IHiveKey

	// KeyType returns the key's type
	KeyType() KeyType

	// PrivateKey returns the native private key
	//	ECDSA:   *ecdsa.PrivateKey
	//	RSA:     *rsa.PrivateKey
	//	ED25519: ed25519.PrivateKey (not a pointer)
	//	nkeys:   nkeys.KeyPair
	PrivateKey() crypto.PrivateKey

	// PublicKey returns the native public key
	//	ECDSA:   *ecdsa.PublicKey
	//	RSA:     *rsa.PublicKey
	//	ED25519: ed25519.PublicKey (not a pointer)
	//	nkeys:   nkeys.KeyPair
	PublicKey() crypto.PublicKey

	// Sign returns the signature of a message signed using this key
	// this requires a private key to be created or imported
	Sign(message []byte) ([]byte, error)

	// Verify the message signature using this key's public key
	// this requires a public key to be created or imported
	// returns true if the signature is valid for the message
	Verify(message []byte, signature []byte) bool
}

IHiveKey defines the standard interface for various key types used for signing and authentication

... because we don't care about all these keys, just that it works and is secure...

func LoadCreateKeyPair 

func LoadCreateKeyPair(clientID string, keysDir string, keyType KeyType) (kp IHiveKey, err error)

LoadCreateKeyPair loads a public/private key pair from file or create it if it doesn't exist This will load or create a file <clientID>.key and <clientID>.pub from the keysDir. 

clientID is the client to create the keys for
keysDir is the location of the key file
keyType is the type of key to create (see IHiveKey)

func NewEcdsaKey 

func NewEcdsaKey() IHiveKey

NewEcdsaKey creates and initialize a ECDSA key

func NewEcdsaKeyFromPrivate 

func NewEcdsaKeyFromPrivate(privKey *ecdsa.PrivateKey) IHiveKey

NewEcdsaKeyFromPrivate creates and initialize a IHiveKey object from an existing ECDSA private key.

func NewEd25519Key 

func NewEd25519Key() IHiveKey

NewEd25519Key creates and initialize a ED25519 key

func NewEd25519KeyFromPrivate 

func NewEd25519KeyFromPrivate(privKey ed25519.PrivateKey) IHiveKey

NewEd25519KeyFromPrivate creates and initialize a IHiveKey object from an existing private key.

func NewKey 

func NewKey(keyType KeyType) IHiveKey

NewKey creates a new key of the given type

func NewKeyFromEnc 

func NewKeyFromEnc(privEnc string) IHiveKey

NewKeyFromEnc helper creates a HiveKey instance from an encoded private key. This returns nil if the key type cannot be determined 

privEnc is the encoded private key

func NewKeyFromFile 

func NewKeyFromFile(keyPath string) (IHiveKey, error)

NewKeyFromFile helper to load a public/private key pair from file This returns nil if the key type cannot be determined 

keyPath is the path to the file containing the key

func NewRsaKey 

func NewRsaKey() IHiveKey

NewRsaKey generates a RSA key with IHiveKey interface

func NewRsaKeyFromPrivate 

func NewRsaKeyFromPrivate(privKey *rsa.PrivateKey) IHiveKey

NewRsaKeyFromPrivate creates and initialize a IHiveKey object from an existing RSA private key.

type KeyType 

type KeyType string
const (
	KeyTypeECDSA   KeyType = "ecdsa"
	KeyTypeEd25519 KeyType = "ed25519"
	KeyTypeRSA     KeyType = "rsa"
	KeyTypeNKey    KeyType = "nkey"
	KeyTypeUnknown         = ""
)

func DetermineKeyType 

func DetermineKeyType(encKey string) KeyType

DetermineKeyType returns the type of key

type RsaKey 

type RsaKey struct {
	// contains filtered or unexported fields
}

RsaKey implements the IHiveKeys interface to a RSA key.

func (*RsaKey) ExportPrivate 

func (k *RsaKey) ExportPrivate() string

ExportPrivate returns the PEM encoded private key

func (*RsaKey) ExportPrivateToFile 

func (k *RsaKey) ExportPrivateToFile(pemPath string) error

ExportPrivateToFile saves the private key set to file in PEM format. The file permissions are set to 0400, current user only, read-write permissions. 

Returns error in case the key is invalid or file cannot be written.

func (*RsaKey) ExportPublic 

func (k *RsaKey) ExportPublic() (pemKey string)

ExportPublic returns the PEM encoded public key if available

func (*RsaKey) ExportPublicToFile 

func (k *RsaKey) ExportPublicToFile(pemPath string) error

ExportPublicToFile saves the public key to file in PEM format. The file permissions are set to 0644, current user can write, rest can read. 

Returns error in case the public key is invalid or file cannot be written.

func (*RsaKey) ImportPrivate 

func (k *RsaKey) ImportPrivate(privatePEM string) (err error)

ImportPrivate reads the key-pair from the PEM private key and determines its key type. This returns an error if the PEM is not a valid key.

func (*RsaKey) ImportPrivateFromFile 

func (k *RsaKey) ImportPrivateFromFile(pemPath string) (err error)

ImportPrivateFromFile loads public/private key pair from PEM file and determines its key type.

func (*RsaKey) ImportPublic 

func (k *RsaKey) ImportPublic(publicPEM string) (err error)

ImportPublic reads the public key from the PEM data. This returns an error if the PEM is not a valid public key

publicPEM must contain either a PEM encoded string, or its base64 encoded content

func (*RsaKey) ImportPublicFromFile 

func (k *RsaKey) ImportPublicFromFile(pemPath string) (err error)

ImportPublicFromFile loads ECDSA public key from PEM file

func (*RsaKey) Initialize 

func (k *RsaKey) Initialize() IHiveKey

Initialize generates a new key

func (*RsaKey) KeyType 

func (k *RsaKey) KeyType() KeyType

KeyType returns this key's type, eg ecdsa

func (*RsaKey) PrivateKey 

func (k *RsaKey) PrivateKey() crypto.PrivateKey

PrivateKey returns the native *rsa.PrivateKey

func (*RsaKey) PublicKey 

func (k *RsaKey) PublicKey() crypto.PublicKey

PublicKey returns the native *rsa.PublicKey

func (*RsaKey) Sign 

func (k *RsaKey) Sign(msg []byte) (signature []byte, err error)

Sign returns the signature of a message signed using this key this requires a private key to be created or imported

func (*RsaKey) Verify 

func (k *RsaKey) Verify(msg []byte, signature []byte) (valid bool)

Verify the signature of a message using this key's public key this requires a public key to be created or imported returns true if the signature is valid for the message

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.