README
¶
cryptokms
Implements crypto.Signer and crypto.Decrypter for keys typically backed by KMS service. Currently it supports keys backed by,
- Google Cloud KMS
- AWS KMS
- Filesystem
- From memory.
Dependencies are neatly isolated. If you pull gcpkms package only google cloud dependencies should be pulled. Code has extensive unit tests and integration tests.
Uses sensible and sane defaults.
- RSA keys of size less than 2048 are not supported.
- ECC Keys of size less than 256 are not supported.
- Signing algorithms with insecure hashes (SHA1, MD5 etc) are not supported.
Google KMS (Signing Keys)
| Key Algorithm | Hash Algorithm | Supported Interfaces |
|---|---|---|
EC_SIGN_P256_SHA256(recommended) |
sha256 | crypto.Signer, crypto.SignerOpts |
EC_SIGN_P384_SHA384 |
sha384 | crypto.Signer, crypto.SignerOpts |
RSA_SIGN_PKCS1_2048_SHA256 |
sha256 | crypto.Signer, crypto.SignerOpts |
RSA_SIGN_PKCS1_3072_SHA256 |
sha256 | crypto.Signer, crypto.SignerOpts |
RSA_SIGN_PKCS1_4096_SHA256 |
sha256 | crypto.Signer, crypto.SignerOpts |
RSA_SIGN_PKCS1_4096_SHA512 |
sha512 | crypto.Signer, crypto.SignerOpts |
[!IMPORTANT]
RSA_SIGN_PSS_*,RSA_SIGN_RAW_*and external KMS keys are not supported.
Google KMS (Encryption Keys)
AWS KMS (Signing Keys)
| Key Algorithm | Key Usage | Hash Algorithm | Supported Interfaces |
|---|---|---|---|
RSA_2048 |
SIGN_VERIFY |
sha256, sha384, sha512 | crypto.Signer, crypto.SignerOpts |
RSA_3072 |
SIGN_VERIFY |
sha256, sha384, sha512 | crypto.Signer, crypto.SignerOpts |
RSA_4096 |
SIGN_VERIFY |
sha256, sha384, sha512 | crypto.Signer, crypto.SignerOpts |
ECC_NIST_P256(recommended) |
SIGN_VERIFY |
sha256 | crypto.Signer, crypto.SignerOpts |
ECC_NIST_384 |
SIGN_VERIFY |
sha384 | crypto.Signer, crypto.SignerOpts |
ECC_NIST_P521 |
SIGN_VERIFY |
sha512 | crypto.Signer, crypto.SignerOpts |
AWS KMS (Encryption Keys)
| Key Algorithm | Key Usage | Encryption Algorithms | Supported Interfaces |
|---|---|---|---|
RSA_2048 |
ENCRYPT_DECRYPT |
RSAES_OAEP_SHA_1,RSAES_OAEP_SHA_256 |
crypto.Decrypter |
RSA_3072 |
ENCRYPT_DECRYPT |
RSAES_OAEP_SHA_1,RSAES_OAEP_SHA_256 |
crypto.Decrypter |
RSA_4096 |
ENCRYPT_DECRYPT |
RSAES_OAEP_SHA_1,RSAES_OAEP_SHA_256 |
crypto.Decrypter |
Keys from filesystem
[!IMPORTANT]
Use in-memory non swap-able file system (like ramfs) or from kubernetes secret store CSI. For systems using systemd, systemd-credentials can be used as keys can be encrypted, bound to TPM and are only present in memory. In other cases this may be insecure.
Keys on disk must be not encrypted with a passphrase. Private key in PKCS #8, ASN.1 DER form(PRIVATE KEY), RSA private key in PKCS #1, ASN.1 DER form(RSA PRIVATE KEY) and EC private key in SEC 1, ASN.1 DER form (EC PRIVATE KEY) are supported.
| Key Algorithm | Supported Hashes | Interfaces |
|---|---|---|
RSA_2048 |
SHA1, SHA256, SHA512 | crypto.Decrypter, crypto.Signer |
RSA_3072 |
SHA1, SHA256, SHA512 | crypto.Decrypter, crypto.Signer |
RSA_4096 |
SHA1, SHA256, SHA512 | crypto.Decrypter, crypto.Signer |
ECC-P256 |
SHA256 | crypto.Signer |
ECC-P384 |
SHA384 | crypto.Signer |
ECC-P521 |
SHA512 | crypto.Signer |
ED-25519 |
SHA512 (ed25519ph only) | crypto.Signer |
From memory
If keys are stored in memory or environment variables, use memkms. It is identical to
filekms except keys are in-process and are provided directly. Key must be PEM encoded.
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func VerifyDigestSignature ¶
VerifyDigestSignature is a wrapper around following,
- crypto/rsa.VerifyPKCS1v15
- crypto/ecdsa.Verify
- crypto/ed25519.VerifyWithOptions (only Ed25519ph with SHA512)
- crypto/rsa.VerifyPSS
Public key must of one of
This does not allow insecure hashing algorithms (crypto.SHA1 and crypto.MD5, crypto.MD4) and returns an error even though signature might be valid. Similarly, RSA keys of length less than 2048 bits and ECDSA keys of size less than 256 are rejected even though signature might be valid.
Types ¶
type Algorithm ¶
type Algorithm int
Key algorithm type.
const ( // Unknown. AlgorithmUnknown Algorithm = iota // RSA 2048 bit key. AlgorithmRSA2048 // RSA 3072 bit key. AlgorithmRSA3072 // RSA 4096 bit key. AlgorithmRSA4096 // RSA 8192 bit key. AlgorithmRSA8192 // NIST P-256 elliptic curve key algorithms. AlgorithmECP256 // NIST P-384 elliptic curve key algorithms. AlgorithmECP384 // NIST P-521 elliptic curve key algorithms. AlgorithmECP521 // ED-25519. AlgorithmED25519 // AWS symmetric key algorithm. AlgorithmSymmetricAWS // GCP symmetric key algorithm. AlgorithmSymmetricGCP )
type Decrypter ¶
type Decrypter interface {
crypto.Decrypter
// Same as [crypto.Decrypter], but [context.Context] aware.
// - KMS libraries are already context aware and should help with tracing, and cancellation.
// - Do note however decryption payload limits set by the kms provider apply.
// - Unlike [crypto.Decrypter], rand is ignored, as decryption may happen remotely.
// so it can be nil.
DecryptContext(ctx context.Context, _ io.Reader, msg []byte, opts crypto.DecrypterOpts) (plaintext []byte, err error)
// KMS key creation time.
// - This can be used to calculate age of the key to help with periodic key rotation.
// - Building to GPG public key packets which are deterministic etc.
CreatedAt() time.Time
// Returns default hashing algorithm.
// - Some KMS providers restrict hashing algorithm.
// - If KMS key supports multiple algorithms, this
// returns sane default, typically [crypto.SHA256].
HashFunc() crypto.Hash
// Algorithm returns key algorithm.
Algorithm() Algorithm
}
Context aware KMS backed crypto.Decrypter. This extends crypto.Decrypter with additional methods for usage with KMS keys.
type Signer ¶
type Signer interface {
crypto.Signer
// Same as [crypto.Signer], but [context.Context] aware.
// - KMS libraries are already context aware and should help with tracing,
// and cancellation.
// - Unlike [crypto.Signer], rand is always ignored, as signing may be remote.
SignContext(ctx context.Context, rand io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error)
// KMS key creation time.
// - This can be used to calculate age of the key to help with periodic key rotation.
// - Building to GPG public key packets which are deterministic etc.
CreatedAt() time.Time
// Returns default hashing algorithm.
// - Some KMS providers restrict hashing algorithm. This
// ensures Signer selects appropriate hash supported by the KMS key.
// - If KMS key supports multiple signers, this
// returns sane default, typically [crypto.SHA256].
HashFunc() crypto.Hash
// Algorithm returns KMS key algorithm.
Algorithm() Algorithm
}
Context aware KMS backed crypto.Signer. This extends crypto.Signer with additional methods for usage with KMS keys.
Source Files
¶
Directories
¶
| Path | Synopsis |
|---|---|
|
Package gcpkms implements crypto.Signer and crypto.Decrypter backed by AWS KMS.
|
Package gcpkms implements crypto.Signer and crypto.Decrypter backed by AWS KMS. |
|
Package filekms implements crypto.Signer and crypto.Decrypter for keys stored on the filesystem.
|
Package filekms implements crypto.Signer and crypto.Decrypter for keys stored on the filesystem. |
|
Package gcpkms implements crypto.Signer and crypto.Decrypter backed by Google Cloud KMS.
|
Package gcpkms implements crypto.Signer and crypto.Decrypter backed by Google Cloud KMS. |
|
internal
|
|
|
ioutils
This package exists to de-duplicate code used in testing and code generation.
|
This package exists to de-duplicate code used in testing and code generation. |
|
testkeys
Package testkeys provides/generates test keys and test hashes.
|
Package testkeys provides/generates test keys and test hashes. |
|
Package memkms implements crypto.Signer and crypto.Decrypter for keys stored in memory.
|
Package memkms implements crypto.Signer and crypto.Decrypter for keys stored in memory. |
|
scripts
|
|