...

Package linux

import "github.com/googleapis/enterprise-certificate-proxy/linux"
Overview
Index

Overview ▾

Package linux contains a linux-specific client for accessing the PKCS#11 APIs directly, bypassing the RPC-mechanism of the universal client.

type SecureKey

SecureKey is a public wrapper for the internal PKCS#11 implementation. 

type SecureKey struct {
    // contains filtered or unexported fields
}

func NewSecureKey 

func NewSecureKey(pkcs11Module string, slotUint32Str string, label string, userPin string) (*SecureKey, error)

NewSecureKey returns a handle to the first available certificate and private key pair in the specified PKCS#11 Module matching the filters.

func (*SecureKey) CertificateChain 

func (sk *SecureKey) CertificateChain() [][]byte

CertificateChain returns the SecureKey's raw X509 cert chain. This contains the public key.

func (*SecureKey) Close 

func (sk *SecureKey) Close()

Close frees up resources associated with the underlying key.

func (*SecureKey) Decrypt 

func (sk *SecureKey) Decrypt(_ io.Reader, msg []byte, opts crypto.DecrypterOpts) (plaintext []byte, err error)

Decrypt decrypts a ciphertext msg into plaintext, using the specified decrypter opts. Implements crypto.Decrypter interface.

func (*SecureKey) Encrypt 

func (sk *SecureKey) Encrypt(_ io.Reader, msg []byte, opts any) (ciphertext []byte, err error)

Encrypt encrypts a plaintext msg into ciphertext, using the specified encrypt opts.

func (*SecureKey) Public 

func (sk *SecureKey) Public() crypto.PublicKey

Public returns the public key for this SecureKey.

func (*SecureKey) Sign 

func (sk *SecureKey) Sign(_ io.Reader, digest []byte, opts crypto.SignerOpts) (signed []byte, err error)

Sign signs a message digest, using the specified signer opts. Implements crypto.Signer interface.