package encryption

import "github.com/containerd/imgcrypt/images/encryption"

Index

Functions

func CheckAuthorization 

func CheckAuthorization(ctx context.Context, cs content.Store, desc ocispec.Descriptor, dc *encconfig.DecryptConfig) error

CheckAuthorization checks whether a user has the right keys to be allowed to access an image (every layer) It takes decrypting of the layers only as far as decrypting the asymmetrically encrypted data The decryption is only done for the current platform

func DecryptImage 

func DecryptImage(ctx context.Context, cs content.Store, desc ocispec.Descriptor, cc *encconfig.CryptoConfig, lf LayerFilter) (ocispec.Descriptor, bool, error)

DecryptImage decrypts an image; it accepts either an OCI descriptor representing a manifest list or a single manifest

func DecryptLayer 

func DecryptLayer(dc *encconfig.DecryptConfig, dataReader io.Reader, desc ocispec.Descriptor, unwrapOnly bool) (ocispec.Descriptor, io.Reader, digest.Digest, error)

DecryptLayer decrypts the layer using the DecryptConfig and creates a new OCI Descriptor. The caller is expected to store the returned plain data and OCI Descriptor

func EncryptImage 

func EncryptImage(ctx context.Context, cs content.Store, desc ocispec.Descriptor, cc *encconfig.CryptoConfig, lf LayerFilter) (ocispec.Descriptor, bool, error)

EncryptImage encrypts an image; it accepts either an OCI descriptor representing a manifest list or a single manifest

func GetImageDecryptConverter 

func GetImageDecryptConverter(cc *encconfig.CryptoConfig, lf LayerFilter) converter.ConvertFunc

GetImageDecryptConverter returns a converter function for image decryption

func GetImageEncryptConverter 

func GetImageEncryptConverter(cc *encconfig.CryptoConfig, lf LayerFilter) converter.ConvertFunc

GetImageEncryptConverter returns a converter function for image encryption

func HasEncryptedLayer 

func HasEncryptedLayer(ctx context.Context, layerInfos []ocispec.Descriptor) bool

HasEncryptedLayer returns true if any LayerInfo indicates that the layer is encrypted

func IsEncryptedDiff 

func IsEncryptedDiff(_ context.Context, mediaType string) bool

IsEncryptedDiff returns true if mediaType is a known encrypted media type.

func WithAuthorizationCheck 

func WithAuthorizationCheck(dc *encconfig.DecryptConfig) containerd.NewContainerOpts

WithAuthorizationCheck checks the authorization of keys used for encrypted containers be checked upon creation of a container

func WithDecryptedUnpack 

func WithDecryptedUnpack(data *imgcrypt.Payload) diff.ApplyOpt

WithDecryptedUnpack allows to pass parameters the 'layertool' needs to the applier

func WithUnpackConfigApplyOpts 

func WithUnpackConfigApplyOpts(opt diff.ApplyOpt) containerd.UnpackOpt

WithUnpackConfigApplyOpts allows to pass an ApplyOpt

func WithUnpackOpts 

func WithUnpackOpts(opts []containerd.UnpackOpt) containerd.RemoteOpt

WithUnpackOpts is used to add unpack options to the unpacker.

Types

type LayerFilter 

type LayerFilter func(desc ocispec.Descriptor) bool

LayerFilter allows to select Layers by certain criteria

Source Files

any.go client.go encryption.go payload.go

Directories

PathSynopsis
images/encryption/parsehelpersPackage parsehelpers provides parse helpers for CLI applications.
Version
v1.1.11 (latest)
Published
Apr 19, 2024
Platform
js/wasm
Imports
25 packages
Last checked
11 minutes ago

Tools for package owners.