package keyutils

v2 – github.com/moby/swarmkit/v2/ca/keyutils Index | Files

package keyutils

import "github.com/moby/swarmkit/v2/ca/keyutils"

Package keyutils serves as a utility to parse, encrypt and decrypt PKCS#1 and PKCS#8 private keys based on current FIPS mode status, supporting only EC type keys. It always allows PKCS#8 private keys and disallow PKCS#1 private keys in FIPS-mode.

Index ¶

Variables
func IsEncryptedPEMBlock(block *pem.Block) bool
func IsPKCS8(derBytes []byte) bool
type Formatter

Variables ¶

var ErrFIPSUnsupportedKeyFormat = errors.New("unsupported key format due to FIPS compliance")

ErrFIPSUnsupportedKeyFormat is returned when encryption/decryption operations are attempted on a PKCS1 key when FIPS mode is enabled.

Functions ¶

func IsEncryptedPEMBlock ¶

func IsEncryptedPEMBlock(block *pem.Block) bool

IsEncryptedPEMBlock checks if a PKCS#1 or PKCS#8 PEM-block is encrypted or not

func IsPKCS8 ¶

func IsPKCS8(derBytes []byte) bool

IsPKCS8 returns true if the provided der bytes is encrypted/unencrypted PKCS#8 key

Types ¶

type Formatter ¶

type Formatter interface {
	ParsePrivateKeyPEMWithPassword(pemBytes, password []byte) (crypto.Signer, error)
	DecryptPEMBlock(block *pem.Block, password []byte) ([]byte, error)
	EncryptPEMBlock(data, password []byte) (*pem.Block, error)
}

Formatter provides an interface for converting keys to the right format, and encrypting and decrypting keys

var Default Formatter = &utils{fips: false}

Default is the default key util, where FIPS is not required

var FIPS Formatter = &utils{fips: true}

FIPS is the key utility which enforces FIPS compliance

Source Files ¶

keyutils.go

Version: v2.0.0-20250103191802-8c1959736554 (latest)
Published: Jan 3, 2025
Platform: linux/amd64
Imports: 7 packages
Last checked: 1 week ago –

Tools for package owners.

?	: This menu
/	: Search site
f	: Jump to identifier
g then g	: Go to top of page
g then b	: Go to end of page
G	: Go to end of page
g then i	: Go to index
g then e	: Go to examples