GetDigest returns the digest of an RSA public key.

GetSKI returns the SKI of a public key.

GetSKICert returns the SKI of a parsed X.509 Certificate.

GetSKICertPEM returns the SKI of a PEM encoded X.509 Certificate.

MakeErrorOp constructs an Operation representing a error message.

MakeErrorPacket constructs a Packet representing an error message.

MakePongOp constructs an Operation representing a pong message.

MakePongPacket constructs a Packet representing a pong message.

MakeRespondOp constructs an Operation representing a response message.

MakeRespondPacket constructs a Packet representing a response message.

NewPacket constructs a new packet with the given ID and Operation.

Respond constructs a response packet and writes it to w in the Keyless wire format.

RespondError constructs an error packet and writes it to w in the Keyless wire format.

RespondPong constructs a pong packet and writes it to w in the Keyless wire format.

ErrBadOpcode indicates use of unknown opcode in request.

ErrCertNotFound indicates missing certificate.

ErrCrypto indicates a cryptography failure.

ErrExpired indicates that the sealed blob is no longer unsealable.

ErrFormat indicates a malformed message.

ErrInternal indicates an internal error.

ErrKeyNotFound indicates key can't be found using the operation packet.

ErrNone indicates no error occurred.

ErrRead indicates I/O read failure.

ErrRemoteConfiguration indicates that a remote keyserver was not configured correctly.

ErrUnexpectedOpcode indicates use of response opcode in request.

ErrVersionMismatch indicates an unsupported or incorrect version.

OpCustom requests a custom operation that can be defined by a function set in the server configuration.

OpECDSASignMD5SHA1 requests an ECDSA signature on an MD5SHA1 hash payload.

OpECDSASignSHA1 requests an ECDSA signature on an SHA1 hash payload.

OpECDSASignSHA224 requests an ECDSA signature on an SHA224 hash payload.

OpECDSASignSHA256 requests an ECDSA signature on an SHA256 hash payload.

OpECDSASignSHA384 requests an ECDSA signature on an SHA384 hash payload.

OpECDSASignSHA512 requests an ECDSA signature on an SHA512 hash payload.

OpEd25519Sign requests an Ed25519 signature on an arbitrary-length payload.

OpError indicates some error has occurred, explanation is single byte in payload.

OpPing indicates a test message which will be echoed with opcode changed to OpPong.

OpPong indicates a response echoed from an OpPing test message.

OpResponse is used to send a block of data back to the client.

OpRPC executes an arbitrary exported function on the server.

OpRSADecrypt requests an RSA decrypted payload.

OpRSAPSSSignSHA256 requests an RSASSA-PSS signature on an SHA256 hash payload.

OpRSAPSSSignSHA384 requests an RSASSA-PSS signature on an SHA384 hash payload.

OpRSAPSSSignSHA512 requests an RSASSA-PSS signature on an SHA512 hash payload.

OpRSASignMD5SHA1 requests an RSA signature on an MD5SHA1 hash payload.

OpRSASignSHA1 requests an RSA signature on an SHA1 hash payload.

OpRSASignSHA224 requests an RSA signature on an SHA224 hash payload.

OpRSASignSHA256 requests an RSA signature on an SHA256 hash payload.

OpRSASignSHA384 requests an RSA signature on an SHA384 hash payload.

OpRSASignSHA512 requests an RSA signature on an SHA512 hash payload.

OpSeal asks to encrypt a blob (like a Session Ticket).

OpUnseal asks to decrypt a blob encrypted by OpSeal.

TagCertID implies the CertID of the certificate.

TagCertificateDigest implies a SHA256 Digest of a key.

TagClientIP implies an IPv4/6 address of the client connecting.

TagCustomFuncName implies a function name to use for the OpCustom Opcode.

TagExtra implies a supplemental payload.

TagJaegerSpan contains a binary encoded jaeger span context.

TagOpcode implies an opcode describing operation to be performed OR operation status.

TagPadding implies an item with a meaningless payload added for padding.

TagPayload implies a payload to sign or encrypt OR payload response.

TagReqContext contains request metadata.

TagServerIP implies an IPv4/6 address of the proxyed TLS server.

TagServerName implies server hostname (SNI) for the proxyed TLS server.

TagSubjectKeyIdentifier implies the Subject Key Identifier for the given key.

Header represents the header of a Keyless protocol message.

Operation defines a single (repeatable) keyless operation.

Packet represents the format for a Keyless protocol header and body.

Digest represents a SHA-256 digest of an RSA public key modulus.

Error defines a 1-byte error payload.

Op describing operation to be performed OR operation status.

SKI represents a subject key identifier used to index remote keys.

Tag marks the type of an Item.