Categorygithub.com/docker/libtrust
modulepackage
0.0.0-20160708172513-aabc10ec26b7
Repository: https://github.com/docker/libtrust.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
31
Dependents
1.4k
Files
2.5k SLOC

# README

libtrust

WARNING this library is no longer actively developed, and will be integrated in the [docker/distribution][https://www.github.com/docker/distribution] repository in future.

Libtrust is library for managing authentication and authorization using public key cryptography.

Authentication is handled using the identity attached to the public key. Libtrust provides multiple methods to prove possession of the private key associated with an identity.

  • TLS x509 certificates
  • Signature verification
  • Key Challenge

Authorization and access control is managed through a distributed trust graph. Trust servers are used as the authorities of the trust graph and allow caching portions of the graph for faster access.

Copyright and license

Code and documentation copyright 2014 Docker, inc. Code released under the Apache 2.0 license. Docs released under Creative commons.

# Packages

No description provided by the author
No description provided by the author
No description provided by the author

# Functions

AddKeySetFile adds a key to a key set.
FilterByHosts filters the list of PublicKeys to only those which contain a 'hosts' pattern which matches the given host.
FromCryptoPrivateKey returns a libtrust PrivateKey representation of the given *ecdsa.PrivateKey or *rsa.PrivateKey.
FromCryptoPublicKey returns a libtrust PublicKey representation of the given *ecdsa.PublicKey or *rsa.PublicKey.
GenerateCACert creates a certificate which can be used as a trusted certificate authority.
GenerateCACertPool creates a certificate authority pool to be used for a TLS configuration.
GenerateECP256PrivateKey generates a key pair using elliptic curve P-256.
GenerateECP384PrivateKey generates a key pair using elliptic curve P-384.
GenerateECP521PrivateKey generates aß key pair using elliptic curve P-521.
GenerateRSA2048PrivateKey generates a key pair using 2048-bit RSA.
GenerateRSA3072PrivateKey generates a key pair using 3072-bit RSA.
GenerateRSA4096PrivateKey generates a key pair using 4096-bit RSA.
GenerateSelfSignedClientCert creates a self-signed certificate for the given key which is to be used for TLS clients.
GenerateSelfSignedServerCert creates a self-signed certificate for the given key which is to be used for TLS servers with the given domains and IP addresses.
LoadCertificateBundle loads certificates from the given file.
LoadCertificatePool loads a CA pool from the given file.
LoadKeyFile opens the given filename and attempts to read a Private Key encoded in either PEM or JWK format (if .json or .jwk file extension).
LoadKeySetFile loads a key set.
LoadOrCreateTrustKey will load a PrivateKey from the specified path.
LoadPublicKeyFile opens the given filename and attempts to read a Public Key encoded in either PEM or JWK format (if .json or .jwk file extension).
NewCertAuthTLSConfig creates a tls.Config for the server to use for certificate authentication.
NewClientKeyManager loads a new manager from a set of key files and managed by the given private key.
NewIdentityAuthTLSClientConfig returns a tls.Config configured to use identity based authentication from the specified dockerUrl, the rootConfigPath and the server name to which it is connecting.
NewIdentityAuthTLSConfig creates a tls.Config for the server to use for libtrust identity authentication for the domain specified.
NewJSONSignature returns a new unsigned JWS from a json byte array.
NewJSONSignatureFromMap returns a new unsigned JSONSignature from a map or struct.
ParseJWS parses a JWS serialized JSON object into a Json Signature.
ParsePrettySignature parses a formatted signature into a JSON signature.
SaveKey saves the given key to a file using the provided filename.
SavePublicKey saves the given public key to the file.
UnmarshalPrivateKeyJWK unmarshals the given JSON Web Key into a generic Private Key to be used with libtrust.
UnmarshalPrivateKeyPEM parses the PEM encoded data and returns a libtrust PrivateKey or an error if there is a problem with the encoding.
UnmarshalPublicKeyJWK unmarshals the given JSON Web Key into a generic Public Key to be used with libtrust.
UnmarshalPublicKeyJWKSet parses the JSON encoded data as a JSON Web Key Set and returns a slice of Public Key objects.
UnmarshalPublicKeyPEM parses the PEM encoded data and returns a libtrust PublicKey or an error if there is a problem with the encoding.
UnmarshalPublicKeyPEMBundle parses the PEM encoded data as a bundle of PEM blocks appended one after the other and returns a slice of PublicKey objects that it finds.

# Variables

ErrInvalidJSONContent is used when invalid json is encountered.
ErrInvalidSignContent is used when the content to be signed is invalid.
ErrKeyFileDoesNotExist indicates that the private key file does not exist.
ErrMissingSignatureKey is used when the specified signature key does not exist in the JSON content.

# Structs

ClientKeyManager manages client keys on the filesystem.
JSONSignature represents a signature of a json object.

# Interfaces

PrivateKey is a generic interface for a Private Key.
PublicKey is a generic interface for a Public Key.