CertBundleToKey creates a TUF key from a leaf certs and a list of intermediates.

CertChainToPEM is a utility function returns a PEM encoded chain of x509 Certificates, in the order they are passed.

CertsToKeys transforms each of the input certificate chains into its corresponding PublicKey.

CertToKey transforms a single input certificate into its corresponding PublicKey.

CertToPEM is a utility function returns a PEM encoded x509 Certificate.

ECDSAToPrivateKey converts an ecdsa.Private key to a TUF data.PrivateKey type.

ED25519ToPrivateKey converts a serialized ED25519 key to a TUF data.PrivateKey type.

EncryptPrivateKey returns an encrypted PEM key given a Privatekey and a passphrase.

GenerateECDSAKey generates an ECDSA Private key and returns a TUF PrivateKey.

GenerateED25519Key generates an ED25519 private key and returns a TUF PrivateKey.

GenerateRSAKey generates an RSA private key and returns a TUF PrivateKey.

GetIntermediateCerts parses a list of x509 Certificates and returns all of the ones marked as a CA, to be used as intermediates.

GetLeafCerts parses a list of x509 Certificates and returns all of them that aren't CA.

GetPasswdDecryptBytes gets the password to decrypt the given pem bytes.

KeyInfoFromPEM attempts to get a keyID and KeyInfo from the filename and PEM bytes of a key.

KeyToPEM returns a PEM encoded key from a Private Key.

LoadCertBundleFromFile loads certificates from the []byte provided.

LoadCertBundleFromPEM loads certificates from the []byte provided.

LoadCertFromFile loads the first certificate from the file provided.

LoadCertFromPEM returns the first certificate found in a bunch of bytes or error if nothing is found.

NewCertificate returns an X509 Certificate following a template, given a GUN and validity interval.

NewFileStore creates a fully configurable file store.

NewKeyFileStore returns a new KeyFileStore creating a private directory to hold the keys.

NewKeyMemoryStore returns a new KeyMemoryStore which holds keys in memory.

NewMemoryFileStore creates a MemoryFileStore.

NewPrivateSimpleFileStore is a wrapper to create an owner readable/writeable _only_ filestore.

NewSimpleFileStore is a convenience wrapper to create a world readable, owner writeable filestore.

ParsePEMPrivateKey returns a data.PrivateKey from a PEM encoded private key.

ParsePEMPublicKey returns a data.PublicKey from a PEM encoded public key or certificate.

ReadRoleFromPEM returns the value from the role PEM header, if it exists.

RSAToPrivateKey converts an rsa.Private key to a TUF data.PrivateKey type.

ValidateCertificate returns an error if the certificate is not valid for notary Currently this is only a time expiry check, and ensuring the public key has a large enough modulus if RSA.

X509PublicKeyID returns a public key ID as a string, given a data.PublicKey that contains an X509 Certificate.

ErrPathOutsideStore indicates that the returned path would be outside the store.

ErrAttemptsExceeded is returned when too many attempts have been made to decrypt a key.

ErrKeyNotFound is returned when the keystore fails to retrieve a specific key.

ErrPasswordInvalid is returned when signing fails.

KeyFileStore persists and manages private keys on disk.

KeyInfo stores the role, path, and gun for a corresponding private key ID It is assumed that each private key ID is unique.

KeyMemoryStore manages private keys in memory.

MemoryFileStore is an implementation of Storage that keeps the contents in memory.

SimpleFileStore implements FileStore.

KeyStore is a generic interface for private key storage.

Storage implements the bare bones primitives (no hierarchy).