CanonicalKeyID returns the ID of the public bytes version of a TUF key.

CertBundleToKey creates a TUF key from a leaf certs and a list of intermediates.

CertChainToPEM is a utility function returns a PEM encoded chain of x509 Certificates, in the order they are passed.

CertsToKeys transforms each of the input certificate chains into its corresponding PublicKey.

CertToKey transforms a single input certificate into its corresponding PublicKey.

CertToPEM is a utility function returns a PEM encoded x509 Certificate.

ConsistentName generates the appropriate HTTP URL path for the role, based on whether the repo is marked as consistent.

ConvertPrivateKeyToPKCS8 converts a data.PrivateKey to PKCS#8 Format.

ConvertTUFKeyToPKCS8 converts a private key (data.Private) to PKCS#8 and returns in DER format if password is not nil, it would convert the Private Key to Encrypted PKCS#8.

DoHash returns the digest of d using the hashing algorithm named in alg.

ECDSAToPrivateKey converts an ecdsa.Private key to a TUF data.PrivateKey type.

ED25519ToPrivateKey converts a serialized ED25519 key to a TUF data.PrivateKey type.

ExtractPrivateKeyAttributes extracts role and gun values from private key bytes.

FindRoleIndex returns the index of the role named <name> or -1 if no matching role is found.

GenerateECDSAKey generates an ECDSA Private key and returns a TUF PrivateKey.

GenerateED25519Key generates an ED25519 private key and returns a TUF PrivateKey.

GenerateKey returns a new private key using the provided algorithm or an error detailing why the key could not be generated.

GetIntermediateCerts parses a list of x509 Certificates and returns all of the ones marked as a CA, to be used as intermediates.

GetLeafCerts parses a list of x509 Certificates and returns all of them that aren't CA.

LoadCertBundleFromFile loads certificates from the []byte provided.

LoadCertBundleFromPEM loads certificates from the []byte provided.

LoadCertFromFile loads the first certificate from the file provided.

LoadCertFromPEM returns the first certificate found in a bunch of bytes or error if nothing is found.

NewCertificate returns an X509 Certificate following a template, given a Common Name and validity interval.

NewStack create a new stack.

ParsePEMPrivateKey returns a data.PrivateKey from a PEM encoded private key.

ParsePEMPublicKey returns a data.PublicKey from a PEM encoded public key or certificate.

ParsePKCS8ToTufKey requires PKCS#8 key in DER format and returns data.PrivateKey Password should be provided in case of Encrypted PKCS#8 key, else it should be nil.

RemoveUnusedKeys determines which keys in the slice of IDs are no longer used in the given targets file and removes them from the delegated keys map.

RoleNameSliceContains checks if the given string appears in the slice.

RoleNameSliceRemove removes the given RoleName from the slice, returning a new slice.

RSAToPrivateKey converts an rsa.Private key to a TUF data.PrivateKey type.

StrSliceContains checks if the given string appears in the slice.

UnusedDelegationKeys prunes a list of keys, returning those that are no longer in use for a given targets file.

ValidateCertificate returns an error if the certificate is not valid for notary Currently this is only ensuring the public key has a large enough modulus if RSA, using a non SHA1 signature algorithm, and an optional time expiry check.

X509PublicKeyID returns a public key ID as a string, given a data.PublicKey that contains an X509 Certificate.

ErrBadTypeCast is used by PopX functions when the item cannot be typed to X.

ErrEmptyStack is used when an action that requires some content is invoked and the stack is empty.

NoopCloser is a simple Reader wrapper that does nothing when Close is called.

Stack is a simple type agnostic stack implementation.

RoleList is a list of roles.