Package audit implements a mechanism for writing auditable events to an audit log.

Package bcrypter defines the mechanisms for blessings based encryption and decryption.

Package keys provides support for working with an extensible set of cryptographic keys.

Package passphrase contains utilities for reading a passphrase.

Package securityflag implements utilities for creating security objects based on flags.

This file was auto-generated by the vanadium vdl tool.

APIForKey calls APIForKey on KeyRegistrar().

BlessingRootsReadonly specifies a readonly store from which blessings can be read.

BlessingRootsUpdate specifies that blessing roots should be periodically reloaded to obtain any changes made to them by another entity.

BlessingRootsWriteable specifies a writeable store on which blessings can be stored.

BlessingRootsX509VerifyOptions specifies the x509 verification options to use with a blessing roots store.

BlessingStoreReadonly specifies a readonly store from which blessings can be read.

BlessingStoreUpdate specifies that blessings should be periodically reloaded to obtain any changes made to them by another entity.

BlessingStoreWriteable specifies a writeable store on which blessings can be stored.

ConvertPrivateKeyForPrincipal will convert a private key encoded in a PEM block in any supported format to a PEM block of type 'PRIVATE KEY' encoded as PKCS8.

CreateFilesystemStore returns a store hosted on the local filesystem that can be used to create a new credentials store (and hence principal).

CreatePersistentPrincipal wraps CreatePersistentPrincipalUsingKey to create a new Principal using a newly generated ECSDA key using the P.256 curve.

CreatePersistentPrincipalUsingKey creates a new Principal using the supplied key and commits all state changes to the provided directory.

CreatePrincipalOpts creates a Principal using the specified options.

DecodeBlessingsBase64 decodes blessings from the supplied base64 url encoded string.

DecodePublicKeyBase64 decodes a public key from the supplied base64 url encoded string.

EncodeBlessingsBase64 encodes the supplied blessings as a base 64 url encoded string.

EncodePublicKeyBase64 encodes the supplied public key as a base64 url encoded string.

FilesystemStoreReader returns a CredentialsStoreReader for an existing local file system credentials store.

FilesystemStoreWriter returns a CredentialsStoreReadWriter for an existing local file system credentials store.

FixedBlessingsStore returns a BlessingStore implementation that always returns a fixed set of blessings (b) for both Default and ForPeer.

ForkPrincipal returns a principal that has the same private key as p but uses store and roots instead of the BlessingStore and BlessingRoots in p.

FromBlessingRoots specifies a security.BlessingRoots to use with the new principal.

FromBlessingStore specifies a If not specified, a security.BlessingStore will be created by LoadPrincipalOpts.

FromPassphrase specifies the passphrase to use for decrypting private key information.

FromPublicKeyOnly specifies whether the principal to be created can be restricted to having only a public key.

FromReadonly specifies a readonly store from which credentials information can be read.

FromWritable specifies a writeable store from credentials information can be read.

ImmutableBlessingRoots returns a BlessingRoots implementation that is identical to r, except that all mutation operations fail.

ImmutableBlessingStore returns a BlessingStore implementation that is identical to r, except that Set* methods will fail.

ImportPrivateKeyFile returns the byte representation for an imported private key file.

InitDefaultBlessings uses the provided principal to create a self blessing for name 'name', sets it as default on the principal's BlessingStore and adds it as root to the principal's BlessingRoots.

KeyRegistrar exposes the keys.Registrar used by this package to allow for external packages to extend the set of supported key types.

LoadPersistentPrincipal reads state for a principal (private key, BlessingRoots, BlessingStore) from the provided directory 'dir' and commits all state changes to the same directory.

LoadPersistentPrincipalDaemon is like LoadPersistentPrincipal but is intended for use in long running applications which may not need to initiate changes to the principal but may need to reload their blessings roots and stores.

LoadPersistentPrincipalWithPassphrasePrompt is like LoadPersistentPrincipal but will prompt for a passphrase if one is required.

LoadPrincipalOpts loads the state required to create a principal according to the specified options.

MarshalPrivateKey calls MarshalPrivateKey on KeyRegistrar().

MarshalPublicKey calls MarshalPublicKey on KeyRegistrar().

MustForkPrincipal is identical to ForkPrincipal, except that it panics on error (such as if store is bound to a different PublicKey than p).

NewBlessingRoots returns an implementation of security.BlessingRoots that keeps all state in memory.

NewBlessingRootsOpts returns an implementation of security.BlessingRoots according to the supplied options.

NewBlessingStore returns an in-memory security.BlessingStore for a principal with the provided PublicKey.

NewBlessingStore returns an implementation of security.BlessingStore according to the supplied options.

NewPrincipal mints a new private (ecdsa) key and generates a principal based on this key, storing its BlessingRoots and BlessingStore in memory.

NewPrincipalFromSigner creates a new Principal using the provided Signer with in-memory blessing roots and blessings store.

NewSigner returns a new security.Signer using a new private key of the requested type.

NewSignerFromKey returns a new security.Signer using the supplied private key.

ParsePrivateKey calls ParsePrivateKey on KeyRegistrar().

ParsePublicKey calls ParsePublicKey on KeyRegistrar().

PrepareDischarges retrieves the caveat discharges required for using blessings at server.

PrivateKeyFromFileWithPrompt reads a private key file from the specified file and will only prompt for a passphrase if the contents of the file are encrypted.

PrivateKeyWithPrompt parses the supplied key bytes to obtain a private key and will only prompt for a passphrase if those.

RefreshInterval specifies that credentials state should be periodically reloaed to obtain any changes made to them by another entity.

SetDefault`Blessings `sets the provided blessings as default and shareable with all peers on provided principal's BlessingStore, and also adds it as a root to the principal's BlessingRoots.

WithBlessingRoots specifies the security.BlessingRoots to use for the new principal.

WithBlessingStore specifies the security.BlessingStore to use for the new principal.

WithPrivateKey specifies the private key to use for the new principal.

WithPrivateKeyBytes specifies the public and private key bytes to use when creating a principal.

WithPublicKeyBytes specifies the public key bytes to use when creating a public-key only principal.

WithPublicKeyOnly specifies whether the principal to be created can be restricted to having only a public key.

WithSigner specifies the security.Signer to use for the new principal.

WithStore specifies the credentials store to use for creating a new principal.

WithX509Certificate specifies the x509 certificate to associate with this principal.

ZeroPassphrase overwrites the passphrase.

DischargeRefreshFraction determines how early before their expiration time we refresh discharges.

LockBlessingRoots requests a lock on the blessings roots.

LockBlessingStore requests a lock on the blessings store.

LockKeyStore requests a lock on the key information.

ErrBadPassphrase is a possible return error from LoadPersistentPrincipal().

ErrPassphraseRequired is a possible return error from LoadPersistentPrincipal().

CredentialsStoreCreator represents the operations to create a new credentials store.

CredentialsStoreReader represents the read-only operations on a credentials store.

CredentialsStoreReadWriter represents a mutable credentials store.

CredentialsStoreWriter represents the write operations on a credentials store.

DischargeCache is a subset of the security.BlessingStore interface that deals with caching discharges.

SerializerWriter is a factory for managing the readers used for deserialization of signed data.

SerializerWriter is a factory for managing the writers used for serialization of signed data.

BlessingRootsOption represents an option to NewBlessingRootOpts.

BlessingStoreOption represents an option to NewBlessingStoreOpts.

CreateBlessingRoots is invoked by LoadPrincipalOpts to create a custom security.BlessingRoots using the supplied key information.

CreateBlessingStore is invoked by LoadPrincipalOpts to create a custom security.BlessingStore using the supplied key information.

CreatePrincipalOption represents an option to CreatePrincipalOpts.

LoadPrincipalOption represents an option to LoadPrincipalOpts.

LockScope represents the scope of a read/write or read-only lock on a credentials store.