alexvanin/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity
2374 commits 34 branches 199 tags 41 MiB
Commit graph

7 commits

Author SHA1 Message Date
Mariano Cano
6d644880bd Allow to kms signers to define the SignatureAlgorithm 
CloudKMS keys signs data using an specific signature algorithm, in RSA keys,
this can be PKCS#1 RSA or RSA-PSS, if the later is used, x509.CreateCertificate
will fail unless the template SignatureCertificate is properly set.

On contrast, AWSKMS RSA keys, are just RSA keys, and can sign with PKCS#1 or
RSA-PSS schemes, so right now the way to enforce one or the other is to used
templates.
 2021-09-08 17:48:50 -07:00
Mariano Cano
163eb7029c Refactor cloudkms signer to return an error on the constructor. 2021-02-19 15:36:55 -08:00
Mariano Cano
d30a95236d Use always go.step.sm/crypto 2020-08-14 15:33:50 -07:00
Mariano Cano
fa8116497c Make Signer public and add contructor NewCloudKMS. 2020-01-21 19:09:21 -08:00
Mariano Cano
dff498f17f Add tests for cloudkms. 2020-01-15 19:32:26 -08:00
Mariano Cano
e60beeb7fc Make cloudkms more robust. 
* Automatically create key rings if needed.
* User CryptoKeyVersions if needed.
* Add support to close the client.
* Add new pareters to CreateKey responses to make things easier.
 2020-01-14 18:43:39 -08:00
Mariano Cano
d13754166a Add support for cloudkms and softkms. 2020-01-09 18:41:13 -08:00