Commit graph

17 commits

Author SHA1 Message Date
Mariano Cano
6d644880bd Allow to kms signers to define the SignatureAlgorithm
CloudKMS keys signs data using an specific signature algorithm, in RSA keys,
this can be PKCS#1 RSA or RSA-PSS, if the later is used, x509.CreateCertificate
will fail unless the template SignatureCertificate is properly set.

On contrast, AWSKMS RSA keys, are just RSA keys, and can sign with PKCS#1 or
RSA-PSS schemes, so right now the way to enforce one or the other is to used
templates.
2021-09-08 17:48:50 -07:00
Mariano Cano
a864f0134d Fix key version when SHA512WithRSA is used.
There was a typo creating RSA keys with SHA256 digests instead of
SHA512
2021-08-16 14:47:38 -07:00
Mariano Cano
163eb7029c Refactor cloudkms signer to return an error on the constructor. 2021-02-19 15:36:55 -08:00
Mariano Cano
cae08bff80 Validate that the signer can get the public key. 2021-02-19 11:28:35 -08:00
Mariano Cano
4c562160fc Fix typo. 2021-02-16 14:52:55 -08:00
Mariano Cano
a947779795 Add uri support initializing cloudkms. 2021-02-16 13:11:47 -08:00
Mariano Cano
d30a95236d Use always go.step.sm/crypto 2020-08-14 15:33:50 -07:00
Mariano Cano
63e36ecd7a Refactor the initialization of KeyManagers. 2020-05-11 18:47:22 -07:00
Mariano Cano
1138cc4207 Retry CloudKMS GetPublicKey.
On HSM keys are not generated instantly and the GetPublicKey fails
with a FailedPrecondition error. This change will retry GetPublicKey
if this happens.
2020-02-21 12:36:29 -08:00
Mariano Cano
b11bbd5728 Fix typo. 2020-02-13 18:34:43 -08:00
Mariano Cano
fa8116497c Make Signer public and add contructor NewCloudKMS. 2020-01-21 19:09:21 -08:00
Mariano Cano
5d5ee68d88 Make GCP client public to facilitate extensibility. 2020-01-21 12:50:21 -08:00
Mariano Cano
dff498f17f Add tests for cloudkms. 2020-01-15 19:32:26 -08:00
Mariano Cano
a773977a81 Fix interface change. 2020-01-15 17:29:34 -08:00
Mariano Cano
927a3b3a86 Return crypto.PublicKey on kms.GetPublicKey. 2020-01-15 17:27:21 -08:00
Mariano Cano
e60beeb7fc Make cloudkms more robust.
* Automatically create key rings if needed.
* User CryptoKeyVersions if needed.
* Add support to close the client.
* Add new pareters to CreateKey responses to make things easier.
2020-01-14 18:43:39 -08:00
Mariano Cano
d13754166a Add support for cloudkms and softkms. 2020-01-09 18:41:13 -08:00