open-vault/sdk/helper/keysutil
Alexander Scheel 04bb7eef15
Update transit public keys for Ed25519 support (#20727)
* Refine documentation for public_key

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Support additional key types in importing version

This originally left off the custom support for Ed25519 and RSA-PSS
formatted keys that we've added manually.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add support for Ed25519 keys

Here, we prevent importing public-key only keys with derived Ed25519
keys. Notably, we still allow import of derived Ed25519 keys via private
key method, though this is a touch weird: this private key must have
been packaged in an Ed25519 format (and parseable through Go as such),
even though it is (strictly) an HKDF key and isn't ever used for Ed25519.

Outside of this, importing non-derived Ed25519 keys works as expected.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add public-key only export method to Transit

This allows the existing endpoints to retain private-key only, including
empty strings for versions which lack private keys. On the public-key
endpoint, all versions will have key material returned.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update tests for exporting via public-key interface

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add public-key export option to docs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-24 11:26:35 -04:00
..
cache.go
consts.go
encrypted_key_storage.go
encrypted_key_storage_test.go
lock_manager.go Provide public key encryption via transit engine (#17934) 2023-05-11 11:56:46 +00:00
managed_key_util.go
policy.go Update transit public keys for Ed25519 support (#20727) 2023-05-24 11:26:35 -04:00
policy_test.go Provide public key encryption via transit engine (#17934) 2023-05-11 11:56:46 +00:00
transit_lru.go
transit_syncmap.go
util.go