Archives/smallstep-certificates
2
0
Fork 0
mirror of https://github.com/smallstep/certificates.git synced 2024-11-15 18:12:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,383 Commits 39 Branches 223 Tags 44 MiB
91d51c2b88
Commit Graph

19 Commits

Author SHA1 Message Date
Herman Slatman
e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues 2021-11-13 01:30:03 +01:00
Mariano Cano
6d644880bd Allow to kms signers to define the SignatureAlgorithm 
CloudKMS keys signs data using an specific signature algorithm, in RSA keys,
this can be PKCS#1 RSA or RSA-PSS, if the later is used, x509.CreateCertificate
will fail unless the template SignatureCertificate is properly set.

On contrast, AWSKMS RSA keys, are just RSA keys, and can sign with PKCS#1 or
RSA-PSS schemes, so right now the way to enforce one or the other is to used
templates.
 2021-09-08 17:48:50 -07:00
Mariano Cano
a864f0134d Fix key version when SHA512WithRSA is used. 
There was a typo creating RSA keys with SHA256 digests instead of
SHA512
 2021-08-16 14:47:38 -07:00
Mariano Cano
163eb7029c Refactor cloudkms signer to return an error on the constructor. 2021-02-19 15:36:55 -08:00
Mariano Cano
cae08bff80 Validate that the signer can get the public key. 2021-02-19 11:28:35 -08:00
Mariano Cano
4c562160fc Fix typo. 2021-02-16 14:52:55 -08:00
Mariano Cano
a947779795 Add uri support initializing cloudkms. 2021-02-16 13:11:47 -08:00
Mariano Cano
d30a95236d Use always go.step.sm/crypto 2020-08-14 15:33:50 -07:00
Mariano Cano
63e36ecd7a Refactor the initialization of KeyManagers. 2020-05-11 18:47:22 -07:00
Mariano Cano
1138cc4207 Retry CloudKMS GetPublicKey. 
On HSM keys are not generated instantly and the GetPublicKey fails
with a FailedPrecondition error. This change will retry GetPublicKey
if this happens.
 2020-02-21 12:36:29 -08:00
Mariano Cano
b11bbd5728 Fix typo. 2020-02-13 18:34:43 -08:00
Mariano Cano
cff346e7fd Skip test on travis, it won't fail because they have access to the KMS. 2020-02-13 15:49:16 -08:00
Mariano Cano
fa8116497c Make Signer public and add contructor NewCloudKMS. 2020-01-21 19:09:21 -08:00
Mariano Cano
5d5ee68d88 Make GCP client public to facilitate extensibility. 2020-01-21 12:50:21 -08:00
Mariano Cano
dff498f17f Add tests for cloudkms. 2020-01-15 19:32:26 -08:00
Mariano Cano
a773977a81 Fix interface change. 2020-01-15 17:29:34 -08:00
Mariano Cano
927a3b3a86 Return crypto.PublicKey on kms.GetPublicKey. 2020-01-15 17:27:21 -08:00
Mariano Cano
e60beeb7fc Make cloudkms more robust. 
* Automatically create key rings if needed.
* User CryptoKeyVersions if needed.
* Add support to close the client.
* Add new pareters to CreateKey responses to make things easier.
 2020-01-14 18:43:39 -08:00
Mariano Cano
d13754166a Add support for cloudkms and softkms. 2020-01-09 18:41:13 -08:00