The library has been developed to simply the process for provisioning HPVS on both IBM Cloud and On Prem. For more details regarding HPVS, refer Confidential computing with LinuxONE
This library depends on Sashwat-K/hpcr-encryption-certificate and Sashwat-K/hpcr-contract-schema Go libraries to get latest HPCR certificate and HPCR contract schema respectively.
This function decrypts encrypted attestation records.
import "github.com/Sashwat-K/lib-hpcr/attestation"
func main() {
decryptedAttestationRecords, err := HpcrGetAttestationRecords(encryptedChecksum, privateKey)
}- Encrypted attestation records
- Private key
- Decrypted attestation records
This function downloads HPCR encryption certificates from IBM Cloud.
import "github.com/Sashwat-K/lib-hpcr/certificate"
func main() {
certs, err := HpcrDownloadEncryptionCertificates(sampleEncryptionCertVersionsList)
}- List of versions to download (eg: ["1.1.14", "1.1.15"])
- Certificates and versions as JSON string
This function returns encryption certificate and version from HpcrDownloadEncryptionCertificates() output.
import "github.com/Sashwat-K/lib-hpcr/certificate"
func main() {
version, cert, err := HpcrGetEncryptionCertificateFromJson(sampleJsonData, desiredVersion)
}- Encryption certificate JSON string
- Version name
- Version name
- Encryption Certificate
This function generates Base64 for given string.
import "github.com/Sashwat-K/lib-hpcr/contract"
func main() {
base64, inputSha256, outputSha256, err := HpcrText(sampleStringData)
}- Text to encode
- Base64 of input
- Checksum of input
- Checksum of output
This function encrypts text and formats text as per hyper-protect-basic.<encoded-encrypted-password>.<encoded-encrypted-data>.
import "github.com/Sashwat-K/lib-hpcr/contract"
func main() {
encryptedText, inputSha256, outputSha256, err := HpcrTextEncrypted(sampleStringData, encryptionCertificate)
}- Text to encrypt
- Encryption certificate (optional)
- Encrypted text
- Checksum of input
- Checksum of output
This function generates Base64 of JSON input
import "github.com/Sashwat-K/lib-hpcr/contract"
func main() {
base64, inputSha256, outputSha256, err := HpcrJson(sampleStringJson)
}- Text to encode
- Base64 of input
- Checksum of input
- Checksum of output
This function generates encrypts JSON and formats text as per hyper-protect-basic.<encoded-encrypted-password>.<encoded-encrypted-data>.
import "github.com/Sashwat-K/lib-hpcr/contract"
func main() {
encryptedJson, inputSha256, outputSha256, err := HpcrJsonEncrypted(sampleStringJson, encryptionCertificate)
}- JSON text to encrypt
- Encryption certificate (optional)
- Encrypted text
- Checksum of input
- Checksum of output
This function generates base64 of TGZ that contains files under the given folder
import "github.com/Sashwat-K/lib-hpcr/contract"
func main() {
encodedTgz, inputSha256, outputSha256, err := HpcrTgz(composePath)
}- Path of folder
- Base64 of TGZ where TGZ is contents of given folder
- Checksum of imput
- Checksum of output
This function first generates base64 of TGZ that contains files under the given folder and then encrypts the data as per hyper-protect-basic.<encoded-encrypted-password>.<encoded-encrypted-data>.
import "github.com/Sashwat-K/lib-hpcr/contract"
func main() {
encodedTgz, inputSha256, outputSha256, err := HpcrTgzEncrypted(composePath, encryptionCertificate)
}- Path of folder
- encrypted base64 of TGZ where TGZ is contents of given folder
- Checksum of input
- Checksum of output
This function generates a signed and encrypted contract with format hyper-protect-basic.<encoded-encrypted-password>.<encoded-encrypted-data>.
import "github.com/Sashwat-K/lib-hpcr/contract"
func main() {
signedEncryptedContract, inputSha256, outputSha256, err := HpcrContractSignedEncrypted(contract, encryptionCertificate, privateKey)
}- Contract
- Encryption certificate (optional)
- Private Key for signing
- Signed and encrypted contract
- Checksum of input
- Checksum of output
This function generates a signed and encrypted contract with contract expiry enabled. The output will be of the format hyper-protect-basic.<encoded-encrypted-password>.<encoded-encrypted-data>.
import "github.com/Sashwat-K/lib-hpcr/contract"
func usingCsrParams() {
sampleCeCSRPems = map[string]interface{}{
"country": "IN",
"state": "Karnataka",
"location": "Bangalore",
"org": "IBM",
"unit": "ISDL",
"domain": "HPVS",
"mail": "sashwat.k@ibm.com",
}
signedEncryptedCEContract, inputSha256, outputSha256, err := HpcrContractSignedEncryptedContractExpiry(contract, encryptionCertificate, privateKey, caCert, caKey, string(csrParams), "", sampleContractExpiryDays)
}
func usingCsrPem() {
signedEncryptedCEContract, inputSha256, outputSha256, err := HpcrContractSignedEncryptedContractExpiry(contract, encryptionCertificate, privateKey, caCert, caKey, "", csr, sampleContractExpiryDays)
}- Contract
- Encryption certificate (optional)
- Private Key for signing
- CA Certificate
- CA Key
- CSR Parameter JSON as string
- CSR PEM file
- Expiry of contract in number of days
The point 6 and 7 if one of. That is, either CSR parameters or CSR PEM file.
The CSR parameters should be of the format:-
"country": "IN",
"state": "Karnataka",
"location": "Bangalore",
"org": "IBM",
"unit": "ISDL",
"domain": "HPVS",
"mail": "sashwat.k@ibm.com"
- Signed and encrypted contract
- Checksum of input
- Checksum of output
This function selects the latest HPCR image details from image list out from IBM Cloud images API.
import "github.com/Sashwat-K/lib-hpcr/image"
func main() {
imageId, imageName, imageChecksum, ImageVersion, err := HpcrSelectImage(imageJsonList, version)
}- Image JSON from IBM Cloud images API
- version to select (optional)
- Image ID
- Image name
- Image checksum
- Image version
- Sashwat-K/hpcr-encryption-certificate - Go library that gets latest HPCR encryption certificate
- Sashwat-K/hpcr-contract-schema - Go library that gets latest HPCR contract schema
Shoot mail @ sashwat.k@ibm.com