Implements crypto.Signer and crypto.Decrypter for keys typically backed by KMS service. Currently it supports keys backed by,
- Google Cloud KMS
- AWS KMS
- Filesystem
- From memory.
Dependencies are neatly isolated. If you pull gcpkms package only google cloud dependencies should be pulled. Code has extensive unit tests and integration tests.
Uses sensible and sane defaults.
- RSA keys of size less than 2048 are not supported.
- ECC Keys of size less than 256 are not supported.
- Signing algorithms with insecure hashes (SHA1, MD5 etc) are not supported.
| Key Algorithm | Hash Algorithm | Supported Interfaces |
|---|---|---|
EC_SIGN_P256_SHA256(recommended) |
sha256 | crypto.Signer, crypto.SignerOpts |
EC_SIGN_P384_SHA384 |
sha384 | crypto.Signer, crypto.SignerOpts |
RSA_SIGN_PKCS1_2048_SHA256 |
sha256 | crypto.Signer, crypto.SignerOpts |
RSA_SIGN_PKCS1_3072_SHA256 |
sha256 | crypto.Signer, crypto.SignerOpts |
RSA_SIGN_PKCS1_4096_SHA256 |
sha256 | crypto.Signer, crypto.SignerOpts |
RSA_SIGN_PKCS1_4096_SHA512 |
sha512 | crypto.Signer, crypto.SignerOpts |
Important
RSA_SIGN_PSS_*, RSA_SIGN_RAW_* and external KMS keys are not supported.
| Key Algorithm | Key Usage | Hash Algorithm | Supported Interfaces |
|---|---|---|---|
RSA_2048 |
SIGN_VERIFY |
sha256, sha384, sha512 | crypto.Signer, crypto.SignerOpts |
RSA_3072 |
SIGN_VERIFY |
sha256, sha384, sha512 | crypto.Signer, crypto.SignerOpts |
RSA_4096 |
SIGN_VERIFY |
sha256, sha384, sha512 | crypto.Signer, crypto.SignerOpts |
ECC_NIST_P256(recommended) |
SIGN_VERIFY |
sha256 | crypto.Signer, crypto.SignerOpts |
ECC_NIST_384 |
SIGN_VERIFY |
sha384 | crypto.Signer, crypto.SignerOpts |
ECC_NIST_P521 |
SIGN_VERIFY |
sha512 | crypto.Signer, crypto.SignerOpts |
| Key Algorithm | Key Usage | Encryption Algorithms | Supported Interfaces |
|---|---|---|---|
RSA_2048 |
ENCRYPT_DECRYPT |
RSAES_OAEP_SHA_1,RSAES_OAEP_SHA_256 |
crypto.Decrypter |
RSA_3072 |
ENCRYPT_DECRYPT |
RSAES_OAEP_SHA_1,RSAES_OAEP_SHA_256 |
crypto.Decrypter |
RSA_4096 |
ENCRYPT_DECRYPT |
RSAES_OAEP_SHA_1,RSAES_OAEP_SHA_256 |
crypto.Decrypter |
Important
Use in-memory non swap-able file system (like ramfs) or from kubernetes secret store CSI. For systems using systemd, systemd-credentials can be used as keys can be encrypted, bound to TPM and are only present in memory. In other cases this may be insecure.
Keys on disk must be not encrypted with a passphrase. Private key in PKCS #8, ASN.1 DER form(PRIVATE KEY), RSA private key in PKCS #1, ASN.1 DER form(RSA PRIVATE KEY) and EC private key in SEC 1, ASN.1 DER form (EC PRIVATE KEY) are supported.
| Key Algorithm | Supported Hashes | Interfaces |
|---|---|---|
RSA_2048 |
SHA1, SHA256, SHA512 | crypto.Decrypter, crypto.Signer |
RSA_3072 |
SHA1, SHA256, SHA512 | crypto.Decrypter, crypto.Signer |
RSA_4096 |
SHA1, SHA256, SHA512 | crypto.Decrypter, crypto.Signer |
ECC-P256 |
SHA256 | crypto.Signer |
ECC-P384 |
SHA384 | crypto.Signer |
ECC-P521 |
SHA512 | crypto.Signer |
ED-25519 |
SHA512 (ed25519ph only) | crypto.Signer |
If keys are stored in memory or environment variables, use memkms. It is identical to
filekms except keys are in-process and are provided directly. Key must be PEM encoded.