/smallstep-crypto

Crypto is a collection of packages used by Smallstep products

Primary LanguageGoApache License 2.0Apache-2.0

crypto

License Go Report Card CI codecov Documentation

Crypto is a collection of packages used in smallstep products. See:

  • step: A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.
  • step-ca: A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.

Usage

To add this to a project just run:

go get go.step.sm/crypto

Packages

x509util

Package x509util implements utilities to build X.509 certificates based on JSON templates.

sshutil

Package sshutil implements utilities to build SSH certificates based on JSON templates.

keyutil

Package keyutil implements utilities to generate cryptographic keys.

pemutil

Package pemutil implements utilities to parse keys and certificates. It also includes a method to serialize keys, X.509 certificates and certificate requests to PEM.

randutil

Package randutil provides methods to generate random strings and salts.

tlsutil

Package tlsutil provides utilities to configure tls client and servers.

jose

Package jose is a wrapper for gopkg.in/square/go-jose.v2 and implements utilities to parse and generate JWT, JWK and JWKSets.

x25519

Package x25519 adds support for X25519 keys and the XEdDSA signature scheme.

minica

Package minica implements a simple certificate authority.

kms

Package kms implements interfaces to perform cryptographic operations like signing certificates using cloud-based key management systems, PKCS #11 modules, or just a YubiKey or an ssh-agent. On the cloud it supports:

fingerprint

Package fingerprint provides methods for creating and encoding X.509 certificate, SSH certificate and SSH key fingerprints.

tpm

Package tpm provides an abstraction over and utilities for interacting with TPMs. It can be used to retrieve TPM information, retrieve its Endorsement Keys (EK) and associated certifiates, create and operate on Attestation Keys (AK), and create and operate on (attested) application keys. The storage subpackage provides an interface and concrete implementations offering a transparent persistence mechanism for Attestation and application keys.