Crypto is a collection of packages used in smallstep products. See:
- step: A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.
- step-ca: A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
To add this to a project, just run:
go get go.step.sm/crypto
Package x509util
implements utilities to build X.509 certificates based on JSON
templates.
Package sshutil
implements utilities to build SSH certificates based on JSON
templates.
Package keyutil
implements utilities to generate cryptographic keys.
Package pemutil
implements utilities to parse keys and certificates. It also
includes a method to serialize keys, X.509 certificates and certificate requests
to PEM.
Package randutil
provides methods to generate random strings and salts.
Package tlsutil
provides utilities to configure tls client and servers.
Package jose
is a wrapper for github.com/go-jose/go-jose/v3
and implements
utilities to parse and generate JWT, JWK and JWKSets.
Package x25519
adds support for X25519 keys and the
XEdDSA signature scheme.
Package minica
implements a simple certificate authority.
Package kms
implements interfaces to perform cryptographic operations like
signing certificates using cloud-based key management systems, PKCS #11 modules,
or just a YubiKey or an ssh-agent. On the cloud it supports:
Package fingerprint
provides methods for creating and encoding X.509
certificate, SSH certificate and SSH key fingerprints.
Package tpm
provides an abstraction over and utilities for interacting
with TPMs. It can be used to retrieve TPM information, retrieve its Endorsement
Keys (EK) and associated certificates, create and operate on Attestation Keys (AK),
and create and operate on (attested) application keys. The storage
subpackage
provides an interface and concrete implementations offering a transparent
persistence mechanism for Attestation and application keys.