Expand description
Provides a container that for each supported key type holds a corresponding KeyManager object,
which can generate new keys or instantiate the primitive corresponding to given key.
Registry is initialized at startup, and is later used to instantiate primitives for given keys
or keysets. Keeping KeyManagers for all primitives in a single Registry (rather than having
a separate KeyManager per primitive) enables modular construction of compound primitives
from “simple” ones, e.g., AES-CTR-HMAC AEAD encryption uses IND-CPA encryption and a MAC.
Note that regular users will usually not work directly with Registry, but rather via primitive
factories, which in the background query the Registry for specific KeyManagers. Registry is
public though, to enable configurations with custom primitives and KeyManagers.
Traits§
- KeyManager
KeyManager“understands” keys of a specific key types: it can generate keys of a supported type and create primitives for supported keys.- KmsClient
KmsClientknows how to produce primitives backed by keys stored in remote KMS services.
Functions§
- clear_
kms_ clients - Remove all registered KMS clients.
- get_
key_ manager - Return the key manager for the given
type_urlif it exists. - get_
kms_ client - Fetches a
KmsClientby a given URI. - get_
template_ generator - Find a key template generator function by name.
- new_key
- Generate a new key for the given key template as a serialized protobuf message.
- new_
key_ data - Generate a new
KeyDatafor the given key template. - primitive
- Create a new primitive for the given serialized key using the
KeyManageridentified by the giventype_url. - primitive_
from_ key_ data - Create a new primitive for the key given in the given
KeyData. - register_
key_ manager - Register the given key manager. Does not allow overwrite of existing key managers.
- register_
kms_ client - Register a new KMS client
- register_
template_ generator - Register a key template generator function by name.
- template_
names - Return all available key template generator names.