| // Copyright 2017 Google Inc. All Rights Reserved. |
| // |
| // Licensed under the Apache License, Version 2.0 (the "License"); |
| // you may not use this file except in compliance with the License. |
| // You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| |
| syntax = "proto3"; |
| |
| option go_package = "github.com/google/trillian/crypto/keyspb"; |
| |
| package keyspb; |
| |
| // Specification for a private key. |
| message Specification { |
| /// ECDSA defines parameters for an ECDSA key. |
| message ECDSA { |
| // The supported elliptic curves. |
| enum Curve { |
| DEFAULT_CURVE = 0; // Curve will be chosen by Trillian. |
| P256 = 1; |
| P384 = 2; |
| P521 = 3; |
| } |
| |
| // The elliptic curve to use. |
| // Optional. If not set, the default curve will be used. |
| Curve curve = 1; |
| } |
| |
| // RSA defines parameters for an RSA key. |
| message RSA { |
| // Size of the keys in bits. Must be sufficiently large to allow two primes |
| // to be generated. |
| // Optional. If not set, the key size will be chosen by Trillian. |
| int32 bits = 1; |
| } |
| |
| // Ed25519 defines (empty) parameters for an Ed25519 private key. |
| message Ed25519 { |
| } |
| |
| // The type of parameters provided determines the algorithm used for the key. |
| oneof params { |
| // The parameters for an ECDSA key. |
| ECDSA ecdsa_params = 1; |
| |
| // The parameters for an RSA key. |
| RSA rsa_params = 2; |
| |
| // The parameters for an Ed25519 key. |
| Ed25519 ed25519_params = 3; |
| } |
| } |
| |
| // PEMKeyFile identifies a private key stored in a PEM-encoded file. |
| message PEMKeyFile { |
| // File path of the private key. |
| string path = 1; |
| |
| // Password for decrypting the private key. |
| // If empty, indicates that the private key is not encrypted. |
| string password = 2; |
| } |
| |
| // PrivateKey is a private key, used for generating signatures. |
| message PrivateKey { |
| // The key in DER-encoded form. |
| // The specific format (e.g. PKCS8) is not specified. |
| bytes der = 1; |
| } |
| |
| // PublicKey is a public key, used for verifying signatures. |
| message PublicKey { |
| // The key in DER-encoded PKIX form. |
| bytes der = 1; |
| } |
| |
| // PKCS11Config identifies a private key accessed using PKCS #11. |
| message PKCS11Config { |
| // The label of the PKCS#11 token. |
| string token_label = 1; |
| // The PIN for the specific token. |
| string pin = 2; |
| // The PEM public key assosciated with the private key to be used. |
| string public_key = 3; |
| } |