Add crypto.Signer support for KMS/HSM keys#654
Open
dineshudayakumar wants to merge 15 commits intocrewjam:mainfrom
Open
Add crypto.Signer support for KMS/HSM keys#654dineshudayakumar wants to merge 15 commits intocrewjam:mainfrom
dineshudayakumar wants to merge 15 commits intocrewjam:mainfrom
Conversation
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.33.0 to 0.45.0. - [Commits](golang/crypto@v0.33.0...v0.45.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-version: 0.45.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
…g/x/crypto-0.45.0 Bump golang.org/x/crypto from 0.33.0 to 0.45.0
Bumps [github.com/golang-jwt/jwt/v5](https://github.com/golang-jwt/jwt) from 5.2.2 to 5.3.0. - [Release notes](https://github.com/golang-jwt/jwt/releases) - [Commits](golang-jwt/jwt@v5.2.2...v5.3.0) --- updated-dependencies: - dependency-name: github.com/golang-jwt/jwt/v5 dependency-version: 5.3.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [github.com/russellhaering/goxmldsig](https://github.com/russellhaering/goxmldsig) from 1.4.0 to 1.5.0. - [Release notes](https://github.com/russellhaering/goxmldsig/releases) - [Commits](russellhaering/goxmldsig@v1.4.0...v1.5.0) --- updated-dependencies: - dependency-name: github.com/russellhaering/goxmldsig dependency-version: 1.5.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
dineshudayakumar
force-pushed
the
crypto-signer-support
branch
from
3b7da22 to
4a22109
Compare
…m/russellhaering/goxmldsig-1.5.0 Bump github.com/russellhaering/goxmldsig from 1.4.0 to 1.5.0
…m/golang-jwt/jwt/v5-5.3.0 Bump github.com/golang-jwt/jwt/v5 from 5.2.2 to 5.3.0
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.45.0 to 0.47.0. - [Commits](golang/crypto@v0.45.0...v0.47.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-version: 0.47.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…g/x/crypto-0.47.0 Bump golang.org/x/crypto from 0.45.0 to 0.47.0
dineshudayakumar
force-pushed
the
crypto-signer-support
branch
6 times, most recently
from
9f655f0 to
9399db6
Compare
Bumps [github.com/golang-jwt/jwt/v5](https://github.com/golang-jwt/jwt) from 5.3.0 to 5.3.1. - [Release notes](https://github.com/golang-jwt/jwt/releases) - [Commits](golang-jwt/jwt@v5.3.0...v5.3.1) --- updated-dependencies: - dependency-name: github.com/golang-jwt/jwt/v5 dependency-version: 5.3.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…m/golang-jwt/jwt/v5-5.3.1 Bump github.com/golang-jwt/jwt/v5 from 5.3.0 to 5.3.1
dineshudayakumar
force-pushed
the
crypto-signer-support
branch
7 times, most recently
from
11641f8 to
d3c04ad
Compare
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.47.0 to 0.48.0. - [Commits](golang/crypto@v0.47.0...v0.48.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-version: 0.48.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…g/x/crypto-0.48.0 Bump golang.org/x/crypto from 0.47.0 to 0.48.0
dineshudayakumar
force-pushed
the
crypto-signer-support
branch
from
11de088 to
e89fe6c
Compare
Using `go-version: stable` resolved to Go 1.26, but go.mod declares go 1.24.0. golangci-lint was picking up a file from the Go 1.26 toolchain's own vendor directory: golang.org/x/crypto/chacha20poly1305/fips140only_go1.26.go This file has a `//go:build go1.26` constraint, which causes a typecheck failure when the module is built with go 1.24. That failure cascades into false-positive errors across the codebase. Switching to `go-version-file: go.mod` pins CI to the Go version declared in go.mod, ensuring toolchain and module version stay in sync.
dineshudayakumar
force-pushed
the
crypto-signer-support
branch
5 times, most recently
from
d1718fa to
efc1bd1
Compare
Check public key type instead of private key type to support crypto.Signer implementations (e.g. GCP KMS, AWS KMS, HSM) that aren't concrete *rsa.PrivateKey or *ecdsa.PrivateKey types. Supports RSA (RS256/RS384/RS512), RSA-PSS (PS256/PS384/PS512), ECDSA (ES256/ES384/ES512), and EdDSA signing methods via crypto.Signer for JWT session and tracked request signing.
dineshudayakumar
force-pushed
the
crypto-signer-support
branch
from
efc1bd1 to
91213ee
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
crypto.Signerimplementations (GCP KMS, AWS KMS, HSM) that aren't concrete*rsa.PrivateKeyor*ecdsa.PrivateKeytypescrypto.Signerinterface for KMS/HSM keysGetSigningContext()to check public key type