This makes the full subcommand names smoother; for example "notary key
generate" instead of "notary keys generate".
Add a "notary key list" subcommand to list keys, so "notary key"
lists the possible subcommands, instead of needing to use "notary key
-h".
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This adds four commands:
- notary keys export: export all keys, or keys for a particular GUN
(with -g)
- notary keys export-root: export root key by ID
- notary keys import: import a zip file of keys
- notary keys import-root: import a single root key
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
The logic to retrieve passphrase is generic and may be used by directly by clients.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
This instantiates a temporary server, publishes some targets to it, and
makes sure we can pull back the correct targets from the server.
Also fixes a few problems with the client unit tests, error reporting in
the client, and logging in the server.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
- Add MemoryFileStore, a partial FileStore implementation that doesn't
persist on disk.
- Create a KeyStore interface that allows pluggable key store types. Use
this interface in the cryptoservice implementation.
- Add KeyMemoryStore, which uses MemoryFileStore to provide a KeyStore.
- Add GetKey and DeleteKey functions to cryptoservice.CryptoService.
- Refactor the hardware RSA signing service as a CryptoService.
- Replace custom ed25519 code with cryptoservice.CryptoService.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Add a service name and ephemeral ports to notary server.
Remove certs as TLS is terminated in the ELB.
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
This causes notary-signer to use gotuf's Key interface instead of
defining its own redundant types.
We can go further with this in the future by removing the redundant
ED25519 implementation. This would be refactored into the cryptoservice
package, and notary-signer would be changed to use that package's
cryptoservice for key creation and signing operations.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Move GenRootKey and GetRootCryptoService to KeyStoreManager, now that
they don't depend on client-specific types.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This structure encapsulates what used to be "rootKeyStore" and
"privKeyStore". These are being moved out of NotaryRepository, so that
operations like listing keys, importing keys, and exporting keys aren't
tied to a NotaryRepository structure.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Diogo Monica
Aaron Lehmann
David Lawrence
Nathan McCauley
Derek McGowan
Diogo Mónica
Nathan McCauley
Richard Scothern
Richard Scothern