1// Copyright 2017 Google Inc. All Rights Reserved. 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17option go_package = "github.com/google/trillian/crypto/keyspb"; 18 19package keyspb; 20 21// Specification for a private key. 22message Specification { 23 /// ECDSA defines parameters for an ECDSA key. 24 message ECDSA { 25 // The supported elliptic curves. 26 enum Curve { 27 DEFAULT_CURVE = 0; // Curve will be chosen by Trillian. 28 P256 = 1; 29 P384 = 2; 30 P521 = 3; 31 } 32 33 // The elliptic curve to use. 34 // Optional. If not set, the default curve will be used. 35 Curve curve = 1; 36 } 37 38 // RSA defines parameters for an RSA key. 39 message RSA { 40 // Size of the keys in bits. Must be sufficiently large to allow two primes 41 // to be generated. 42 // Optional. If not set, the key size will be chosen by Trillian. 43 int32 bits = 1; 44 } 45 46 // Ed25519 defines (empty) parameters for an Ed25519 private key. 47 message Ed25519 { 48 } 49 50 // The type of parameters provided determines the algorithm used for the key. 51 oneof params { 52 // The parameters for an ECDSA key. 53 ECDSA ecdsa_params = 1; 54 55 // The parameters for an RSA key. 56 RSA rsa_params = 2; 57 58 // The parameters for an Ed25519 key. 59 Ed25519 ed25519_params = 3; 60 } 61} 62 63// PEMKeyFile identifies a private key stored in a PEM-encoded file. 64message PEMKeyFile { 65 // File path of the private key. 66 string path = 1; 67 68 // Password for decrypting the private key. 69 // If empty, indicates that the private key is not encrypted. 70 string password = 2; 71} 72 73// PrivateKey is a private key, used for generating signatures. 74message PrivateKey { 75 // The key in DER-encoded form. 76 // The specific format (e.g. PKCS8) is not specified. 77 bytes der = 1; 78} 79 80// PublicKey is a public key, used for verifying signatures. 81message PublicKey { 82 // The key in DER-encoded PKIX form. 83 bytes der = 1; 84} 85 86// PKCS11Config identifies a private key accessed using PKCS #11. 87message PKCS11Config { 88 // The label of the PKCS#11 token. 89 string token_label = 1; 90 // The PIN for the specific token. 91 string pin = 2; 92 // The PEM public key assosciated with the private key to be used. 93 string public_key = 3; 94} 95