Documentation
¶
Overview ¶
Package crypto is used for encyption of bytes This is TOY encryption and keep the RSA privatekey next to the encrypted AES key. The private key should be stored someone a bit more secure. ;)
Current version: experimental
Index ¶
- Variables
- func AesCfbDecrypt(encryptedBytes []byte, hash string) ([]byte, error)
- func AesCfbEncrypt(bytesToEncrypt []byte, hash string) ([]byte, error)
- func AesDecrypt(encryptedBytes []byte, key []byte) ([]byte, error)
- func AesEncrypt(bytesToEncrypt []byte, key []byte) ([]byte, error)
- func AesGCMDecrypt(ciphertext []byte, key []byte) ([]byte, error)
- func AesGCMEncrypt(plaintext []byte, key []byte) ([]byte, error)
- func DeleteAesSecret(hash string)
- func GenerateAesSecret() []byte
- func GenerateRsaKey()
- func GetAesSecretPath(hash string) string
- func GetHmac256(message string, secret string) string
- func GetRandomInt(min, max int) int
- func LoadOrGenerateRsaKey()
- func RandomSecret(length int) string
- func RsaDecrypt(encryptedBytes []byte) ([]byte, error)
- func RsaEncrypt(bytesToEncrypt []byte) ([]byte, error)
- type AesKey
- type AwsCryptoProvider
- type CreateKeyRequest
- type CreateKeyResponse
- type CryptoProvider
- type DecryptRequest
- type DecryptResponse
- type DisableKeyRequest
- type DisableKeyResponse
- type EnableKeyRequest
- type EnableKeyResponse
- type EncryptRequest
- type EncryptResponse
- type GenerateDataKeyRequest
- type GenerateDataKeyResponse
- type GoKMSCryptoProvider
- type JSONClient
- type KeyByCreated
- type KeyMetadata
- type ListKeysRequest
- type ListKeysResponse
- type OpenPGPCryptoProvider
- type ReEncryptRequest
- type ReEncryptResponse
- type RsaChipher
Constants ¶
This section is empty.
Variables ¶
var CertifcatePath = filepath.Join(os.TempDir(), "blocker", "cert.pem")
Path to the certificate
var KeyPath = filepath.Join(os.TempDir(), "blocker", "key.pem")
Path to the private key
Functions ¶
func AesCfbDecrypt ¶
Encrpyt data using AES with the CFB chipher mode
func AesCfbEncrypt ¶
Encrpyt data using AES with the CFB chipher mode
func AesDecrypt ¶
Encrpyt data using AES with the CFB chipher mode
func AesEncrypt ¶
Encrpyt data using AES with the CFB chipher mode
func AesGCMDecrypt ¶
AesGCMDecrypt Decrypt data using AES with the GCM chipher mode (Gives Confidentiality and Authenticity)
func AesGCMEncrypt ¶
AesGCMEncrypt Encrypt data using AES with the GCM chipher mode (Gives Confidentiality and Authenticity)
func DeleteAesSecret ¶
func DeleteAesSecret(hash string)
DeleteAesSecret - Remove a key if not needed
func GetAesSecretPath ¶
GetAesSecretPath - Will return a key name for a hash
func GetHmac256 ¶
GetHmac256 will generate a HMAC hash encoded to base64
func RandomSecret ¶
Generate a Random secret encoded as a b32 string If the length is <= 0, a default length of 10 bytes will be used, which will generate a secret of length 16.
func RsaDecrypt ¶
Decrypt data using RSA and a private key
func RsaEncrypt ¶
Encrypt data using RSA and a public key
Types ¶
type AesKey ¶
type AesKey struct {
// contains filtered or unexported fields
}
Structure to hold unencrypted AES key
func GetAesSecret ¶
Get the AES secret to be used for encryption
type AwsCryptoProvider ¶
type AwsCryptoProvider struct {
// contains filtered or unexported fields
}
AwsCryptoProvider is an implementation of encryption using AWS KMS
func NewAwsCryptoProvider ¶
func NewAwsCryptoProvider() (AwsCryptoProvider, error)
NewAwsCryptoProvider
type CreateKeyRequest ¶
type CreateKeyRequest struct {
Description string `json:"Description,omitempty"`
}
CreateKeyRequest
type CreateKeyResponse ¶
type CreateKeyResponse struct {
KeyMetadata KeyMetadata `json:"KeyMetadata"`
}
CreateKeyResponse
type CryptoProvider ¶
type CryptoProvider interface {
Encrypt(data []byte) ([]byte, error)
Decrypt(data []byte) ([]byte, error)
}
CryptoProvider provides an interface for crypto provider solutions
type DecryptRequest ¶
type DecryptRequest struct {
CiphertextBlob []byte `json:"CiphertextBlob"`
}
DecryptRequest
type DecryptResponse ¶
type DecryptResponse struct {
Plaintext []byte `json:"Plaintext"`
}
DecryptResponse
type DisableKeyRequest ¶
type DisableKeyRequest struct {
KeyID string `json:"KeyID"`
}
DisableKeyRequest
type DisableKeyResponse ¶
type DisableKeyResponse struct {
KeyMetadata KeyMetadata `json:"KeyMetadata"`
}
DisableKeyResponse
type EnableKeyRequest ¶
type EnableKeyRequest struct {
KeyID string `json:"KeyID"`
}
EnableKeyRequest
type EnableKeyResponse ¶
type EnableKeyResponse struct {
KeyMetadata KeyMetadata `json:"KeyMetadata"`
}
EnableKeyResponse
type EncryptRequest ¶
EncryptRequest
type EncryptResponse ¶
type EncryptResponse struct {
CiphertextBlob []byte `json:"CiphertextBlob"`
}
EncryptResponse
type GenerateDataKeyRequest ¶
type GenerateDataKeyRequest struct {
KeyID string `json:"KeyID"`
}
GenerateDataKeyRequest
type GenerateDataKeyResponse ¶
type GenerateDataKeyResponse struct {
Plaintext []byte `json:"Plaintext"`
CiphertextBlob []byte `json:"CiphertextBlob"`
}
GenerateDataKeyResponse
type GoKMSCryptoProvider ¶
type GoKMSCryptoProvider struct {
// contains filtered or unexported fields
}
GoKMSCryptoProvider is an implementation of encryption using GO KMS
func NewGoKMSCryptoProvider ¶
func NewGoKMSCryptoProvider() (GoKMSCryptoProvider, error)
NewGoKMSCryptoProvider
type JSONClient ¶
type JSONClient struct {
Client *http.Client
Endpoint string
// authKey is the key used for authentication
AuthKey string
}
JSONClient is the underlying client for JSON APIs.
func (*JSONClient) Do ¶
func (c *JSONClient) Do(method, uri string, req, resp interface{}) error
Do sends an HTTP request and returns an HTTP response, following policy (e.g. redirects, cookies, auth) as configured on the client.
type KeyByCreated ¶
type KeyByCreated []KeyMetadata
KeyByCreated - Will sort the Keys by CreationDate
func (KeyByCreated) Len ¶
func (a KeyByCreated) Len() int
func (KeyByCreated) Less ¶
func (a KeyByCreated) Less(i, j int) bool
func (KeyByCreated) Swap ¶
func (a KeyByCreated) Swap(i, j int)
type KeyMetadata ¶
type KeyMetadata struct {
KeyID string `json:"KeyId"`
CreationDate time.Time `json:"CreationDate"`
Description string `json:"Description"`
Enabled bool `json:"Enabled"`
}
KeyMetadata is the associated meta data of any key
type ListKeysResponse ¶
type ListKeysResponse struct {
KeyMetadata []KeyMetadata `json:"KeyMetadata"`
}
ListKeysResponse
type OpenPGPCryptoProvider ¶
type OpenPGPCryptoProvider struct {
// contains filtered or unexported fields
}
AwsCryptoProvider is an implementation of encryption using AWS KMS
func NewOpenPGPCryptoProvider ¶
func NewOpenPGPCryptoProvider() (OpenPGPCryptoProvider, error)
NewAwsCryptoProvider
type ReEncryptRequest ¶
type ReEncryptRequest struct {
CiphertextBlob []byte `json:"CiphertextBlob"`
DestinationKeyID string `json:"DestinationKeyId"`
}
ReEncryptRequest
type ReEncryptResponse ¶
type ReEncryptResponse struct {
CiphertextBlob []byte `json:"CiphertextBlob"`
KeyID string `json:"KeyID"`
SourceKeyID string `json:"SourceKeyID"`
}
ReEncryptResponse
type RsaChipher ¶
type RsaChipher struct {
PrivateKey *rsa.PrivateKey
PrivateKeyPath string
PublicKey *rsa.PublicKey
PublicKeyPath string
}
Structure for encryption chipher
var RsaEncryptionChipher RsaChipher
The key to be used to encrypt and decrypt when using RSA encryption
Source Files