awskms

package

v0.0.10 Latest Latest Go to latest Published: Mar 29, 2026 License: Apache-2.0 Imports: 16 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/PointerByte/QuicksGo

Links

Open Source Insights

Documentation ¶

Overview ¶

Package awskms provides the same repository-style cryptographic API as the local package, backed by AWS KMS where the service supports the operation.

Symmetric helpers, hashing, HMAC, Fernet, and local AES helpers are executed in-process because AWS KMS does not expose equivalent primitives through this package contract.

Asymmetric RSA encryption and RSA signatures can use AWS KMS key identifiers. When a method requires a KMS key identifier and the key argument is empty, the package reads it from viper using "encrypt.vault.aws-kms.arn".

Index ¶

func NewRepository() *repository
func ParseEd25519PrivateKeyFromBase64(b64 string) (ed25519.PrivateKey, error)
func ParseEd25519PublicKeyFromBase64(b64 string) (ed25519.PublicKey, error)
func ParseRSAPrivateKeyFromBase64(b64 string) (*rsa.PrivateKey, error)
func ParseRSAPublicKeyFromBase64(b64 string) (*rsa.PublicKey, error)
type AsymmetricRepository
- func NewAsymmetricRepository() AsymmetricRepository
type HashRepository
- func NewHashRepository() HashRepository
type Repository
type SignatureRepository
- func NewSignatureRepository() SignatureRepository
type SymmetricRepository
- func NewSymmetricRepository() SymmetricRepository

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewRepository ¶

func NewRepository() *repository

func ParseEd25519PrivateKeyFromBase64 ¶

func ParseEd25519PrivateKeyFromBase64(b64 string) (ed25519.PrivateKey, error)

ParseEd25519PrivateKeyFromBase64 decodes a Base64-encoded Ed25519 private key.

func ParseEd25519PublicKeyFromBase64 ¶

func ParseEd25519PublicKeyFromBase64(b64 string) (ed25519.PublicKey, error)

ParseEd25519PublicKeyFromBase64 decodes a Base64-encoded Ed25519 public key.

func ParseRSAPrivateKeyFromBase64 ¶

func ParseRSAPrivateKeyFromBase64(b64 string) (*rsa.PrivateKey, error)

ParseRSAPrivateKeyFromBase64 decodes a Base64-encoded RSA private key.

func ParseRSAPublicKeyFromBase64 ¶

func ParseRSAPublicKeyFromBase64(b64 string) (*rsa.PublicKey, error)

ParseRSAPublicKeyFromBase64 decodes a Base64-encoded RSA public key.

Types ¶

type AsymmetricRepository ¶

type AsymmetricRepository interface {
	// GeneratesRSAKey creates an RSA key pair using AWS KMS when possible.
	// AWS KMS never exports the private key, so the private-key return value is
	// always empty and the generated key ARN is stored in viper under
	// "encrypt.aws-kms.arn".
	GeneratesRSAKey(size common.SizeAsymetrycKey) (priv string, pub string, _ error)
	// RSA_OAEP_Encode encrypts plaintext with a KMS key id/ARN or a Base64 RSA
	// public key.
	RSA_OAEP_Encode(key, text string) (string, error)
	// RSA_OAEP_Decode decrypts Base64 ciphertext with a KMS key id/ARN.
	RSA_OAEP_Decode(key, cipherText string) (string, error)
}

func NewAsymmetricRepository ¶

func NewAsymmetricRepository() AsymmetricRepository

type HashRepository ¶

type HashRepository interface {
	GenerateHMAC(message, secretKey string) string
	ValidateHMAC(message, secretKey, providedHash string) bool
	Sha256Hex(message string) string
	Blake3(message string) string
}

func NewHashRepository ¶

func NewHashRepository() HashRepository

type Repository ¶

type Repository interface {
	SymmetricRepository
	AsymmetricRepository
	SignatureRepository
	HashRepository
}

type SignatureRepository ¶

type SignatureRepository interface {
	// GeneratesEd255Key returns empty values because AWS KMS does not expose
	// Ed25519 key generation in this package contract.
	GeneratesEd255Key(size common.SizeAsymetrycKey) (priv string, pub string, _ error)
	SignEd25519(key, text string) (string, error)
	VerifyEd25519(key, text, signature string) error
	SignRSAPSS(key, text string) (string, error)
	VerifyRSAPSS(key, text, signature string) error
	// SignSHA256 signs data with RSA PKCS#1 v1.5. When privateKey is nil, the
	// repository uses the configured AWS KMS ARN from viper.
	SignSHA256(data string, privateKey *rsa.PrivateKey) (string, error)
	// VerifySHA256 verifies an RSA PKCS#1 v1.5 SHA-256 signature. When publicKey
	// is nil, the repository uses the configured AWS KMS ARN from viper.
	VerifySHA256(data, signature string, publicKey *rsa.PublicKey) error
}

func NewSignatureRepository ¶

func NewSignatureRepository() SignatureRepository

type SymmetricRepository ¶

type SymmetricRepository interface {
	GeneratesSymetrycKey(size common.SizeSymetrycKey) (string, error)
	EncryptAES(symmetricalAccess, value, additionalData string) (string, error)
	DecryptAES(symmetricalAccess, cipherValue, additionalData string) (string, error)
	EncodeFernet(keyString, value string) (string, error)
	DecodeFernet(keyString, cipherValue string) (string, error)
}

func NewSymmetricRepository ¶

func NewSymmetricRepository() SymmetricRepository

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL