awskms

package

v0.0.14 Latest Latest Go to latest Published: Mar 29, 2026 License: Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/PointerByte/QuicksGo

Links

Open Source Insights

Documentation ¶

Overview ¶

Package awskms provides the same repository-style cryptographic API as the local package, backed by AWS KMS where the service supports the operation.

AES encryption, HMAC, RSA operations, and Ed25519 signatures can use AWS KMS when the caller provides a KMS key identifier or ARN. Hashing helpers remain local because they do not require provider-managed key material.

Asymmetric RSA encryption and RSA signatures can use AWS KMS key identifiers. When a method requires a KMS key identifier and the key argument is empty, the package reads it from viper using "encrypt.vault.aws-kms.arn".

Index ¶

func NewRepository() *repository
func ParseEd25519PrivateKeyFromBase64(b64 string) (ed25519.PrivateKey, error)
func ParseEd25519PublicKeyFromBase64(b64 string) (ed25519.PublicKey, error)
func ParseRSAPrivateKeyFromBase64(b64 string) (*rsa.PrivateKey, error)
func ParseRSAPublicKeyFromBase64(b64 string) (*rsa.PublicKey, error)
type AsymmetricRepository
- func NewAsymmetricRepository() AsymmetricRepository
type HashRepository
- func NewHashRepository() HashRepository
type Repository
type SignatureRepository
- func NewSignatureRepository() SignatureRepository
type SymmetricRepository
- func NewSymmetricRepository() SymmetricRepository

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewRepository ¶

func NewRepository() *repository

func ParseEd25519PrivateKeyFromBase64 ¶

func ParseEd25519PrivateKeyFromBase64(b64 string) (ed25519.PrivateKey, error)

ParseEd25519PrivateKeyFromBase64 decodes a Base64-encoded Ed25519 private key.

func ParseEd25519PublicKeyFromBase64 ¶

func ParseEd25519PublicKeyFromBase64(b64 string) (ed25519.PublicKey, error)

ParseEd25519PublicKeyFromBase64 decodes a Base64-encoded Ed25519 public key.

func ParseRSAPrivateKeyFromBase64 ¶

func ParseRSAPrivateKeyFromBase64(b64 string) (*rsa.PrivateKey, error)

ParseRSAPrivateKeyFromBase64 decodes a Base64-encoded RSA private key.

func ParseRSAPublicKeyFromBase64 ¶

func ParseRSAPublicKeyFromBase64(b64 string) (*rsa.PublicKey, error)

ParseRSAPublicKeyFromBase64 decodes a Base64-encoded RSA public key.

Types ¶

type AsymmetricRepository ¶

type AsymmetricRepository interface {
	// GeneratesRSAKey creates an RSA key pair using AWS KMS when possible.
	// AWS KMS never exports the private key, so the private-key return value is
	// always empty and the generated key ARN is stored in viper under
	// "encrypt.aws-kms.arn".
	GeneratesRSAKey(ctx context.Context, size common.SizeAsymetrycKey) (*models.AsymmetricKeyData, error)
	// RSA_OAEP_Encode encrypts plaintext with a KMS key id/ARN or a Base64 RSA
	// public key.
	RSA_OAEP_Encode(ctx context.Context, publicKey, text string) (string, error)
	// RSA_OAEP_Decode decrypts Base64 ciphertext with a KMS key id/ARN.
	RSA_OAEP_Decode(ctx context.Context, privateKey, cipherText string) (string, error)
}

func NewAsymmetricRepository ¶

func NewAsymmetricRepository() AsymmetricRepository

type HashRepository ¶

type HashRepository interface {
	GenerateHMAC(ctx context.Context, message, secretKey string) string
	ValidateHMAC(ctx context.Context, message, secretKey, providedHash string) bool
	Sha256Hex(ctx context.Context, message string) string
	Blake3(ctx context.Context, message string) string
}

func NewHashRepository ¶

func NewHashRepository() HashRepository

type Repository ¶

type Repository interface {
	SymmetricRepository
	AsymmetricRepository
	SignatureRepository
	HashRepository
}

type SignatureRepository ¶

type SignatureRepository interface {
	// GeneratesEd255Key creates an Ed25519 signing key in AWS KMS when possible.
	GeneratesEd255Key(ctx context.Context, size common.SizeAsymetrycKey) (*models.AsymmetricKeyData, error)
	SignEd25519(ctx context.Context, privateKey, text string) (string, error)
	VerifyEd25519(ctx context.Context, publicKey, text, signature string) error
	SignRSAPSS(ctx context.Context, privateKey, text string) (string, error)
	VerifyRSAPSS(ctx context.Context, publicKey, text, signature string) error
	// SignSHA256 signs data with RSA PKCS#1 v1.5. When privateKey is nil, the
	// repository uses the configured AWS KMS ARN from viper.
	SignSHA256(ctx context.Context, data string, privateKey *rsa.PrivateKey) (string, error)
	// VerifySHA256 verifies an RSA PKCS#1 v1.5 SHA-256 signature. When publicKey
	// is nil, the repository uses the configured AWS KMS ARN from viper.
	VerifySHA256(ctx context.Context, data, signature string, publicKey *rsa.PublicKey) error
}

func NewSignatureRepository ¶

func NewSignatureRepository() SignatureRepository

type SymmetricRepository ¶

type SymmetricRepository interface {
	GeneratesSymetrycKey(ctx context.Context, size common.SizeSymetrycKey) (*models.SymmetricKeyData, error)
	EncryptAES(ctx context.Context, secretKey, value string, additional *string) (string, error)
	DecryptAES(ctx context.Context, secretKey, cipherValue, additionalData string) (string, error)
}

func NewSymmetricRepository ¶

func NewSymmetricRepository() SymmetricRepository

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL