Documentation
¶
Overview ¶
Package gcpkms provides the same repository-style cryptographic API as the local package, backed by Google Cloud KMS when a Cloud KMS key reference is supplied.
The package supports provider-backed symmetric encryption, HMAC, RSA-OAEP, RSA signing, and Ed25519 signing through the Google Cloud KMS SDK, while still routing explicit local keys to the local implementation. Provider-side verification paths that are not exposed by Cloud KMS are completed by fetching the public key and verifying locally.
When a provider key identifier is needed, the package reads it from viper using "encrypt.vault.gcp-kms.key-id", with compatibility fallback to "encrypt.gcp-kms.key-id".
Index ¶
- func NewRepository() *repository
- func ParseEd25519PrivateKeyFromBase64(b64 string) (ed25519.PrivateKey, error)
- func ParseEd25519PublicKeyFromBase64(b64 string) (ed25519.PublicKey, error)
- func ParseRSAPrivateKeyFromBase64(b64 string) (*rsa.PrivateKey, error)
- func ParseRSAPublicKeyFromBase64(b64 string) (*rsa.PublicKey, error)
- type AsymmetricRepository
- type HashRepository
- type Repository
- type SignatureRepository
- type SymmetricRepository
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewRepository ¶
func NewRepository() *repository
func ParseEd25519PrivateKeyFromBase64 ¶
func ParseEd25519PrivateKeyFromBase64(b64 string) (ed25519.PrivateKey, error)
ParseEd25519PrivateKeyFromBase64 decodes a Base64-encoded Ed25519 private key.
func ParseEd25519PublicKeyFromBase64 ¶
ParseEd25519PublicKeyFromBase64 decodes a Base64-encoded Ed25519 public key.
func ParseRSAPrivateKeyFromBase64 ¶
func ParseRSAPrivateKeyFromBase64(b64 string) (*rsa.PrivateKey, error)
ParseRSAPrivateKeyFromBase64 decodes a Base64-encoded RSA private key.
Types ¶
type AsymmetricRepository ¶
type AsymmetricRepository interface {
GeneratesRSAKey(ctx context.Context, size common.SizeAsymetrycKey) (*models.AsymmetricKeyData, error)
RSA_OAEP_Encode(ctx context.Context, publicKey, text string) (string, error)
RSA_OAEP_Decode(ctx context.Context, privateKey, cipherText string) (string, error)
}
func NewAsymmetricRepository ¶
func NewAsymmetricRepository() AsymmetricRepository
type HashRepository ¶
type HashRepository interface {
GenerateHMAC(ctx context.Context, message, secretKey string) string
ValidateHMAC(ctx context.Context, message, secretKey, providedHash string) bool
Sha256Hex(ctx context.Context, message string) string
Blake3(ctx context.Context, message string) string
}
func NewHashRepository ¶
func NewHashRepository() HashRepository
type Repository ¶
type Repository interface {
SymmetricRepository
AsymmetricRepository
SignatureRepository
HashRepository
}
type SignatureRepository ¶
type SignatureRepository interface {
GeneratesEd255Key(ctx context.Context, size common.SizeAsymetrycKey) (*models.AsymmetricKeyData, error)
SignEd25519(ctx context.Context, privateKey, text string) (string, error)
VerifyEd25519(ctx context.Context, publicKey, text, signature string) error
SignRSAPSS(ctx context.Context, privateKey, text string) (string, error)
VerifyRSAPSS(ctx context.Context, publicKey, text, signature string) error
SignSHA256(ctx context.Context, data string, privateKey *rsa.PrivateKey) (string, error)
VerifySHA256(ctx context.Context, data, signature string, publicKey *rsa.PublicKey) error
}
func NewSignatureRepository ¶
func NewSignatureRepository() SignatureRepository
type SymmetricRepository ¶
type SymmetricRepository interface {
GeneratesSymetrycKey(ctx context.Context, size common.SizeSymetrycKey) (*models.SymmetricKeyData, error)
EncryptAES(ctx context.Context, secretKey, value string, additional *string) (string, error)
DecryptAES(ctx context.Context, secretKey, cipherValue, additionalData string) (string, error)
}
func NewSymmetricRepository ¶
func NewSymmetricRepository() SymmetricRepository
Source Files