encrypt

package

v0.0.9 Latest Latest Go to latest Published: Mar 28, 2026 License: Apache-2.0 Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/PointerByte/QuicksGo

Links

Open Source Insights

Documentation ¶

Overview ¶

Package encrypt provides high-level cryptographic repositories for the security module.

The package groups helpers for:

symmetric encryption with AES-GCM
Fernet-compatible token encoding and decoding
hashing and HMAC generation
RSA key generation and RSA-OAEP encryption
Ed25519 and RSA-based digital signatures

Applications can depend on the focused repository interfaces when they need only one capability, or use NewRepository to obtain a combined entry point for the main encryption services.

NewRepository selects its backend from viper key "encrypt.vault.mode". Supported values are:

"local" for in-process cryptography
"aws-kms" for AWS KMS-backed repositories
"azure-key-vault" for Azure Key Vault-backed repositories
"gcp-kms" for Google Cloud KMS-backed repositories

When the configuration value is empty or unsupported, NewRepository falls back to the local repository implementation.

Index ¶

func ParseEd25519PrivateKeyFromBase64(b64 string) (ed25519.PrivateKey, error)
func ParseEd25519PublicKeyFromBase64(b64 string) (ed25519.PublicKey, error)
func ParseRSAPrivateKeyFromBase64(b64 string) (*rsa.PrivateKey, error)
func ParseRSAPublicKeyFromBase64(b64 string) (*rsa.PublicKey, error)
type AsymmetricRepository
type HashRepository
type Mode
type Repository
- func NewRepository() Repository
type SignatureRepository
type SymmetricRepository

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ParseEd25519PrivateKeyFromBase64 ¶

func ParseEd25519PrivateKeyFromBase64(b64 string) (ed25519.PrivateKey, error)

ParseEd25519PrivateKeyFromBase64 decodes a Base64-encoded Ed25519 private key.

func ParseEd25519PublicKeyFromBase64 ¶

func ParseEd25519PublicKeyFromBase64(b64 string) (ed25519.PublicKey, error)

ParseEd25519PublicKeyFromBase64 decodes a Base64-encoded Ed25519 public key.

func ParseRSAPrivateKeyFromBase64 ¶

func ParseRSAPrivateKeyFromBase64(b64 string) (*rsa.PrivateKey, error)

ParseRSAPrivateKeyFromBase64 decodes a Base64-encoded RSA private key.

func ParseRSAPublicKeyFromBase64 ¶

func ParseRSAPublicKeyFromBase64(b64 string) (*rsa.PublicKey, error)

ParseRSAPublicKeyFromBase64 decodes a Base64-encoded RSA public key.

Types ¶

type AsymmetricRepository ¶

type AsymmetricRepository interface {
	// GeneratesRSAKey creates an RSA key pair encoded as Base64.
	GeneratesRSAKey(size common.SizeAsymetrycKey) (priv string, pub string, _ error)
	// RSA_OAEP_Encode encrypts plaintext with a Base64-encoded RSA public key.
	RSA_OAEP_Encode(key, text string) (string, error)
	// RSA_OAEP_Decode decrypts Base64 ciphertext with a Base64-encoded RSA
	// private key.
	RSA_OAEP_Decode(key, text string) (string, error)
}

AsymmetricRepository exposes RSA key generation and RSA-OAEP helpers.

type HashRepository ¶

type HashRepository interface {
	// GenerateHMAC returns a Base64-encoded HMAC-SHA256 signature.
	GenerateHMAC(message, secretKey string) string
	// ValidateHMAC checks whether providedHash matches the message HMAC.
	ValidateHMAC(message, secretKey, providedHash string) bool
	// Sha256Hex returns the SHA-256 digest as a hexadecimal string.
	Sha256Hex(message string) string
	// Blake3 returns the BLAKE3 digest encoded as Base64.
	Blake3(message string) string
}

HashRepository exposes hashing and message-authentication helpers.

type Mode ¶

type Mode string

const (
	Local         Mode = "local"
	AwsKMS        Mode = "aws-kms"
	AzureKeyVault Mode = "azure-key-vault"
	GpcKMS        Mode = "gcp-kms"
)

type Repository ¶

type Repository interface {
	SymmetricRepository
	AsymmetricRepository
	SignatureRepository
}

Repository groups the main encryption and signature capabilities exposed by the package.

func NewRepository ¶

func NewRepository() Repository

NewRepository returns a combined repository with the main cryptographic capabilities exposed by this package.

The selected backend is controlled by viper key "encrypt.vault.mode". Supported values are "local", "aws-kms", "azure-key-vault", and "gcp-kms". When the value is empty or does not match a known mode, the function falls back to the local implementation.

type SignatureRepository ¶

type SignatureRepository interface {
	// GeneratesEd255Key creates an Ed25519 key pair encoded as Base64.
	GeneratesEd255Key(size common.SizeAsymetrycKey) (priv string, pub string, _ error)
	// SignEd25519 signs text using a Base64-encoded Ed25519 private key.
	SignEd25519(key, text string) (string, error)
	// VerifyEd25519 validates an Ed25519 Base64 signature.
	VerifyEd25519(key, text, signature string) error

	// SignRSAPSS signs text with RSA-PSS using a Base64-encoded private key.
	SignRSAPSS(key, text string) (string, error)
	// VerifyRSAPSS validates an RSA-PSS Base64 signature.
	VerifyRSAPSS(key, text, signature string) error
	// SignSHA256 signs data with RSA PKCS#1 v1.5 using SHA-256.
	SignSHA256(key string, privateKey *rsa.PrivateKey) (string, error)
	// VerifySHA256 validates an RSA PKCS#1 v1.5 SHA-256 signature.
	VerifySHA256(key, signature string, publicKey *rsa.PublicKey) error
}

SignatureRepository exposes asymmetric signing and verification helpers.

type SymmetricRepository ¶

type SymmetricRepository interface {
	// GeneratesSymetrycKey returns a random Base64-encoded symmetric key.
	GeneratesSymetrycKey(size common.SizeSymetrycKey) (string, error)

	// EncryptAES encrypts plaintext using a Base64-encoded AES key and optional
	// additional authenticated data.
	EncryptAES(symmetricalAccess, valorCampo, additionalData string) (string, error)
	// DecryptAES decrypts Base64 ciphertext produced by EncryptAES.
	DecryptAES(symmetricalAccess, valorCifrado, additionalData string) (string, error)

	// EncodeFernet creates a Fernet-compatible token from plaintext.
	EncodeFernet(keyString, originalString string) (string, error)
	// DecodeFernet validates and decrypts a Fernet-compatible token.
	DecodeFernet(keyString, encryptedString string) (string, error)
}

SymmetricRepository exposes symmetric encryption helpers and token codecs.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
aws-kms Package awskms provides the same repository-style cryptographic API as the local package, backed by AWS KMS where the service supports the operation.	Package awskms provides the same repository-style cryptographic API as the local package, backed by AWS KMS where the service supports the operation.
azure-key-vault Package azurekeyvault provides the same repository-style cryptographic API as the local package, specialized for Azure Key Vault integration points.	Package azurekeyvault provides the same repository-style cryptographic API as the local package, specialized for Azure Key Vault integration points.
common
gcp-kms Package gcpkms provides the same repository-style cryptographic API as the local package, specialized for Google Cloud KMS integration points.	Package gcpkms provides the same repository-style cryptographic API as the local package, specialized for Google Cloud KMS integration points.
local Package local provides in-process cryptographic helpers for symmetric encryption, hashing, RSA encryption, and digital signatures.	Package local provides in-process cryptographic helpers for symmetric encryption, hashing, RSA encryption, and digital signatures.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL