transit

package
Version: v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 31, 2021 License: MIT Imports: 23 Imported by: 0

Documentation

Index

Constants

View Source
const (
	ExportTypeEncryptionKey = "encryption-key"
	ExportTypeSigningKey    = "signing-key"
	ExportTypeHMACKey       = "hmac-key"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type BatchRequestItem

type BatchRequestItem struct {
	// Context for key derivation. This is required for derived keys.
	Context string `json:"context" structs:"context" mapstructure:"context"`

	// DecodedContext is the base64 decoded version of Context
	DecodedContext []byte

	// Plaintext for encryption
	Plaintext string `json:"plaintext" structs:"plaintext" mapstructure:"plaintext"`

	// Ciphertext for decryption
	Ciphertext string `json:"ciphertext" structs:"ciphertext" mapstructure:"ciphertext"`

	// Nonce to be used when v1 convergent encryption is used
	Nonce string `json:"nonce" structs:"nonce" mapstructure:"nonce"`

	// The key version to be used for encryption
	KeyVersion int `json:"key_version" structs:"key_version" mapstructure:"key_version"`

	// DecodedNonce is the base64 decoded version of Nonce
	DecodedNonce []byte
}

BatchRequestItem represents a request item for batch processing

type DecryptBatchResponseItem

type DecryptBatchResponseItem struct {
	// Plaintext for the ciphertext present in the corresponding batch
	// request item
	Plaintext string `json:"plaintext" structs:"plaintext" mapstructure:"plaintext"`
}

type EncryptBatchResponseItem

type EncryptBatchResponseItem struct {
	// Ciphertext for the plaintext present in the corresponding batch
	// request item
	Ciphertext string `json:"ciphertext,omitempty" structs:"ciphertext" mapstructure:"ciphertext"`

	// KeyVersion defines the key version used to encrypt plaintext.
	KeyVersion int `json:"key_version,omitempty" structs:"key_version" mapstructure:"key_version"`
}

EncryptBatchResponseItem represents a response item for batch processing

type GenerateRequest added in v0.2.0

type GenerateRequest struct {
	Name       string      `json:"name"`
	Plaintext  string      `json:"plaintext"`
	Context    null.String `json:"context"`
	Nonce      null.String `json:"nonce"`
	Bits       null.Int64  `json:"bits"`
	KeyVersion null.Int64  `json:"key_version"`
}

type GenerateResponse added in v0.2.0

type GenerateResponse struct {
	Ciphertext string `json:"ciphertext"`
	KeyVersion int64  `json:"key_version"`
	Plaintext  string `json:"plaintext"`
}

type KeyConfiguration added in v0.2.0

type KeyConfiguration struct {
	// MinDecryptionVersion if set, the minimum version of the key allowed to be decrypted.
	// For signing keys, the minimum version allowed to be used for verification.
	MinDecryptionVersion null.Int64 `json:"min_decryption_version"`
	// MinEncryptionVersion if set, the minimum version of the key allowed to be used for encryption;
	// or for signing keys, to be used for signing.
	// If set to zero, only the latest version of the key is allowed.
	MinEncryptionVersion null.Int64 `json:"min_encryption_version"`
	// DeletionAllowed whether to allow deletion of the key
	DeletionAllowed null.Bool `json:"deletion_allowed"`
	// Exportable enables export of the key. Once set, this cannot be disabled.
	Exportable null.Bool `json:"exportable"`
	// AllowPlaintextBackup Enables taking a backup of the named key in plaintext format.
	// Once set, this cannot be disabled.
	AllowPlaintextBackup null.Bool `json:"allow_plaintext_backup"`
}

type Transit

type Transit struct {
	// contains filtered or unexported fields
}

func New

func New(u *unseal.Unseal) Transit

func (Transit) Backup added in v0.2.0

func (t Transit) Backup(ctx context.Context, keyName, engineName string) (string, error)

func (Transit) CheckEngine

func (t Transit) CheckEngine(engineName string) (bool, error)

func (Transit) CreateKey

func (t Transit) CreateKey(ctx context.Context, name, keyType, engineName string) error

func (Transit) Decrypt

func (t Transit) Decrypt(ctx context.Context, key, engineName string, req BatchRequestItem) (DecryptBatchResponseItem, error)

func (Transit) DeleteKey

func (t Transit) DeleteKey(ctx context.Context, name, engineName string) error

func (Transit) Encrypt

func (t Transit) Encrypt(ctx context.Context, key, engineName string, req BatchRequestItem) (EncryptBatchResponseItem, error)

func (Transit) Export added in v0.2.0

func (t Transit) Export(ctx context.Context, keyName, engineName, exportType, version string) (map[string]string, error)

func (Transit) GenerateKey added in v0.2.0

func (t Transit) GenerateKey(ctx context.Context, engineName string, req GenerateRequest) (GenerateResponse, error)

func (Transit) GenerateRandomBytes added in v0.2.0

func (t Transit) GenerateRandomBytes(ctx context.Context, urlBytes, format string, bytesCount int) (string, error)

func (Transit) GetKey

func (t Transit) GetKey(ctx context.Context, name, engineName string) (*keysutil.Policy, error)

func (Transit) HMAC

func (t Transit) HMAC(ctx context.Context, keyName, inputB64, algo string, keyVersion int, engineName string) (string, error)

func (Transit) Hash

func (t Transit) Hash(ctx context.Context, inputB64 string, algo structs.HashType, format string) (string, error)

func (Transit) ListKeys

func (t Transit) ListKeys(ctx context.Context, engineName string) ([]string, error)

func (Transit) Restore added in v0.2.0

func (t Transit) Restore(ctx context.Context, keyName, engineName, backup64 string, force bool) error

func (Transit) Rewrap added in v0.2.0

func (t Transit) Rewrap(ctx context.Context, key, engineName string, req BatchRequestItem) (EncryptBatchResponseItem, error)

func (Transit) Rotate added in v0.2.0

func (t Transit) Rotate(ctx context.Context, keyName, engineName string) error

func (*Transit) Sign

func (t *Transit) Sign(ctx context.Context, req *structs.SignParameters, engineName string) (*structs.SignResponse, error)

func (Transit) UpdateKeyConfiguration added in v0.2.0

func (t Transit) UpdateKeyConfiguration(ctx context.Context, name, engineName string, config KeyConfiguration) error

func (*Transit) VerifySign

func (t *Transit) VerifySign(ctx context.Context, req *structs.VerificationRequest, engineName string) (*structs.VerificationResponse, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
t or T : Toggle theme light dark auto
y or Y : Canonical URL