secrets

Documentation

Index

• Constants
• func DecryptEnvelope(envelope *Envelope) ([]byte, error)
• type AwsKeyService
  • func NewAwsKeyService(region string, masterKeyID string) *AwsKeyService
  • func (s *AwsKeyService) DecryptKey(key *EncryptionKey) error
  • func (s *AwsKeyService) GenerateKey(kid string) (*EncryptionKey, error)
• type DevKeyService
  • func NewDevKeyService() *DevKeyService
  • func (s *DevKeyService) DecryptKey(key *EncryptionKey) error
  • func (s *DevKeyService) GenerateKey(kid string) (*EncryptionKey, error)
• type EncryptionKey
  • func (key *EncryptionKey) Decrypt(message []byte) ([]byte, error)
  • func (key *EncryptionKey) Encrypt(plaintext []byte) ([]byte, error)
• type Envelope
  • func EncryptEnvelope(env, region, masterKeyID string, message []byte) (*Envelope, error)
• type KeyService

Constants

const (
	// A256GCM identifies the encryption algorithm
	A256GCM = "A256GCM"

	// B5JWKJSON identifies content type
	B5JWKJSON = "b5+jwk+json"
)

Functions

func DecryptEnvelope

func DecryptEnvelope(envelope *Envelope) ([]byte, error)

DecryptEnvelope will access the key service and decrypt the envelope.

Types

type AwsKeyService

type AwsKeyService struct {
	// contains filtered or unexported fields
}

AwsKeyService represents connection to Amazon Web Services KMS

func NewAwsKeyService

func NewAwsKeyService(region string, masterKeyID string) *AwsKeyService

NewAwsKeyService creates a new AwsKeyService in given AWS region and with the given masterKey identifier.

func (*AwsKeyService) DecryptKey

func (s *AwsKeyService) DecryptKey(key *EncryptionKey) error

DecryptKey decrypts an existing ServerKey.

func (*AwsKeyService) GenerateKey

func (s *AwsKeyService) GenerateKey(kid string) (*EncryptionKey, error)

GenerateKey generates a brand new ServerKey.

type DevKeyService

type DevKeyService struct {
	// contains filtered or unexported fields
}

DevKeyService contains DevKeyService information

func NewDevKeyService

func NewDevKeyService() *DevKeyService

NewDevKeyService returns an empty DevKeyService object

func (*DevKeyService) DecryptKey

func (s *DevKeyService) DecryptKey(key *EncryptionKey) error

DecryptKey decrypts the dev key

func (*DevKeyService) GenerateKey

func (s *DevKeyService) GenerateKey(kid string) (*EncryptionKey, error)

GenerateKey generates a new server key

type EncryptionKey

type EncryptionKey struct {
	KID    string `json:"kid"`
	Enc    string `json:"enc"`
	EncKey string `json:"encKey"`
	RawKey []byte `json:"-"`
}

EncryptionKey contians server key information

func (*EncryptionKey) Decrypt

func (key *EncryptionKey) Decrypt(message []byte) ([]byte, error)

Decrypt decrypts a given ciphertext byte array using the web crypto key

func (*EncryptionKey) Encrypt

func (key *EncryptionKey) Encrypt(plaintext []byte) ([]byte, error)

Encrypt encrypts a given plaintext byte array

type Envelope

type Envelope struct {
	Env         string `json:"env"`
	Region      string `json:"region,omitempty"`
	MasterKeyID string `json:"master,omitempty"`

	Key EncryptionKey `json:"key"`

	Data string `json:"data"`
}

Envelope defines JSON structure that wraps the encrypted content

func EncryptEnvelope

func EncryptEnvelope(env, region, masterKeyID string, message []byte) (*Envelope, error)

EncryptEnvelope will generate a new key and encrypt the message. It returns the Envelope that contains everything that is needed to decrypt the message (if the access to the KeyService is granted).

type KeyService

type KeyService interface {
	GenerateKey(kid string) (*EncryptionKey, error)
	DecryptKey(key *EncryptionKey) error
}

KeyService defines key methods