kms

package

v1.1.1 Latest Latest Go to latest Published: Oct 15, 2020 License: Apache-2.0 Imports: 8 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/aldelo/common

Links

Open Source Insights

Documentation ¶

Index ¶

type KMS

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type KMS ¶

type KMS struct {
	// define the AWS region that KMS is located at
	AwsRegion awsregion.AWSRegion

	// custom http2 client options
	HttpOptions *awshttp2.HttpClientSettings

	// define kms key name
	AesKmsKeyName       string
	RsaKmsKeyName       string
	SignatureKmsKeyName string
	// contains filtered or unexported fields
}

KMS struct encapsulates the AWS KMS access functionality

func (*KMS) Connect ¶

func (k *KMS) Connect() error

Connect will establish a connection to the KMS service

func (*KMS) DecryptViaCmkAes256 ¶

func (k *KMS) DecryptViaCmkAes256(cipherText string) (plainText string, err error)

DecryptViaCmkAes256 will use kms cmk to decrypt cipherText using symmetric aes 256 kms cmk key, and return plainText string, the cipherText can only be decrypted with the symmetric aes 256 kms cmk key

func (*KMS) DecryptViaCmkRsa2048 ¶

func (k *KMS) DecryptViaCmkRsa2048(cipherText string) (plainText string, err error)

DecryptViaCmkRsa2048 will use kms cmk to decrypt cipherText using asymmetric rsa 2048 kms cmk private key, and return plainText string, the cipherText can only be decrypted with the asymmetric rsa 2048 kms cmk private key

func (*KMS) DecryptWithDataKeyAes256 ¶

func (k *KMS) DecryptWithDataKeyAes256(cipherText string, cipherKey string) (plainText string, err error)

DecryptWithDataKeyAes256 will decrypt cipherText using cipherKey that was generated via GenerateDataKeyAes256()

cipherKey = encrypted data key in hex (must use KMS CMK to decrypt such key)

func (*KMS) Disconnect ¶

func (k *KMS) Disconnect()

Disconnect will disjoin from aws session by clearing it

func (*KMS) EncryptViaCmkAes256 ¶

func (k *KMS) EncryptViaCmkAes256(plainText string) (cipherText string, err error)

EncryptViaCmkAes256 will use kms cmk to encrypt plainText using aes 256 symmetric kms cmk key, and return cipherText string, the cipherText can only be decrypted with aes 256 symmetric kms cmk key

func (*KMS) EncryptViaCmkRsa2048 ¶

func (k *KMS) EncryptViaCmkRsa2048(plainText string) (cipherText string, err error)

EncryptViaCmkRsa2048 will use kms cmk to encrypt plainText with asymmetric rsa 2048 kms cmk public key, and return cipherText string, the cipherText can only be decrypted with the paired asymmetric rsa 2048 kms cmk private key

*** To Encrypt using Public Key Outside of KMS ***

Copy Public Key from AWS KMS for the given RSA CMK
Using External RSA Public Key Crypto Encrypt Function with the given Public Key to Encrypt

func (*KMS) EncryptWithDataKeyAes256 ¶

func (k *KMS) EncryptWithDataKeyAes256(plainText string, cipherKey string) (cipherText string, err error)

EncryptWithDataKeyAes256 will encrypt plainText using cipherKey that was generated via GenerateDataKeyAes256()

cipherKey = encrypted data key in hex (must use KMS CMK to decrypt such key)

func (*KMS) GenerateDataKeyAes256 ¶

func (k *KMS) GenerateDataKeyAes256() (cipherKey string, err error)

GenerateDataKeyAes256 will return an encrypted data key generated by kms cmk, this data key is encrypted, and able to decrypt only via kms cmk (therefore it is safe to store in memory or at rest)

cipherKey = encrypted data key in hex (must use KMS CMK to decrypt such key)

func (*KMS) ReEncryptViaCmkAes256 ¶

func (k *KMS) ReEncryptViaCmkAes256(sourceCipherText string, targetKmsKeyName string) (targetCipherText string, err error)

ReEncryptViaCmkAes256 will re-encrypt sourceCipherText using the new targetKmsKeyName via kms, (must be targeting aes 256 key) the re-encrypted cipherText is then returned

func (*KMS) ReEncryptViaCmkRsa2048 ¶

func (k *KMS) ReEncryptViaCmkRsa2048(sourceCipherText string, targetKmsKeyName string) (targetCipherText string, err error)

ReEncryptViaCmkRsa2048 will re-encrypt sourceCipherText using the new targetKmsKeyName via kms, (must be targeting rsa 2048 key) the re-encrypted cipherText is then returned

func (*KMS) SignViaCmkRsa2048 ¶

func (k *KMS) SignViaCmkRsa2048(dataToSign string) (signature string, err error)

SignViaCmkRsa2048 will sign dataToSign using KMS CMK RSA Sign/Verify Key (Private Key on KMS will be used to securely sign)

func (*KMS) VerifyViaCmkRsa2048 ¶

func (k *KMS) VerifyViaCmkRsa2048(dataToVerify string, signatureToVerify string) (signatureValid bool, err error)

VerifyViaCmkRsa2048 will verify dataToVerify with signature using KMS CMK RSA Sign/Verify Key (Public Key on KMS will be used securely to verify)

signatureToVerify = prior signed signature in hex to verify against the dataToVerify parameter

*** To Verify using Public Key Outside of KMS ***

Copy Public Key from AWS KMS for the given RSA CMK
Using External RSA Public Key Crypto Verify Function with the given Public Key to Verify

Source Files ¶

View all Source files

kms.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL