encryption

package

v0.1.0-rc2 Latest Latest Go to latest Published: Mar 15, 2026 License: MIT Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/alwitt/haven

Links

Open Source Insights

Documentation ¶

Overview ¶

Package encryption - data encryption processing engine

Index ¶

type CryptographyEngine
- func NewCryptographyEngine(ctx context.Context, params CryptographyEngineParams) (CryptographyEngine, error)
type CryptographyEngineParams
type EncryptedData

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CryptographyEngine ¶

type CryptographyEngine interface {

	/*
	   NewEncryptionKey define a new encryption symmetric encryption key

	   	@param ctx context.Context - execution context
	   	@param activeDBClient Database - existing database transaction
	   	@returns the key entry
	*/
	NewEncryptionKey(ctx context.Context, activeDBClient db.Database) (models.EncryptionKey, error)

	/*
		GetEncryptionKey fetch one encryption key

			@param ctx context.Context - execution context
			@param keyID string - the encryption key ID
			@param activeDBClient Database - existing database transaction
			@return key entry
	*/
	GetEncryptionKey(
		ctx context.Context, keyID string, activeDBClient db.Database,
	) (models.EncryptionKey, error)

	/*
		ListEncryptionKeys list encryption keys

			@param ctx context.Context - execution context
			@param filters EncryptionKeyQueryFilter - entry listing filter
			@param activeDBClient Database - existing database transaction
			@return list of keys
	*/
	ListEncryptionKeys(
		ctx context.Context, filters db.EncryptionKeyQueryFilter, activeDBClient db.Database,
	) ([]models.EncryptionKey, error)

	/*
		MarkEncryptionKeyActive mark encryption key is active

			@param ctx context.Context - execution context
			@param keyID string - the encryption key ID
			@param activeDBClient Database - existing database transaction
			@return key entry
	*/
	MarkEncryptionKeyActive(
		ctx context.Context, keyID string, activeDBClient db.Database,
	) (models.EncryptionKey, error)

	/*
		MarkEncryptionKeyInactive mark encryption key is inactive

			@param ctx context.Context - execution context
			@param keyID string - the encryption key ID
			@param activeDBClient Database - existing database transaction
			@return key entry
	*/
	MarkEncryptionKeyInactive(
		ctx context.Context, keyID string, activeDBClient db.Database,
	) (models.EncryptionKey, error)

	/*
		DeleteEncryptionKey delete encryption key

			@param ctx context.Context - execution context
			@param keyID string - the encryption key ID
			@param activeDBClient Database - existing database transaction
	*/
	DeleteEncryptionKey(ctx context.Context, keyID string, activeDBClient db.Database) error

	/*
		EncryptData encrypt plain text

			@param ctx context.Context - execution context
			@param keyID string - the encryption key ID
			@param plainText []byte - the plain text to encrypt
			@param activeDBClient Database - existing database transaction
			@return key entry for the encryption, and the cipher text
	*/
	EncryptData(
		ctx context.Context, keyID string, plainText []byte, activeDBClient db.Database,
	) (models.EncryptionKey, EncryptedData, error)

	/*
		DecryptData decrypt cipher text

			@param ctx context.Context - execution context
			@param keyID string - the encryption key ID
			@param encrypted EncryptedData - the cipher text to decrypt
			@param activeDBClient Database - existing database transaction
			@return key entry for the encryption, and the cipher text
	*/
	DecryptData(
		ctx context.Context, keyID string, encrypted EncryptedData, activeDBClient db.Database,
	) (models.EncryptionKey, []byte, error)
}

CryptographyEngine the system's cryptography engine. It is solely responsible for all cryptographic operations in the system.

Aside from performing the cryptographic computation, it also provides the wrapper interface around the encryption related APIs in the persistence layer. (i.e. the rest of the system must not directly interact with the encryption key APIs of the persistence layer.)

func NewCryptographyEngine ¶

func NewCryptographyEngine(
	ctx context.Context, params CryptographyEngineParams,
) (CryptographyEngine, error)

NewCryptographyEngine define new cryptography engine

@param ctx context.Context - execution context
@param params CryptographyEngineParams - engine parameters
@returns engine instance

type CryptographyEngineParams ¶

type CryptographyEngineParams struct {
	// Persistence persistence layer client
	Persistence db.Client `validate:"-"`
	// PrimaryRSACertFile file path to the primary RSA certificate PEM
	PrimaryRSACertFile string `validate:"required,file"`
	// PrimaryRSAKeyFile file path to the primary RSA certificate private key PEM
	PrimaryRSAKeyFile string `validate:"required,file"`
}

CryptographyEngineParams cryptography engine init parameters

The primary RSA key pair is used to encrypt and decrypt symmetric encryption keys

type EncryptedData ¶

type EncryptedData struct {
	// CipherText the cipher text
	CipherText []byte
	// Nonce the nonce
	Nonce []byte
}

EncryptedData helper function to group encryption data together

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL