crypt

package

v0.0.0-...-e984f34 Latest Latest Go to latest Published: Nov 23, 2024 License: MIT Imports: 16 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/cryptkeeperhq/cryptkeeper

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func LoadMasterKeyFromFile(filePath string) ([]byte, error)
func SaveMasterKeyToFile(masterKey []byte, filePath string) error
type CryptographicOperations
- func New(config *config.Config, option string) (CryptographicOperations, error)
type HSM
- func NewHSM(config *config.Config) (*HSM, error)
type Tink
- func NewTinkOps(cfg *config.Config) (*Tink, error)

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrUnsupportedOption = errors.New("unsupported option")

Functions ¶

func LoadMasterKeyFromFile ¶

func LoadMasterKeyFromFile(filePath string) ([]byte, error)

Decode the base64-encoded master key from a file

func SaveMasterKeyToFile ¶

func SaveMasterKeyToFile(masterKey []byte, filePath string) error

Encode the master key as base64 and save to a file

Types ¶

type CryptographicOperations ¶

type CryptographicOperations interface {
	GeneratePathKey() (*keyset.Handle, error)
	EncryptPathKey(pathKey *keyset.Handle) ([]byte, error)
	DecryptPathKey(encryptedPathKey []byte) (*keyset.Handle, error)
	EncryptSecretValue(input string, pathKeyHandle *keyset.Handle) ([]byte, []byte, error)
	DecryptSecretValue(encryptedDEK, encryptedValue []byte, pathKeyHandle *keyset.Handle) (string, error)
}

func New ¶

func New(config *config.Config, option string) (CryptographicOperations, error)

type HSM ¶

type HSM struct {
	// contains filtered or unexported fields
}

func NewHSM ¶

func NewHSM(config *config.Config) (*HSM, error)

func (*HSM) DecryptPathKey ¶

func (h *HSM) DecryptPathKey(encryptedPathKey []byte) (*keyset.Handle, error)

func (*HSM) DecryptSecretValue ¶

func (h *HSM) DecryptSecretValue(encryptedDEK, encryptedValue []byte, pathKeyHandle *keyset.Handle) (string, error)

func (*HSM) EncryptPathKey ¶

func (h *HSM) EncryptPathKey(pathKey *keyset.Handle) ([]byte, error)

func (*HSM) EncryptSecretValue ¶

func (h *HSM) EncryptSecretValue(input string, pathKeyHandle *keyset.Handle) ([]byte, []byte, error)

type Tink ¶

type Tink struct {
	MasterAead      tink.AEAD
	MasterKeyHandle *keyset.Handle
	Logger          *slog.Logger
}

func NewTinkOps ¶

func NewTinkOps(cfg *config.Config) (*Tink, error)

func (*Tink) DecryptPathKey ¶

func (t *Tink) DecryptPathKey(encryptedPathKey []byte) (*keyset.Handle, error)

Decrypt the Serialized Path Key This function takes an encrypted path key, decrypts it using the master key, and reconstructs the path key handle.

func (*Tink) DecryptSecretValue ¶

func (t *Tink) DecryptSecretValue(encryptedDEK, encryptedValue []byte, pathKeyHandle *keyset.Handle) (string, error)

Decrypt Secret Value using the Path Key and Encrypted Secret Key This function decrypts the encrypted secret key using the path key, reconstructs the secret key handle, and decrypts the secret value.

func (*Tink) EncryptPathKey ¶

func (t *Tink) EncryptPathKey(pathKey *keyset.Handle) ([]byte, error)

Serialize and Encrypt the Path Key This function serializes the path key handle and encrypts it using the master key (t.MasterAead).

func (*Tink) EncryptSecretValue ¶

func (t *Tink) EncryptSecretValue(input string, pathKeyHandle *keyset.Handle) ([]byte, []byte, error)

Encrypt Secret Value using a Secret Key and Encrypt the Key with Path Key This function generates a new secret key for each secret, encrypts the secret value with it, and then encrypts the secret key using the path key.

func (*Tink) GeneratePathHmacKey ¶

func (t *Tink) GeneratePathHmacKey() (*keyset.Handle, error)

Generate a new Path Key (DEK) This function generates a new AES-256-GCM key handle for encrypting secrets at the path level.

func (*Tink) GeneratePathKey ¶

func (t *Tink) GeneratePathKey() (*keyset.Handle, error)