certificates

package

v0.0.0-...-31b55c1 Latest Latest Go to latest Published: Jan 15, 2024 License: Apache-2.0 Imports: 39 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/davidhadas/seal-control

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func AddFile(path string, data []byte, options map[string]string)
func CANotFound(workloadName string) bool
func CreateRotService() (*tls.Certificate, *x509.CertPool, error)
func InitRemoteKubeMgr(contextName string) (*kubernetes.Clientset, error)
func InitRotKubeMgr() error
func LoadRotCa() error
func RenewCA(kubeMgr *KubeMgrStruct, workloadName string, keyRing *KeyRing) error
func RenewSymetricKey(kubeMgr *KubeMgrStruct, workloadName string, keyRing *KeyRing) error
func Rot_service(w http.ResponseWriter, r *http.Request)
func UnsealArgs(symetricKey []byte, sealRef string, argsIn []string, config map[string]string) (cmd string, args []string, err error)
func UnsealConfig(symetricKey []byte, sealRef string, sealConfigStr string) (config map[string]string, err error)
func UnsealDir(srcname string, dstname string, symetricKey []byte, sealRef string, ...) error
func UnsealEnv(symetricKey []byte, sealRef string, sealEnv string, envIn []string, ...) (env []string, err error)
func UnsealFile(src_path string, dest_path string, symetricKey []byte, ...)
func UnsealFiles(src_path string, dest_path string) bool
func UnsealMount(symetricKey []byte, sealRef string, sealMount string, config map[string]string) (mounts []string, err error)
func UpdateCA(workloadName string, keyRing *KeyRing) error
func ValidateHostname(hostname string) error
func ValidateSevriceName(servicename string) error
func ValidateWorkloadName(workload string) error
type InitEgg
- func CreateInit(workloadName string, serviceName string) (*InitEgg, error)
- func NewInitEgg() *InitEgg
- func (egg *InitEgg) AddCa(ca []byte)
- func (egg *InitEgg) Decode(eegg string) error
- func (egg *InitEgg) Encode() (string, error)
- func (egg *InitEgg) GetCaPool() (*x509.CertPool, error)
- func (egg *InitEgg) GetCert() (*tls.Certificate, error)
- func (egg *InitEgg) SetCert(cert []byte)
- func (egg *InitEgg) SetEncPmr(symenticKey []byte, workloadName string, serviceName string) error
- func (egg *InitEgg) SetPrivateKey(privateKey []byte)
- func (egg *InitEgg) SetTorUrl(url string)
type KeyRing
- func CreateNewCA(workloadName string, rotUrl string) (keyRing *KeyRing, errout error)
- func GetCA(workloadName string) (keyRing *KeyRing, errout error)
- func NewKeyRing() *KeyRing
- func (kr *KeyRing) Add(name string, item []byte) error
- func (kr *KeyRing) AddCert(subname string, cert []byte) error
- func (kr *KeyRing) AddCertAt(current int, cert []byte) error
- func (kr *KeyRing) AddPeer(subname string, servers string) error
- func (kr *KeyRing) AddPrivateKey(subname string, privateKey []byte) error
- func (kr *KeyRing) AddPrivateKeyAt(current int, privateKey []byte) error
- func (kr *KeyRing) AddSymetricKey(subname string, symenticKey []byte) error
- func (kr *KeyRing) AddSymetricKeyAt(current int, symenticKey []byte) error
- func (kr *KeyRing) AppendCert(cert []byte) error
- func (kr *KeyRing) AppendPrivateKey(privateKey []byte) error
- func (kr *KeyRing) AppendSymetricKey(symenticKey []byte) error
- func (kr *KeyRing) Consolidate() error
- func (kr *KeyRing) GetSymetricKey() []byte
- func (kr *KeyRing) NumCerts() int
- func (kr *KeyRing) NumPrivateKeys() int
- func (kr *KeyRing) NumSymetricKeys() int
- func (kr *KeyRing) Peers() map[string]string
- func (kr *KeyRing) RotUrl() string
- func (kr *KeyRing) SetPeer(client string, servers string) error
- func (kr *KeyRing) SetRotUrl(rotUrl string) error
type KubeMgrError
- func (kme *KubeMgrError) Error() string
type KubeMgrStruct
- func (kubeMgr *KubeMgrStruct) CreateCa(workloadName string) (*corev1.Secret, error)
- func (kubeMgr *KubeMgrStruct) DeleteCa(workloadName string) error
- func (kubeMgr *KubeMgrStruct) GetCa(workloadName string) (*corev1.Secret, error)
- func (kubeMgr *KubeMgrStruct) ListCas() ([]string, error)
- func (kubeMgr *KubeMgrStruct) SetConfigMap(client *kubernetes.Clientset, configmap *corev1.ConfigMap) error
- func (kubeMgr *KubeMgrStruct) SetDeployment(client *kubernetes.Clientset, deployment *appsv1.Deployment) error
- func (kubeMgr *KubeMgrStruct) SetSecret(client *kubernetes.Clientset, secret *corev1.Secret) error
- func (kubeMgr *KubeMgrStruct) UpdateCA(secret *corev1.Secret) (*corev1.Secret, error)
type MutualTls
- func (mt *MutualTls) AddPeer(name string)
- func (mt *MutualTls) Client() *http.Client
- func (mt *MutualTls) GetTlsConfig() *tls.Config
- func (mt *MutualTls) Server(mux *http.ServeMux, address string) *http.Server
- func (mt *MutualTls) Verify() func(cs tls.ConnectionState) error
type PodData
- func NewPodData(pmr *PodMessageReq, pm *PodMessage) *PodData
- func Rot_client(eegg string, hostnames []string) (*PodData, error)
- func (pd *PodData) GetCaPem() ([]byte, error)
- func (pd *PodData) GetCas() ([][]byte, error)
- func (pd *PodData) GetCert() ([]byte, error)
- func (pd *PodData) GetClients() []string
- func (pd *PodData) GetPrivateKeyPem() string
- func (pd *PodData) GetServers() []string
- func (pd *PodData) GetTlsFromPodMessage() (*tls.Certificate, *x509.CertPool, error)
- func (pd *PodData) GetWKeysFromPodData() (map[int][]byte, int, error)
- func (pd *PodData) GetWorkloadKey() (map[int][]byte, int, error)
type PodMessage
- func CreatePodMessage(pmr *PodMessageReq) (*PodMessage, error)
- func NewPodMessage() *PodMessage
- func (pm *PodMessage) AddClient(client string)
- func (pm *PodMessage) AddServer(server string)
- func (pm *PodMessage) SetCa(ca []byte)
- func (pm *PodMessage) SetCert(cert []byte)
- func (pm *PodMessage) SetWorkloadKey(symetricKey []byte, index int) error
type PodMessageReq
- func NewPodMessageReq(workloadName string, serviceName string) (*PodMessageReq, error)
- func (pmr *PodMessageReq) Decrypt(key []byte) error
- func (pmr *PodMessageReq) Encrypt(key []byte) error
- func (pmr *PodMessageReq) Validate() error
type PodMessageReqSecret
type SealDataMap
- func NewSealData() *SealDataMap
- func Unseal(symetricKey []byte, sealRef string, cypher string) (sealedDataMap *SealDataMap, err error)
- func (sd *SealDataMap) AddSealed(key string, val []byte)
- func (sd *SealDataMap) AddUnsealed(key string, val []byte)
- func (sd SealDataMap) Decrypt(key []byte, reference string, sealedtext []byte) error
- func (sd SealDataMap) DecryptItem(key []byte, reference string, sealed []byte) (unsealed []byte, err error)
- func (sd *SealDataMap) Encrypt(key []byte, reference string) (sealed []byte, err error)
- func (sd *SealDataMap) EncryptItem(key []byte, reference string, unsealed []byte) (sealed []byte, err error)
- func (sd *SealDataMap) EncryptItems(key []byte, reference string) error

Constants ¶

View Source

const (
	Organization    = "research.ibm.com"
	CertName        = "tls.crt"
	PrivateKeyName  = "tls.key"
	SymetricKeyName = "sym.key"
	RotUrlName      = "rot-url"

	RotCaName = "rot-ca"
	PeerName  = "peer"
)

View Source

const (
	SEAL_MOUNTPOINT = "/run/seal/"
	SEAL_REF        = "_SEAL_REF"
	SEAL_CONFIG     = "_SEAL_CONFIG"
	SEAL_ENV        = "_SEAL_ENV"
	SEAL_DIR        = "_SEAL_DIR"
	SEAL_MOUNT      = "_SEAL_MOUNT"
)

View Source

const (
	KmeUnknown      = 0
	KmeUnauthorized = 1
	KmeNoAccess     = 2
)

Variables ¶

This section is empty.

Functions ¶

func AddFile ¶

func AddFile(path string, data []byte, options map[string]string)

func CANotFound ¶

func CANotFound(workloadName string) bool

func CreateRotService ¶

func CreateRotService() (*tls.Certificate, *x509.CertPool, error)

func InitRemoteKubeMgr ¶

func InitRemoteKubeMgr(contextName string) (*kubernetes.Clientset, error)

func InitRotKubeMgr ¶

func InitRotKubeMgr() error

func LoadRotCa ¶

func LoadRotCa() error

func RenewCA ¶

func RenewCA(kubeMgr *KubeMgrStruct, workloadName string, keyRing *KeyRing) error

func RenewSymetricKey ¶

func RenewSymetricKey(kubeMgr *KubeMgrStruct, workloadName string, keyRing *KeyRing) error

func Rot_service ¶

func Rot_service(w http.ResponseWriter, r *http.Request)

func UnsealArgs ¶

func UnsealArgs(symetricKey []byte, sealRef string, argsIn []string, config map[string]string) (cmd string, args []string, err error)

func UnsealConfig ¶

func UnsealConfig(symetricKey []byte, sealRef string, sealConfigStr string) (config map[string]string, err error)

func UnsealDir ¶

func UnsealDir(srcname string, dstname string, symetricKey []byte, sealRef string, sealDir string, config map[string]string) error

func UnsealEnv ¶

func UnsealEnv(symetricKey []byte, sealRef string, sealEnv string, envIn []string, config map[string]string) (env []string, err error)

func UnsealFile ¶

func UnsealFile(src_path string, dest_path string, symetricKey []byte, options map[string]string)

func UnsealFiles ¶

func UnsealFiles(src_path string, dest_path string) bool

func UnsealMount ¶

func UnsealMount(symetricKey []byte, sealRef string, sealMount string, config map[string]string) (mounts []string, err error)

func UpdateCA ¶

func UpdateCA(workloadName string, keyRing *KeyRing) error

func ValidateHostname ¶

func ValidateHostname(hostname string) error

func ValidateSevriceName ¶

func ValidateSevriceName(servicename string) error

func ValidateWorkloadName ¶

func ValidateWorkloadName(workload string) error

Types ¶

type InitEgg ¶

type InitEgg struct {
	RotUrl     string   `json:"rot"`
	EncPmr     []byte   `json:"epmr"`
	PrivateKey string   `json:"prk"`
	Cert       string   `json:"cert"`
	Ca         []string `json:"ca"`
}

func CreateInit ¶

func CreateInit(workloadName string, serviceName string) (*InitEgg, error)

func NewInitEgg ¶

func NewInitEgg() *InitEgg

func (*InitEgg) AddCa ¶

func (egg *InitEgg) AddCa(ca []byte)

func (*InitEgg) Decode ¶

func (egg *InitEgg) Decode(eegg string) error

func (*InitEgg) Encode ¶

func (egg *InitEgg) Encode() (string, error)

func (*InitEgg) GetCaPool ¶

func (egg *InitEgg) GetCaPool() (*x509.CertPool, error)

func (*InitEgg) GetCert ¶

func (egg *InitEgg) GetCert() (*tls.Certificate, error)

func (*InitEgg) SetCert ¶

func (egg *InitEgg) SetCert(cert []byte)

func (*InitEgg) SetEncPmr ¶

func (egg *InitEgg) SetEncPmr(symenticKey []byte, workloadName string, serviceName string) error

func (*InitEgg) SetPrivateKey ¶

func (egg *InitEgg) SetPrivateKey(privateKey []byte)

func (*InitEgg) SetTorUrl ¶

func (egg *InitEgg) SetTorUrl(url string)

type KeyRing ¶

type KeyRing struct {
	// contains filtered or unexported fields
}

func CreateNewCA ¶

func CreateNewCA(workloadName string, rotUrl string) (keyRing *KeyRing, errout error)

func GetCA ¶

func GetCA(workloadName string) (keyRing *KeyRing, errout error)

func NewKeyRing ¶

func NewKeyRing() *KeyRing

func (*KeyRing) Add ¶

func (kr *KeyRing) Add(name string, item []byte) error

when adding a cert block use Add(name, pem.EncodeToMemory(cert))

func (*KeyRing) AddCert ¶

func (kr *KeyRing) AddCert(subname string, cert []byte) error

func (*KeyRing) AddCertAt ¶

func (kr *KeyRing) AddCertAt(current int, cert []byte) error

func (*KeyRing) AddPeer ¶

func (kr *KeyRing) AddPeer(subname string, servers string) error

func (*KeyRing) AddPrivateKey ¶

func (kr *KeyRing) AddPrivateKey(subname string, privateKey []byte) error

func (*KeyRing) AddPrivateKeyAt ¶

func (kr *KeyRing) AddPrivateKeyAt(current int, privateKey []byte) error

func (*KeyRing) AddSymetricKey ¶

func (kr *KeyRing) AddSymetricKey(subname string, symenticKey []byte) error

func (*KeyRing) AddSymetricKeyAt ¶

func (kr *KeyRing) AddSymetricKeyAt(current int, symenticKey []byte) error

func (*KeyRing) AppendCert ¶

func (kr *KeyRing) AppendCert(cert []byte) error

func (*KeyRing) AppendPrivateKey ¶

func (kr *KeyRing) AppendPrivateKey(privateKey []byte) error

func (*KeyRing) AppendSymetricKey ¶

func (kr *KeyRing) AppendSymetricKey(symenticKey []byte) error

func (*KeyRing) Consolidate ¶

func (kr *KeyRing) Consolidate() error

func (*KeyRing) GetSymetricKey ¶

func (kr *KeyRing) GetSymetricKey() []byte

func (*KeyRing) NumCerts ¶

func (kr *KeyRing) NumCerts() int

func (*KeyRing) NumPrivateKeys ¶

func (kr *KeyRing) NumPrivateKeys() int

func (*KeyRing) NumSymetricKeys ¶

func (kr *KeyRing) NumSymetricKeys() int

func (*KeyRing) Peers ¶

func (kr *KeyRing) Peers() map[string]string

func (*KeyRing) RotUrl ¶

func (kr *KeyRing) RotUrl() string

func (*KeyRing) SetPeer ¶

func (kr *KeyRing) SetPeer(client string, servers string) error

func (*KeyRing) SetRotUrl ¶

func (kr *KeyRing) SetRotUrl(rotUrl string) error

type KubeMgrError ¶

type KubeMgrError struct {
	Value       int
	Description string
}

func (*KubeMgrError) Error ¶

func (kme *KubeMgrError) Error() string

type KubeMgrStruct ¶

type KubeMgrStruct struct {
	RotCaKeyRing *KeyRing
	// contains filtered or unexported fields
}

var KubeMgr *KubeMgrStruct

func (*KubeMgrStruct) CreateCa ¶

func (kubeMgr *KubeMgrStruct) CreateCa(workloadName string) (*corev1.Secret, error)

func (*KubeMgrStruct) DeleteCa ¶

func (kubeMgr *KubeMgrStruct) DeleteCa(workloadName string) error

func (*KubeMgrStruct) GetCa ¶

func (kubeMgr *KubeMgrStruct) GetCa(workloadName string) (*corev1.Secret, error)

func (*KubeMgrStruct) ListCas ¶

func (kubeMgr *KubeMgrStruct) ListCas() ([]string, error)

func (*KubeMgrStruct) SetConfigMap ¶

func (kubeMgr *KubeMgrStruct) SetConfigMap(client *kubernetes.Clientset, configmap *corev1.ConfigMap) error

func (*KubeMgrStruct) SetDeployment ¶

func (kubeMgr *KubeMgrStruct) SetDeployment(client *kubernetes.Clientset, deployment *appsv1.Deployment) error

func (*KubeMgrStruct) SetSecret ¶

func (kubeMgr *KubeMgrStruct) SetSecret(client *kubernetes.Clientset, secret *corev1.Secret) error

func (*KubeMgrStruct) UpdateCA ¶

func (kubeMgr *KubeMgrStruct) UpdateCA(secret *corev1.Secret) (*corev1.Secret, error)

type MutualTls ¶

type MutualTls struct {
	IsServer bool
	Cert     *tls.Certificate
	CaPool   *x509.CertPool
	Peers    []string
}

func (*MutualTls) AddPeer ¶

func (mt *MutualTls) AddPeer(name string)

func (*MutualTls) Client ¶

func (mt *MutualTls) Client() *http.Client

func (*MutualTls) GetTlsConfig ¶

func (mt *MutualTls) GetTlsConfig() *tls.Config

func (*MutualTls) Server ¶

func (mt *MutualTls) Server(mux *http.ServeMux, address string) *http.Server

func (*MutualTls) Verify ¶

func (mt *MutualTls) Verify() func(cs tls.ConnectionState) error

type PodData ¶

type PodData struct {
	ServiceName  string         `json:"servicename"`
	WorkloadName string         `json:"workloadname"`
	Clients      []string       `json:"clients"`
	Servers      []string       `json:"servers"`
	CurrentWKey  int            `json:"current"`
	WorkloadKey  map[int]string `json:"key"`
	PrivateKey   string         `json:"prk"`
	Cert         string         `json:"cert"`
	Ca           []string       `json:"ca"`
}

func NewPodData ¶

func NewPodData(pmr *PodMessageReq, pm *PodMessage) *PodData

func Rot_client ¶

func Rot_client(eegg string, hostnames []string) (*PodData, error)

func (*PodData) GetCaPem ¶

func (pd *PodData) GetCaPem() ([]byte, error)

func (*PodData) GetCas ¶

func (pd *PodData) GetCas() ([][]byte, error)

func (*PodData) GetCert ¶

func (pd *PodData) GetCert() ([]byte, error)

func (*PodData) GetClients ¶

func (pd *PodData) GetClients() []string

func (*PodData) GetPrivateKeyPem ¶

func (pd *PodData) GetPrivateKeyPem() string

func (*PodData) GetServers ¶

func (pd *PodData) GetServers() []string

func (*PodData) GetTlsFromPodMessage ¶

func (pd *PodData) GetTlsFromPodMessage() (*tls.Certificate, *x509.CertPool, error)

func CreatePodMessage2(pmr *PodMessageReq) (*PodMessage, error) {
	workload := pmr.secret.WorkloadName
	servicename := pmr.secret.ServiceName
	workloadCaKeyRing, err := GetCA(workload)
	if err != nil {
		return nil, fmt.Errorf("failed to get a CA %s: %v", workload, err)
	}
	//sans := []string{"any", strings.ToLower(pmr.PodName), "myapp-default.myos-e621c7d733ece1fad737ff54a8912822-0000.us-south.containers.appdomain.cloud"}
	sans := []string{"any", strings.ToLower(servicename)}
	sans = append(sans, pmr.Hostnames...)

	privateKeyBlock, certBlock, err := createPodCert(workloadCaKeyRing.prkPem, workloadCaKeyRing.certPem, workload, sans...)
	if err != nil {
		return nil, fmt.Errorf("cannot create pod cert for pod %s: %w", servicename, err)
	}
	podMessage := NewPodMessage(servicename)

	podMessage.SetCa(workloadCaKeyRing.certs[workloadCaKeyRing.latestCert])
	for index, cert := range workloadCaKeyRing.certs {
		if index != workloadCaKeyRing.latestCert {
			podMessage.SetCa(cert)
		}
	}
	podMessage.SetCert(pem.EncodeToMemory(certBlock))
	podMessage.SetPrivateKey(pem.EncodeToMemory(privateKeyBlock))
	err = podMessage.SetWorkloadKey(workloadCaKeyRing.sKeys[workloadCaKeyRing.latestSKey], workloadCaKeyRing.latestSKey)
	if err != nil {
		return nil, fmt.Errorf("cannot set workload key for pod %s: %w", servicename, err)
	}
	for index, cert := range workloadCaKeyRing.sKeys {
		if index != workloadCaKeyRing.latestSKey {
			if err != nil {
				return nil, fmt.Errorf("cannot decode string workload key for pod %s: %w", servicename, err)
			}
			err = podMessage.SetWorkloadKey(cert, index)
			if err != nil {
				return nil, fmt.Errorf("cannot set workload key for pod %s: %w", servicename, err)
			}
		}
	}
	podMessage.AddClient(servicename)
	podMessage.AddServer(servicename)
	for client, servers := range workloadCaKeyRing.peers {
		serverSlice := strings.Split(servers, ",")
		if client == servicename {
			for _, server := range serverSlice {
				podMessage.AddServer(server)
			}
		} else {
			for _, server := range serverSlice {
				if server == servicename {
					podMessage.AddServer(client)
				}
			}
		}
	}

	return podMessage, nil
}

func (*PodData) GetWKeysFromPodData ¶

func (pd *PodData) GetWKeysFromPodData() (map[int][]byte, int, error)

func (*PodData) GetWorkloadKey ¶

func (pd *PodData) GetWorkloadKey() (map[int][]byte, int, error)

type PodMessage ¶

type PodMessage struct {
	//Name        string         `json:"name"`
	Clients     []string       `json:"clients"`
	Servers     []string       `json:"servers"`
	CurrentWKey int            `json:"current"`
	WorkloadKey map[int]string `json:"key"`
	//PrivateKey  string         `json:"prk"`
	Cert string   `json:"cert"`
	Ca   []string `json:"ca"`
}

func CreatePodMessage ¶

func CreatePodMessage(pmr *PodMessageReq) (*PodMessage, error)

func NewPodMessage ¶

func NewPodMessage() *PodMessage

func (*PodMessage) AddClient ¶

func (pm *PodMessage) AddClient(client string)

func (*PodMessage) AddServer ¶

func (pm *PodMessage) AddServer(server string)

func (*PodMessage) SetCa ¶

func (pm *PodMessage) SetCa(ca []byte)

func (*PodMessage) SetCert ¶

func (pm *PodMessage) SetCert(cert []byte)

func (*PodMessage) SetWorkloadKey ¶

func (pm *PodMessage) SetWorkloadKey(symetricKey []byte, index int) error

type PodMessageReq ¶

type PodMessageReq struct {
	Secret    []byte   // Encrypted Secret
	Hostnames []string // more names requested for the certificate
	Csr       []byte   // Certificate request
	// contains filtered or unexported fields
}

func NewPodMessageReq ¶

func NewPodMessageReq(workloadName string, serviceName string) (*PodMessageReq, error)

func (*PodMessageReq) Decrypt ¶

func (pmr *PodMessageReq) Decrypt(key []byte) error

func (*PodMessageReq) Encrypt ¶

func (pmr *PodMessageReq) Encrypt(key []byte) error

func (*PodMessageReq) Validate ¶

func (pmr *PodMessageReq) Validate() error

type PodMessageReqSecret ¶

type PodMessageReqSecret struct {
	ServiceName  string // Lower case, Allocated by KMS, Stored in the encrypted init image
	WorkloadName string // Lower case, Allocated by KMS, stored in the encrypted init image
}

type SealDataMap ¶

type SealDataMap struct {
	UnsealedMap map[string][]byte
	SealedMap   map[string][]byte
}

func NewSealData ¶

func NewSealData() *SealDataMap

func Unseal ¶

func Unseal(symetricKey []byte, sealRef string, cypher string) (sealedDataMap *SealDataMap, err error)

func (*SealDataMap) AddSealed ¶

func (sd *SealDataMap) AddSealed(key string, val []byte)

func (*SealDataMap) AddUnsealed ¶

func (sd *SealDataMap) AddUnsealed(key string, val []byte)

func (SealDataMap) Decrypt ¶

func (sd SealDataMap) Decrypt(key []byte, reference string, sealedtext []byte) error

func (sd SealDataMap) DecryptItems(key []byte, reference string) error {
	for k, sealed := range sd.SealedMap {
		unsealed, err := sd.DecryptItem(key, reference, sealed)
		if err != nil {
			//	sd.AddUnsealed(k, []byte(sealedtext))
			fmt.Printf("Fail to DecryptItem %s - %v", k, err)
			continue
			//return fmt.Errorf("fail to DecryptItem %s: %w", k, err)
		}
		sd.AddUnsealed(k, unsealed)
	}
	return nil
}

func (SealDataMap) DecryptItem ¶

func (sd SealDataMap) DecryptItem(key []byte, reference string, sealed []byte) (unsealed []byte, err error)

DecryptItem() Unseal a single item key - a 16 byte key reference - string identifying teh full context of this value sealedtext - the text to unseal

func (*SealDataMap) Encrypt ¶

func (sd *SealDataMap) Encrypt(key []byte, reference string) (sealed []byte, err error)

func (*SealDataMap) EncryptItem ¶

func (sd *SealDataMap) EncryptItem(key []byte, reference string, unsealed []byte) (sealed []byte, err error)

EncryptItem() Seals a single item key - a 16 byte key reference - string identifying the full context of this value unsealed - the text to seal Note EncryptItem may be destructive to the array behind sealedtext If needed, use sealedtext := append([]T(nil), sealedtext...) to create a new array priot to calling EncryptItem

func (*SealDataMap) EncryptItems ¶

func (sd *SealDataMap) EncryptItems(key []byte, reference string) error

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL