Documentation ¶
Overview ¶
Package aead provides implementations of the AEAD primitive.
AEAD encryption assures the confidentiality and authenticity of the data. This primitive is CPA secure.
Example ¶
package main import ( "encoding/base64" "fmt" "log" "github.com/google/tink/go/aead" "github.com/google/tink/go/keyset" ) func main() { kh, err := keyset.NewHandle(aead.AES256GCMKeyTemplate()) if err != nil { log.Fatal(err) } // TODO: save the keyset to a safe location. DO NOT hardcode it in source code. // Consider encrypting it with a remote key in Cloud KMS, AWS KMS or HashiCorp Vault. // See https://github.com/google/tink/blob/master/docs/GOLANG-HOWTO.md#storing-and-loading-existing-keysets. a, err := aead.New(kh) if err != nil { log.Fatal(err) } msg := []byte("this message needs to be encrypted") aad := []byte("this data needs to be authenticated, but not encrypted") ct, err := a.Encrypt(msg, aad) if err != nil { log.Fatal(err) } pt, err := a.Decrypt(ct, aad) if err != nil { log.Fatal(err) } fmt.Printf("Ciphertext: %s\n", base64.StdEncoding.EncodeToString(ct)) fmt.Printf("Original plaintext: %s\n", msg) fmt.Printf("Decrypted Plaintext: %s\n", pt) }
Output:
Index ¶
- func AES128CTRHMACSHA256KeyTemplate() *tinkpb.KeyTemplate
- func AES128GCMKeyTemplate() *tinkpb.KeyTemplate
- func AES256CTRHMACSHA256KeyTemplate() *tinkpb.KeyTemplate
- func AES256GCMKeyTemplate() *tinkpb.KeyTemplate
- func AES256GCMNoPrefixKeyTemplate() *tinkpb.KeyTemplate
- func ChaCha20Poly1305KeyTemplate() *tinkpb.KeyTemplate
- func KMSEnvelopeAEADKeyTemplate(uri string, dekT *tinkpb.KeyTemplate) *tinkpb.KeyTemplate
- func New(h *keyset.Handle) (tink.AEAD, error)
- func NewWithKeyManager(h *keyset.Handle, km registry.KeyManager) (tink.AEAD, error)deprecated
- func XChaCha20Poly1305KeyTemplate() *tinkpb.KeyTemplate
- type KMSEnvelopeAEAD
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AES128CTRHMACSHA256KeyTemplate ¶
func AES128CTRHMACSHA256KeyTemplate() *tinkpb.KeyTemplate
AES128CTRHMACSHA256KeyTemplate is a KeyTemplate that generates an AES-CTR-HMAC-AEAD key with the following parameters:
- AES key size: 16 bytes
- AES CTR IV size: 16 bytes
- HMAC key size: 32 bytes
- HMAC tag size: 16 bytes
- HMAC hash function: SHA256
func AES128GCMKeyTemplate ¶
func AES128GCMKeyTemplate() *tinkpb.KeyTemplate
AES128GCMKeyTemplate is a KeyTemplate that generates an AES-GCM key with the following parameters:
- Key size: 16 bytes
- Output prefix type: TINK
func AES256CTRHMACSHA256KeyTemplate ¶
func AES256CTRHMACSHA256KeyTemplate() *tinkpb.KeyTemplate
AES256CTRHMACSHA256KeyTemplate is a KeyTemplate that generates an AES-CTR-HMAC-AEAD key with the following parameters:
- AES key size: 32 bytes
- AES CTR IV size: 16 bytes
- HMAC key size: 32 bytes
- HMAC tag size: 32 bytes
- HMAC hash function: SHA256
func AES256GCMKeyTemplate ¶
func AES256GCMKeyTemplate() *tinkpb.KeyTemplate
AES256GCMKeyTemplate is a KeyTemplate that generates an AES-GCM key with the following parameters:
- Key size: 32 bytes
- Output prefix type: TINK
func AES256GCMNoPrefixKeyTemplate ¶
func AES256GCMNoPrefixKeyTemplate() *tinkpb.KeyTemplate
AES256GCMNoPrefixKeyTemplate is a KeyTemplate that generates an AES-GCM key with the following parameters:
- Key size: 32 bytes
- Output prefix type: RAW
func ChaCha20Poly1305KeyTemplate ¶
func ChaCha20Poly1305KeyTemplate() *tinkpb.KeyTemplate
ChaCha20Poly1305KeyTemplate is a KeyTemplate that generates a CHACHA20_POLY1305 key.
func KMSEnvelopeAEADKeyTemplate ¶
func KMSEnvelopeAEADKeyTemplate(uri string, dekT *tinkpb.KeyTemplate) *tinkpb.KeyTemplate
KMSEnvelopeAEADKeyTemplate is a KeyTemplate that generates a KMSEnvelopeAEAD key for a given KEK in remote KMS. Keys generated by this key template uses RAW output prefix to make them compatible with the remote KMS' encrypt/decrypt operations. Unlike other templates, when you generate new keys with this template, Tink does not generate new key material, but only creates a reference to the remote KEK.
func NewWithKeyManager
deprecated
func XChaCha20Poly1305KeyTemplate ¶
func XChaCha20Poly1305KeyTemplate() *tinkpb.KeyTemplate
XChaCha20Poly1305KeyTemplate is a KeyTemplate that generates a XCHACHA20_POLY1305 key.
Types ¶
type KMSEnvelopeAEAD ¶
type KMSEnvelopeAEAD struct {
// contains filtered or unexported fields
}
KMSEnvelopeAEAD represents an instance of Envelope AEAD.
func NewKMSEnvelopeAEAD
deprecated
func NewKMSEnvelopeAEAD(kt tinkpb.KeyTemplate, remote tink.AEAD) *KMSEnvelopeAEAD
NewKMSEnvelopeAEAD creates an new instance of KMSEnvelopeAEAD.
Deprecated: Use NewKMSEnvelopeAEAD2 which takes a pointer to a KeyTemplate proto rather than a value.
func NewKMSEnvelopeAEAD2 ¶ added in v1.5.0
func NewKMSEnvelopeAEAD2(kt *tinkpb.KeyTemplate, remote tink.AEAD) *KMSEnvelopeAEAD
NewKMSEnvelopeAEAD2 creates an new instance of KMSEnvelopeAEAD.