crypt

package module

v0.0.0-...-eecd21b Latest Latest Go to latest Published: Feb 24, 2022 License: MIT Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jmhobbs/struct-crypt

Links

Open Source Insights

README ¶

struct-crypt

This package provides simple struct tag based encryption for Go via the nacl/secretbox api.

The package provides a Transform struct which holds your secret key. This can then be applied to Encrypt a struct, or Decrypt a struct.

The struct tags determine which fields are plaintext, and which are ciphertext.

The tag for a plaintext field is "encrypt" followed by a target field name to place the ciphertext into, e.g. encrypt:"CiphertextTarget"

The tag for a ciphertext field is "decrypt" followed by a target field name to place the plaintext into, e.g. decrypt:"PlaintextTarget"

The tags are not required to be symmetric, so you do not have to decrypt into the same field that encrypts into another field.

All fields must be a byte slice, or a string. If the ciphertext field is a string, it will be stored as a base64 standard encoding representation of the underlying bytes.

By default, all fields are cleared to their zero value after they are transformed. If you do not want this behavior on a field, you may add ,preserve to the tag, e.g. encrypt:"password,preserve"

Example

package main

import (
	crypt "github.com/jmhobbs/struct-crypt"
)

type example struct {
	Plaintext  string `encrypt:"Ciphertext"`
	Ciphertext string `decrypt:"Plaintext"`
	DecSecret  string `encrypt:"EncSecret,preserve"`
	EncSecret  []byte `decrypt:"DecSecret,preserve"`
}

func main() {
	var secret [32]byte
	copy(secret[:], []byte("-----32-byte-encryption-key-----"))

	transform := crypt.New(secret)

	e := example{
		Plaintext: "top secret",
		DecSecret: "also secret",
	}
	/*
	 Plaintext: "top secret"
	Ciphertext: ""
	 DecSecret: "also secret"
	 EncSecret: []
	*/

	err := transform.Encrypt(&e)
	if err != nil {
		panic(err)
	}
	/*
	 Plaintext: ""
	Ciphertext: "dmvKi8BR0ehuM3Eu6zuZZeqEjAB6hbGom+FWAsWSFSehSqpvgU0cEK44M4Bv6Mo6gjo="
	 DecSecret: "also secret"
	 EncSecret: [39 142 155 38 15...119 35 109]
	*/

	err = transform.Decrypt(&e)
	/*
	 Plaintext: "top secret"
	Ciphertext: ""
	 DecSecret: "also secret"
	 EncSecret: [39 142 155 38 15...119 35 109]
	*/
}

Documentation ¶

Overview ¶

Package crypt implements a transformer which encrypts and decrypts struct fields based on their tags. The struct tags determine which fields are plaintext, and which are ciphertext.

The tag for a plaintext field is "encrypt" followed by a target field name to place the ciphertext into, e.g.

`encrypt:"Ciphertext"`

The tag for a ciphertext field is "decrypt" followed by a target field name to place the plaintext into, e.g.

`decrypt:"Plaintext"`

The tags are not required to be symmetric, so you do not have to decrypt into the same field that encrypts into another field.

All fields must be a byte slice, or a string. If the ciphertext field is a string, it will be stored as a base64 representation of the underlying bytes.

By default, all fields are cleared to their zero value after they are transformed. If you do not want this behavior on a field, you may add `,preserve` to the tag, e.g. `encrypt:"password,preserve"`

All encryption is done though the golang.org/x/crypto/nacl/secretbox package.

Example ¶

// Struct tags target other, public fields, and do not have to be symmetric.
type ExampleStruct struct {
	StringPlainText  string `encrypt:"BytesCipherText"`
	StringCipherText string `decrypt:"StringPlainText"`
	BytesPlainText   []byte `encrypt:"StringCipherText"`
	BytesCipherText  []byte `decrypt:"BytesPlainText"`
}

// By default fields are cleared when encrypted or decrypted. Use `,preserve` to prevent this.
type PreserveStruct struct {
	PlainText  string `encrypt:"CipherText,preserve"`
	CipherText string `decrypt:"PlainText"`
}

Output:

Index ¶

type FieldError
- func (err FieldError) Error() string
type InvalidInputError
- func (err InvalidInputError) Error() string
type Transform
- func New(secret [32]byte) *Transform
- func (e *Transform) Decrypt(input interface{}) error
- func (e *Transform) Encrypt(input interface{}) error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type FieldError ¶

type FieldError struct {
	// contains filtered or unexported fields
}

func (FieldError) Error ¶

func (err FieldError) Error() string

type InvalidInputError ¶

type InvalidInputError struct {
	// contains filtered or unexported fields
}

func (InvalidInputError) Error ¶

func (err InvalidInputError) Error() string

type Transform ¶

type Transform struct {
	// contains filtered or unexported fields
}

Transform is used to automatically encrypt or decrypt fields.

func New ¶

func New(secret [32]byte) *Transform

New creates a Transform for the secret argument.

Example ¶

Ensure you use a strong random source to generate your key, and keep it safe.

buf := make([]byte, 32)
if _, err := rand.Read(buf); err != nil {
	panic(err.Error())
}
var secret [32]byte
copy(secret[:], buf[:])
_ = New(secret)

Output:

func (*Transform) Decrypt ¶

func (e *Transform) Decrypt(input interface{}) error

Decrypt all tagged fields to their targets.

func (*Transform) Encrypt ¶

func (e *Transform) Encrypt(input interface{}) error

Encrypt all tagged fields to their targets.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL