crypto

package

v0.0.0-...-cca53c7 Latest Latest Go to latest Published: Feb 13, 2022 License: Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kubetrail/cipher

Documentation ¶

Index ¶

Constants
func BytesToPrivateKey(priv []byte) (*rsa.PrivateKey, error)
func BytesToPublicKey(pub []byte) (*rsa.PublicKey, error)
func DecryptData(r io.Reader, w io.Writer, priv *rsa.PrivateKey) error
func DecryptWithAesKey(data, key []byte) ([]byte, error)
func DecryptWithKms(ctx context.Context, data []byte, project, location, keyring, key string) ([]byte, error)
func DecryptWithPrivateKey(ciphertext []byte, priv *rsa.PrivateKey) ([]byte, error)
func EncryptData(r io.Reader, w io.Writer, pub *rsa.PublicKey) error
func EncryptWithAesKey(data, key []byte) ([]byte, error)
func EncryptWithKms(ctx context.Context, data []byte, project, location, keyring, key string) ([]byte, error)
func EncryptWithPublicKey(msg []byte, pub *rsa.PublicKey) ([]byte, error)
func GenerateKeyPair(bits int) (*rsa.PrivateKey, *rsa.PublicKey, error)
func NewAesKey() ([]byte, error)
func PrivateKeyToBytes(priv *rsa.PrivateKey) []byte
func PublicKeyToBytes(pub *rsa.PublicKey) ([]byte, error)
func SignData(r io.Reader, w io.Writer, priv *rsa.PrivateKey) error
func SignWithPrivateKey(data []byte, priv *rsa.PrivateKey) ([]byte, error)
func VerifySignature(r io.Reader, sig []byte, pub *rsa.PublicKey) error
func VerifyWithPublicKey(data []byte, sig []byte, pub *rsa.PublicKey) error
type EncryptedBlock
- func (g *EncryptedBlock) Marshal() ([]byte, error)

Constants ¶

View Source

const (
	DefaultBits2048 = 2048
)

Variables ¶

This section is empty.

Functions ¶

func DecryptData ¶

func DecryptData(r io.Reader, w io.Writer, priv *rsa.PrivateKey) error

DecryptData works with input reader and writer and the private key scanning the input one line at a time (this is specific to how this tool stores encrypted data) and spawning goroutines to decrypt such chunks of data. wait channel is used to synchronize the writing but reading input and decrypting process is not synchronized because it does not have to be.

func DecryptWithAesKey ¶

func DecryptWithAesKey(data, key []byte) ([]byte, error)

DecryptWithAesKey decrypts data using AES key

func DecryptWithKms ¶

func DecryptWithKms(ctx context.Context,
	data []byte, project, location, keyring, key string) ([]byte, error)

DecryptWithKms decrypts input data using Google KMS. You must have a service account referenced by env. var. GOOGLE_APPLICATION_CREDENTIALS

func DecryptWithPrivateKey ¶

func DecryptWithPrivateKey(ciphertext []byte, priv *rsa.PrivateKey) ([]byte, error)

DecryptWithPrivateKey decrypts data with private key

func EncryptData ¶

func EncryptData(r io.Reader, w io.Writer, pub *rsa.PublicKey) error

EncryptData works with reader and writer and the public key. It makes no assumptions about the input data and reads byte buffer chunks and spawns goroutines to encrypt each block. wait is used to synchronize writing to the writer, but encryption of each block is not synchronized.

func EncryptWithAesKey ¶

func EncryptWithAesKey(data, key []byte) ([]byte, error)

EncryptWithAesKey encrypts data using AES key

func EncryptWithKms ¶

func EncryptWithKms(ctx context.Context,
	data []byte, project, location, keyring, key string) ([]byte, error)

EncryptWithKms encrypts input data using Google KMS. You must have a service account referenced by env. var. GOOGLE_APPLICATION_CREDENTIALS

func EncryptWithPublicKey ¶

func EncryptWithPublicKey(msg []byte, pub *rsa.PublicKey) ([]byte, error)

EncryptWithPublicKey encrypts data with public key

func GenerateKeyPair ¶

func GenerateKeyPair(bits int) (*rsa.PrivateKey, *rsa.PublicKey, error)

GenerateKeyPair generates a new RSA key pair

func NewAesKey ¶

func NewAesKey() ([]byte, error)

NewAesKey generates new AES key

func PrivateKeyToBytes ¶

func PrivateKeyToBytes(priv *rsa.PrivateKey) []byte

PrivateKeyToBytes private key to bytes

func PublicKeyToBytes ¶

func PublicKeyToBytes(pub *rsa.PublicKey) ([]byte, error)

PublicKeyToBytes public key to bytes

func SignData ¶

func SignData(r io.Reader, w io.Writer, priv *rsa.PrivateKey) error

SignData signs data using private key

func SignWithPrivateKey ¶

func SignWithPrivateKey(data []byte, priv *rsa.PrivateKey) ([]byte, error)

SignWithPrivateKey signs data using private key

func VerifySignature ¶

func VerifySignature(r io.Reader, sig []byte, pub *rsa.PublicKey) error

VerifySignature verifies the signature for the input data

func VerifyWithPublicKey ¶

func VerifyWithPublicKey(data []byte, sig []byte, pub *rsa.PublicKey) error

VerifyWithPublicKey verifies the signature for the input data

Types ¶

type EncryptedBlock ¶

type EncryptedBlock struct {
	DataEncryptionKey []byte `json:"d,omitempty"`
	Ciphertext        []byte `json:"c,omitempty"`
}

EncryptedBlock represents the structure of the encrypted data. Data is encrypted using symmetric key, and the key is then encrypted using asymmetric key and then kept next to the data. Each block of data has its own data encryption key (DEK), however, all data encryption keys are encrypted using the same key encryption key (KEK).

func (*EncryptedBlock) Marshal ¶

func (g *EncryptedBlock) Marshal() ([]byte, error)

Marshal serializes encrypted block

Source Files ¶

View all Source files

core.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL