Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( EncryptionKeyConfigName = "convergent-encryption-key-config" // ConfigFilter is the configstore manipulation filter used to retrieve the encryption keys ConfigFilter = configstore.Filter().Slice(EncryptionKeyConfigName).Unmarshal(configFactory).Rekey(rekeyConfigByIdentifier).Reorder(reorderTimestamp) )
Functions ¶
Types ¶
type Key ¶
type Key interface { symmecrypt.Key stream.Key Locator() (string, error) NewSequenceKey() (symmecrypt.Key, error) }
func LoadKey ¶
LoadKey instantiates a new encryption key for a given identifier from the default store in configstore. It retrieves all the necessary data from configstore then calls NewKey().
If several keys are found for the identifier, they are sorted by timestamp, and a composite key is returned. The most recent key will be used for encryption, and decryption will be done by any of them. There needs to be _only one_ key with the highest priority for the identifier.
If the key configuration specifies it is sealed, the key returned will be wrapped by an unseal mechanism. When the symmecrypt/seal global singleton gets unsealed, the key will become usable instantly. It will return errors in the meantime.
The key cipher name is expected to match a KeyFactory that got registered through RegisterCipher(). Either use a built-in cipher, or make sure to register a proper factory for this cipher. This KeyFactory will be called, either directly or when the symmecrypt/seal global singleton gets unsealed, if applicable.
func LoadKeyFromStore ¶
func LoadKeyFromStore(hash, identifier string, store *configstore.Store) (Key, error)
LoadKeyFromStore instantiates a new encryption key for a given identifier from a specific store instance. It retrieves all the necessary data from configstore then calls NewKey().
If several keys are found for the identifier, they are sorted by timestamp, and a composite key is returned. The most recent key will be used for encryption, and decryption will be done by any of them. There needs to be _only one_ key with the highest priority for the identifier.
If the key configuration specifies it is sealed, the key returned will be wrapped by an unseal mechanism. When the symmecrypt/seal global singleton gets unsealed, the key will become usable instantly. It will return errors in the meantime.
The key cipher name is expected to match a KeyFactory that got registered through RegisterCipher(). Either use a built-in cipher, or make sure to register a proper factory for this cipher. This KeyFactory will be called, either directly or when the symmecrypt/seal global singleton gets unsealed, if applicable.
func NewKey ¶
func NewKey(hash string, cfgs ...ConvergentEncryptionConfig) (Key, error)
NewKey returns a convergent.Key object configured from a hash and number of ConvergentEncryptionConfig objects. If several ConvergentEncryptionConfig are supplied, the returned Key will be composite. A composite key encrypts with the latest Key (based on timestamp) and decrypts with any of they keys.
The key cipher name is expected to match a KeyFactory that got registered through RegisterCipher(). Either use a built-in cipher, or make sure to register a proper factory for this cipher. This KeyFactory will be called, either directly or when the symmecrypt/seal global singleton gets unsealed, if applicable.