crypt

package

v0.5.2 Latest Latest Go to latest Published: Mar 19, 2024 License: Apache-2.0 Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/rstudio/rskey

Links

Open Source Insights

Documentation ¶

Overview ¶

Package crypt implements the secret key-based encryption and decryption scheme used by RStudio's Connect and Package Manager products.

Constants ¶

View Source

const FIPSMode = false

When true, this package has been built in "FIPS mode". Attempts to use encryption algorithms not permissible under FIPS-140 regulations will always fail, and encryption will use AES-256-GCM by default.

View Source

const (
	// The fixed length of a Key, in bytes.
	KeyLength = 512
)

Variables ¶

View Source

var (
	// ErrInvalidKeyLength reports a malformed Key input.
	ErrInvalidKeyLength = errors.New("Encryption keys must be 512 bytes when decoded")
	// ErrPayLoadTooShort reports malformed cipher text.
	ErrPayLoadTooShort = errors.New("Payload is too short to be encrypted")
	// ErrFailedToDecrypt reports a failure to decrypt a given cipher text with a
	// given Key via Decrypt().
	ErrFailedToDecrypt = errors.New("Decryption failed")
	// ErrFIPS reports encryption or decryption failures caused by running
	// in FIPS mode.
	ErrFIPS = errors.New("Non-AES algorithms cannot be used when running in FIPS mode")
)

Functions ¶

This section is empty.

Types ¶

type Key ¶

type Key [KeyLength]byte

Key is a securely-generated, opaque byte array that can be used as a persistent secret when encrypting data.

func NewKey ¶

func NewKey() (*Key, error)

NewKey returns a newly-generated key, or an error if one cannot be generated.

func NewKeyFromBytes ¶

func NewKeyFromBytes(src []byte) (*Key, error)

NewKeyFromBytes returns the key read from the given byte slice, or an error.

func NewKeyFromReader ¶

func NewKeyFromReader(src io.Reader) (*Key, error)

NewKeyFromReader returns the key read from an io.Reader, or an error.

func (*Key) Decrypt ¶

func (k *Key) Decrypt(s string) (string, error)

Decrypt takes base64-encoded cipher text encrypted with the given key and returns the original clear text, or an error.

func (*Key) DecryptBytes ¶ added in v0.3.0

func (k *Key) DecryptBytes(s string) ([]byte, error)

DecryptBytes takes base64-encoded cipher text encrypted with the given key and returns the original bytes, or an error.

func (*Key) Encrypt ¶

func (k *Key) Encrypt(s string) (string, error)

Encrypt produces base64-encoded cipher text for the given payload and key, or an error if one cannot be created.

func (*Key) EncryptBytes ¶ added in v0.3.0

func (k *Key) EncryptBytes(bytes []byte) (string, error)

EncryptBytes produces base64-encoded cipher text for the given bytes and key, or an error if one cannot be created.

func (*Key) EncryptBytesFIPS ¶ added in v0.4.0

func (k *Key) EncryptBytesFIPS(bytes []byte) (string, error)

EncryptBytesFIPS produces base64-encoded cipher text for the given bytes and key using a FIPS-compatible algorithm, or an error if one cannot be created.

func (*Key) EncryptFIPS ¶ added in v0.4.0

func (k *Key) EncryptFIPS(s string) (string, error)

EncryptFIPS produces base64-encoded cipher text for the given payload and key using a FIPS-compatible algorithm, or an error if one cannot be created.

func (*Key) HexString ¶

func (k *Key) HexString() string

HexString produces a hex-encoded version of the key suitable for writing to disk.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL