Documentation ¶
Overview ¶
Package crypt implements the secret key-based encryption and decryption scheme used by RStudio's Connect and Package Manager products.
Index ¶
- Constants
- Variables
- type Key
- func (k *Key) Decrypt(s string) (string, error)
- func (k *Key) DecryptBytes(s string) ([]byte, error)
- func (k *Key) Encrypt(s string) (string, error)
- func (k *Key) EncryptBytes(bytes []byte) (string, error)
- func (k *Key) EncryptBytesFIPS(bytes []byte) (string, error)
- func (k *Key) EncryptFIPS(s string) (string, error)
- func (k *Key) HexString() string
Constants ¶
const FIPSMode = false
When true, this package has been built in "FIPS mode". Attempts to use encryption algorithms not permissible under FIPS-140 regulations will always fail, and encryption will use AES-256-GCM by default.
const (
// The fixed length of a Key, in bytes.
KeyLength = 512
)
Variables ¶
var ( // ErrInvalidKeyLength reports a malformed Key input. ErrInvalidKeyLength = errors.New("Encryption keys must be 512 bytes when decoded") // ErrPayLoadTooShort reports malformed cipher text. ErrPayLoadTooShort = errors.New("Payload is too short to be encrypted") // ErrFailedToDecrypt reports a failure to decrypt a given cipher text with a // given Key via Decrypt(). ErrFailedToDecrypt = errors.New("Decryption failed") // ErrFIPS reports encryption or decryption failures caused by running // in FIPS mode. ErrFIPS = errors.New("Non-AES algorithms cannot be used when running in FIPS mode") )
Functions ¶
This section is empty.
Types ¶
type Key ¶
Key is a securely-generated, opaque byte array that can be used as a persistent secret when encrypting data.
func NewKeyFromBytes ¶
NewKeyFromBytes returns the key read from the given byte slice, or an error.
func NewKeyFromReader ¶
NewKeyFromReader returns the key read from an io.Reader, or an error.
func (*Key) Decrypt ¶
Decrypt takes base64-encoded cipher text encrypted with the given key and returns the original clear text, or an error.
func (*Key) DecryptBytes ¶ added in v0.3.0
DecryptBytes takes base64-encoded cipher text encrypted with the given key and returns the original bytes, or an error.
func (*Key) Encrypt ¶
Encrypt produces base64-encoded cipher text for the given payload and key, or an error if one cannot be created.
func (*Key) EncryptBytes ¶ added in v0.3.0
EncryptBytes produces base64-encoded cipher text for the given bytes and key, or an error if one cannot be created.
func (*Key) EncryptBytesFIPS ¶ added in v0.4.0
EncryptBytesFIPS produces base64-encoded cipher text for the given bytes and key using a FIPS-compatible algorithm, or an error if one cannot be created.
func (*Key) EncryptFIPS ¶ added in v0.4.0
EncryptFIPS produces base64-encoded cipher text for the given payload and key using a FIPS-compatible algorithm, or an error if one cannot be created.