encryption

package
v1.2.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 29, 2025 License: MIT Imports: 9 Imported by: 0

Documentation

Overview

Package encryption provides AES-256 encryption/decryption capabilities for user preferences. It includes secure key validation and environment variable management.

Index

Constants

View Source 
const (
	// MinKeyLength is the minimum required length for the input key material (32 bytes).
	// The actual AES key will be derived from this using SHA-256.
	MinKeyLength = 32
	// AESKeyLength is the required length for AES-256 keys (32 bytes).
	AESKeyLength = 32
	// EnvKeyName is the environment variable name for the encryption key.
	EnvKeyName = "USERPREFS_ENCRYPTION_KEY"
)

Variables

View Source 
var (
	// ErrInvalidKeyLength is returned when the encryption key doesn't meet minimum length requirements.
	ErrInvalidKeyLength = errors.New("encryption key must be at least 32 bytes")
	// ErrKeyNotFound is returned when the encryption key environment variable is not set.
	ErrKeyNotFound = errors.New("encryption key not found in environment variable " + EnvKeyName)
	// ErrEncryptionFailed is returned when encryption operation fails.
	ErrEncryptionFailed = errors.New("encryption operation failed")
	// ErrDecryptionFailed is returned when decryption operation fails.
	ErrDecryptionFailed = errors.New("decryption operation failed")
	// ErrInvalidCiphertext is returned when the ciphertext is malformed or too short.
	ErrInvalidCiphertext = errors.New("invalid ciphertext: too short or malformed")
)

Functions

func ValidateKey 

func ValidateKey() error

ValidateKey validates that the encryption key meets security requirements. This can be called early in application startup for fast-fail validation.

Types

type Manager 

type Manager struct {
	// contains filtered or unexported fields
}

Manager handles AES-256-GCM encryption and decryption operations. It validates the encryption key during initialization for fast-fail scenarios.

func NewManager 

func NewManager() (*Manager, error)

NewManager creates a new encryption manager with the key from environment variable. It validates the key strength and length during initialization. Returns an error if the key is missing or doesn't meet security requirements.

func NewManagerWithKey 

func NewManagerWithKey(keyMaterial []byte) (*Manager, error)

NewManagerWithKey creates a new encryption manager with a provided key. This is primarily used for testing. In production, use NewManager() with environment variables.

func (*Manager) Decrypt 

func (m *Manager) Decrypt(encodedCiphertext string) (string, error)

Decrypt decrypts base64-encoded ciphertext using AES-256-GCM and returns plaintext. Expects the ciphertext to contain the nonce prepended to the encrypted data.

func (*Manager) Encrypt 

func (m *Manager) Encrypt(plaintext string) (string, error)

Encrypt encrypts plaintext using AES-256-GCM and returns base64-encoded ciphertext. The returned string contains the nonce prepended to the encrypted data, all base64-encoded.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.