hsm

package
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 2, 2026 License: MIT Imports: 6 Imported by: 0

Documentation

Overview

Package hsm provides HSMProvider implementations for use with keeper. SoftHSM is an in-process provider backed by memguard, intended for testing and CI environments. It must not be used in production.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type SoftHSM 

type SoftHSM struct {
	// contains filtered or unexported fields
}

SoftHSM is a purely in-process HSMProvider backed by a random wrapping key held in a memguard Enclave. It satisfies the keeper.HSMProvider interface and is safe for concurrent use, but provides no hardware-level protection.

func NewSoftHSM 

func NewSoftHSM() (*SoftHSM, error)

NewSoftHSM generates a random 32-byte wrapping key and seals it into a memguard Enclave. The returned SoftHSM is ready to use immediately.

func (*SoftHSM) Ping 

func (h *SoftHSM) Ping(_ context.Context) error

Ping always returns nil for an in-process provider. It satisfies the keeper.HSMProvider interface for health monitoring.

func (*SoftHSM) UnwrapDEK 

func (h *SoftHSM) UnwrapDEK(wrapped []byte) ([]byte, error)

UnwrapDEK decrypts a wrapped DEK produced by WrapDEK. Returns an error if authentication fails or the data is malformed.

func (*SoftHSM) WrapDEK 

func (h *SoftHSM) WrapDEK(dek []byte) ([]byte, error)

WrapDEK encrypts dek with the internal wrapping key using XChaCha20-Poly1305. The returned bytes are [24-byte nonce || ciphertext || 16-byte tag].

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.