service

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 14, 2026 License: MIT Imports: 9 Imported by: 0

Documentation

Overview

Package service provides cryptographic services for AEAD cipher management and key operations. Implements envelope encryption with support for AES-256-GCM and ChaCha20-Poly1305 algorithms.

Package service provides cryptographic services for envelope encryption. Implements AEAD ciphers (AES-256-GCM, ChaCha20-Poly1305) for KEK/DEK management.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AEAD 

type AEAD interface {
	// Encrypt encrypts plaintext with optional AAD and returns ciphertext and nonce.
	Encrypt(plaintext, aad []byte) (ciphertext, nonce []byte, err error)

	// Decrypt decrypts ciphertext using the provided nonce and AAD.
	Decrypt(ciphertext, nonce, aad []byte) ([]byte, error)
}

AEAD defines the interface for Authenticated Encryption with Associated Data.

type AEADManager 

type AEADManager interface {
	// CreateCipher creates an AEAD cipher instance for the specified algorithm.
	CreateCipher(key []byte, alg cryptoDomain.Algorithm) (AEAD, error)
}

AEADManager defines the interface for creating AEAD cipher instances.

type AEADManagerService 

type AEADManagerService struct{}

AEADManagerService implements the AEADManager interface for creating AEAD cipher instances.

func NewAEADManager 

func NewAEADManager() *AEADManagerService

NewAEADManager creates a new AEADManagerService.

func (*AEADManagerService) CreateCipher 

func (am *AEADManagerService) CreateCipher(key []byte, alg cryptoDomain.Algorithm) (AEAD, error)

CreateCipher creates an AEAD cipher instance for the specified algorithm. Returns ErrInvalidKeySize if key is not 32 bytes or ErrUnsupportedAlgorithm if algorithm is unknown.

type AESGCMCipher 

type AESGCMCipher struct {
	// contains filtered or unexported fields
}

AESGCMCipher implements AEAD using AES-256-GCM.

func NewAESGCM 

func NewAESGCM(key []byte) (*AESGCMCipher, error)

NewAESGCM creates a new AES-256-GCM cipher instance. Returns an error if key is not exactly 32 bytes.

func (*AESGCMCipher) Decrypt 

func (a *AESGCMCipher) Decrypt(ciphertext, nonce, aad []byte) ([]byte, error)

Decrypt decrypts ciphertext using AES-256-GCM with the provided nonce and AAD.

func (*AESGCMCipher) Encrypt 

func (a *AESGCMCipher) Encrypt(plaintext, aad []byte) (ciphertext, nonce []byte, err error)

Encrypt encrypts plaintext using AES-256-GCM with optional AAD.

type ChaCha20Poly1305Cipher 

type ChaCha20Poly1305Cipher struct {
	// contains filtered or unexported fields
}

ChaCha20Poly1305Cipher implements AEAD using ChaCha20-Poly1305.

func NewChaCha20Poly1305 

func NewChaCha20Poly1305(key []byte) (*ChaCha20Poly1305Cipher, error)

NewChaCha20Poly1305 creates a new ChaCha20-Poly1305 cipher instance. Returns an error if key is not exactly 32 bytes.

func (*ChaCha20Poly1305Cipher) Decrypt 

func (c *ChaCha20Poly1305Cipher) Decrypt(ciphertext, nonce, aad []byte) ([]byte, error)

Decrypt decrypts ciphertext using ChaCha20-Poly1305 with the provided nonce and AAD.

func (*ChaCha20Poly1305Cipher) Encrypt 

func (c *ChaCha20Poly1305Cipher) Encrypt(plaintext, aad []byte) (ciphertext, nonce []byte, err error)

Encrypt encrypts plaintext using ChaCha20-Poly1305 with optional AAD.

type KeyManager 

type KeyManager interface {
	// CreateKek creates a new KEK encrypted with the master key.
	CreateKek(
		masterKey *cryptoDomain.MasterKey,
		alg cryptoDomain.Algorithm,
	) (cryptoDomain.Kek, error)

	// DecryptKek decrypts a KEK using the master key.
	DecryptKek(kek *cryptoDomain.Kek, masterKey *cryptoDomain.MasterKey) ([]byte, error)

	// CreateDek creates a new DEK encrypted with the KEK.
	CreateDek(kek *cryptoDomain.Kek, alg cryptoDomain.Algorithm) (cryptoDomain.Dek, error)

	// DecryptDek decrypts a DEK using the KEK.
	DecryptDek(dek *cryptoDomain.Dek, kek *cryptoDomain.Kek) ([]byte, error)
}

KeyManager defines the interface for managing KEKs and DEKs in envelope encryption.

type KeyManagerService 

type KeyManagerService struct {
	// contains filtered or unexported fields
}

KeyManagerService implements the KeyManager interface for envelope encryption.

func NewKeyManager 

func NewKeyManager(aeadManager AEADManager) *KeyManagerService

NewKeyManager creates a new KeyManagerService with the provided AEADManager.

func (*KeyManagerService) CreateDek 

func (km *KeyManagerService) CreateDek(
	kek *cryptoDomain.Kek,
	alg cryptoDomain.Algorithm,
) (cryptoDomain.Dek, error)

CreateDek generates a random 32-byte DEK and encrypts it with the KEK. The plaintext DEK is NOT included in the returned struct and must be derived separately.

func (*KeyManagerService) CreateKek 

func (km *KeyManagerService) CreateKek(
	masterKey *cryptoDomain.MasterKey,
	alg cryptoDomain.Algorithm,
) (cryptoDomain.Kek, error)

CreateKek generates a random 32-byte KEK, encrypts it with the master key, and returns the encrypted KEK. The plaintext KEK is included in the returned Kek.Key field and should be zeroed after use.

func (*KeyManagerService) DecryptDek 

func (km *KeyManagerService) DecryptDek(
	dek *cryptoDomain.Dek,
	kek *cryptoDomain.Kek,
) ([]byte, error)

DecryptDek decrypts a DEK using the KEK. Returns ErrDecryptionFailed if decryption fails due to wrong key or corrupted data.

func (*KeyManagerService) DecryptKek 

func (km *KeyManagerService) DecryptKek(
	kek *cryptoDomain.Kek,
	masterKey *cryptoDomain.MasterKey,
) ([]byte, error)

DecryptKek decrypts a KEK using the master key. Returns ErrDecryptionFailed if decryption fails due to wrong key or corrupted data.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.