keys

package
v0.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 14, 2023 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrDecryptKey      = errors.New("unable to decrypt data key")
	ErrGenerateDataKey = errors.New("unable to generate data key")
	ErrEncryptKey      = errors.New("unable to encrypt data key")
)

Functions

This section is empty.

Types

type DataKey 

type DataKey struct {
	// contains filtered or unexported fields
}

func (DataKey) DataKey 

func (dk DataKey) DataKey() []byte

func (DataKey) EncryptedDataKey 

func (dk DataKey) EncryptedDataKey() []byte

func (DataKey) KeyID 

func (dk DataKey) KeyID() string

func (DataKey) KeyProvider 

func (dk DataKey) KeyProvider() KeyMeta

type DataKeyI 

type DataKeyI interface {
	Key

	EncryptedDataKey() []byte
	DataKey() []byte
}

type EncryptedDataKey 

type EncryptedDataKey struct {
	// contains filtered or unexported fields
}

func NewEncryptedDataKey 

func NewEncryptedDataKey(provider KeyMeta, encryptedDataKey []byte) *EncryptedDataKey

func (EncryptedDataKey) EncryptedDataKey 

func (edk EncryptedDataKey) EncryptedDataKey() []byte

func (EncryptedDataKey) KeyID 

func (edk EncryptedDataKey) KeyID() string

func (EncryptedDataKey) KeyProvider 

func (edk EncryptedDataKey) KeyProvider() KeyMeta

type EncryptedDataKeyI 

type EncryptedDataKeyI interface {
	Key
	EncryptedDataKey() []byte
}

type Key 

type Key interface {
	KeyBase
}

type KeyBase 

type KeyBase interface {
	KeyProvider() KeyMeta
	KeyID() string
}

type KeyEntry 

type KeyEntry[V any] struct {
	Entry V
}

func NewKeyEntry 

func NewKeyEntry[V MasterKeyBase](key V) KeyEntry[V]

func NewKeyEntryPtr 

func NewKeyEntryPtr[V MasterKeyBase](key V) *KeyEntry[V]

func (KeyEntry[V]) GetEntry 

func (ke KeyEntry[V]) GetEntry() V

type KeyMeta 

type KeyMeta struct {
	ProviderID string
	KeyID      string
}

func WithKeyMeta 

func WithKeyMeta(providerID, keyID string) KeyMeta

func (KeyMeta) Equal 

func (km KeyMeta) Equal(other KeyMeta) bool

func (KeyMeta) String 

func (km KeyMeta) String() string

type KmsMasterKey 

type KmsMasterKey struct {
	// contains filtered or unexported fields
}

func NewKmsMasterKey 

func NewKmsMasterKey(client *kms.Client, keyID string) (*KmsMasterKey, error)

func (*KmsMasterKey) DecryptDataKey 

func (kmsMK *KmsMasterKey) DecryptDataKey(ctx context.Context, encryptedDataKey EncryptedDataKeyI, _ *suite.AlgorithmSuite, ec suite.EncryptionContext) (DataKeyI, error)

DecryptDataKey returns DataKey which is decrypted from EncryptedDataKey that was encrypted by EncryptDataKey DataKey contains: 

provider			keyID of this (MasterKey) KmsMasterKey MUST equals to EncryptedDataKey keyID
dataKey				Plaintext is decrypted content of EncryptedDataKey encryptedDataKey
encryptedDataKey	encrypted content of (this) EncryptedDataKey

Decrypted dataKey (plaintext) MUST match DataKey (plaintext) that was originally generated at GenerateDataKey.

func (*KmsMasterKey) EncryptDataKey 

func (kmsMK *KmsMasterKey) EncryptDataKey(ctx context.Context, dataKey DataKeyI, _ *suite.AlgorithmSuite, ec suite.EncryptionContext) (EncryptedDataKeyI, error)

EncryptDataKey returns EncryptedDataKey which is encrypted from DataKey that was generated at GenerateDataKey EncryptedDataKey contains: 

provider			keyID of this (MasterKey) KmsMasterKey
encryptedDataKey	CiphertextBlob is encrypted content of dataKey (this or other)

i.e. GenerateDataKey (encryption material generator), once per primaryMasterKey ->
-> for each MasterKey (KmsMasterKey) registered in providers.MasterKeyProvider do EncryptDataKey

func (*KmsMasterKey) GenerateDataKey 

func (kmsMK *KmsMasterKey) GenerateDataKey(ctx context.Context, alg *suite.AlgorithmSuite, ec suite.EncryptionContext) (DataKeyI, error)

GenerateDataKey returns DataKey is generated from primaryMasterKey in MasterKeyProvider DataKey contains: 

provider			keyID of this (MasterKey) KmsMasterKey
dataKey				Plaintext of this generated dataKey
encryptedDataKey	CiphertextBlob of this generated dataKey

func (*KmsMasterKey) KeyID 

func (kmsMK *KmsMasterKey) KeyID() string

func (*KmsMasterKey) Metadata 

func (kmsMK *KmsMasterKey) Metadata() KeyMeta

func (*KmsMasterKey) OwnsDataKey 

func (kmsMK *KmsMasterKey) OwnsDataKey(key Key) bool

type KmsMasterKeyI 

type KmsMasterKeyI interface {
	MasterKeyBase
	// contains filtered or unexported methods
}

type MasterKeyBase 

type MasterKeyBase interface {
	KeyID() string
	Metadata() KeyMeta
	OwnsDataKey(key Key) bool
	GenerateDataKey(ctx context.Context, alg *suite.AlgorithmSuite, ec suite.EncryptionContext) (DataKeyI, error)
	EncryptDataKey(ctx context.Context, dataKey DataKeyI, alg *suite.AlgorithmSuite, ec suite.EncryptionContext) (EncryptedDataKeyI, error)
	DecryptDataKey(ctx context.Context, encryptedDataKey EncryptedDataKeyI, alg *suite.AlgorithmSuite, ec suite.EncryptionContext) (DataKeyI, error)
}

type RawMasterKey 

type RawMasterKey struct {
	Encrypter encryption.GcmBase
	// contains filtered or unexported fields
}

func NewRawMasterKey 

func NewRawMasterKey(providerID, keyID string, rawKey []byte) (*RawMasterKey, error)

func (*RawMasterKey) DecryptDataKey 

func (rawMK *RawMasterKey) DecryptDataKey(_ context.Context, encryptedDataKey EncryptedDataKeyI, alg *suite.AlgorithmSuite, ec suite.EncryptionContext) (DataKeyI, error)

func (*RawMasterKey) EncryptDataKey 

func (rawMK *RawMasterKey) EncryptDataKey(_ context.Context, dk DataKeyI, alg *suite.AlgorithmSuite, ec suite.EncryptionContext) (EncryptedDataKeyI, error)

func (*RawMasterKey) GenerateDataKey 

func (rawMK *RawMasterKey) GenerateDataKey(_ context.Context, alg *suite.AlgorithmSuite, ec suite.EncryptionContext) (DataKeyI, error)

func (*RawMasterKey) KeyID 

func (rawMK *RawMasterKey) KeyID() string

func (*RawMasterKey) Metadata 

func (rawMK *RawMasterKey) Metadata() KeyMeta

func (*RawMasterKey) OwnsDataKey 

func (rawMK *RawMasterKey) OwnsDataKey(key Key) bool

type RawMasterKeyI 

type RawMasterKeyI interface {
	MasterKeyBase
	// contains filtered or unexported methods
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.