dbcrypt

package

v1.31.1 Latest Latest Go to latest Published: Feb 25, 2026 License: GPL-3.0 Imports: 11 Imported by: 1

README ¶

Greenbone Logo

dbcrypt Package Documentation

This package provides functions for encrypting and decrypting fields of entities persisted with GORM using the AES algorithm. It uses the GCM mode of operation for encryption, which provides authentication and integrity protection for the encrypted data. It can be used to encrypt and decrypt sensitive data using gorm hooks.

Example Usage

Here is an example of how to use the dbcrypt package:

package main

import (
	"log"

	"github.com/greenbone/opensight-golang-libraries/pkg/dbcrypt"
)

type Person struct {
	gorm.Model
	PasswordField string `encrypt:"true"`
}

func main() {
	db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
	if err != nil {
		log.Fatalf("Error %v", err)
	}

	cipher, err := dbcrypt.NewDBCipher(dbcrypt.Config{
		Password: "password",
		PasswordSalt: "password-salt-0123456789-0123456",
	})
	if err != nil {
		log.Fatalf("Error %v", err)
	}
	dbcrypt.Register(db, cipher)

	personWrite := &Person{PasswordField: "secret"}
	if err := db.Create(personWrite).Error; err != nil {
		log.Fatalf("Error %v", err)
	}

	personRead := &Person{}
	if err := db.First(personRead).Error; err != nil {
		log.Fatalf("Error %v", err)
	}
}

In this example, a Person struct is created and PasswordField is automatically encrypted before storing in the database using the DBCipher. Then, when the data is retrieved from the database PasswordField is automatically decrypted.

License

Licensed under the GNU General Public License v3.0 or later.

Documentation ¶

Index ¶

func Register(db *gorm.DB, c *DBCipher) error
type Config
- func (conf Config) Validate() error
type DBCipher
- func NewDBCipher(conf Config) (*DBCipher, error)
- func (c *DBCipher) Decrypt(ciphertextWithPrefix []byte) ([]byte, error)
- func (c *DBCipher) Encrypt(plaintext []byte) ([]byte, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Register ¶ added in v1.23.0

func Register(db *gorm.DB, c *DBCipher) error

Register registers encryption and decryption callbacks for the provided data base, to perform automatically cryptographic operations on all models that contain a field tagged with 'encrypt:"true"'.

Types ¶

type Config ¶ added in v1.23.0

type Config struct {
	// Default version of the cryptographic algorithm. Useful for testing older historical implementations. Leave empty to use the most recent version.
	//
	// Supported values:
	// - "": use latest version of the cryptographic algorithm (recommended).
	// - "v2": use v2 version of the cryptographic algorithm.
	// - "v1": use v1 version of the cryptographic algorithm.
	//
	// See cipher_spec.go for all versions
	Version string

	// Contains the password used to derive encryption key
	Password string //nolint:gosec

	// Contains the salt for increasing password entropy
	PasswordSalt string
}

Config encapsulates configuration for DBCipher.

func (Config) Validate ¶ added in v1.23.0

func (conf Config) Validate() error

Validate validates the provided config.

type DBCipher ¶ added in v1.23.0

type DBCipher struct {
	// contains filtered or unexported fields
}

DBCipher is cipher designed to perform validated encryption and decryption on database values.

func NewDBCipher ¶ added in v1.23.0

func NewDBCipher(conf Config) (*DBCipher, error)

NewDBCipher creates a new instance of DBCipher based on the provided Config.

func (*DBCipher) Decrypt ¶ added in v1.23.0

func (c *DBCipher) Decrypt(ciphertextWithPrefix []byte) ([]byte, error)

Decrypt decrypts the provided bytes with DBCipher.

func (*DBCipher) Encrypt ¶ added in v1.23.0

func (c *DBCipher) Encrypt(plaintext []byte) ([]byte, error)

Encrypt encrypts the provided bytes with DBCipher.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL