ecdhes

package
v0.1.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 6, 2020 License: Apache-2.0 Imports: 26 Imported by: 0

Documentation

Overview

Package ecdhes provides implementations of payload encryption using ECDH-ES KW key wrapping with AEAD primitives.

The functionality of ecdhes Encryption is represented as a pair of primitives (interfaces):

  • ECDHESEncrypt for encryption of data and aad for a given list of recipients keys

  • ECDHESDecrypt for decryption of data for a certain recipient key and returning decrypted plaintext

Example: 

 package main

 import (
     "bytes"

     "github.com/google/tink/go/keyset"

	    ecdhessubtle "github.com/hyperledger/aries-framework-go/pkg/crypto/tinkcrypto/primitive/composite/ecdhes/subtle"
     "github.com/aries-framework-go/pkg/crypto/tinkcrypto/composite/ecdhes"
 )

 func main() {
     // create recipient side keyset handle
     recKH, err := keyset.NewHandle(ecdhes.ECDHES256KWAES256GCMKeyTemplate())
     if err != nil {
         //handle error
     }

     // extract recipient public keyset handle and key
     recPubKH, err := recKH.Public()
     if err != nil {
         //handle error
     }

     buf := new(bytes.Buffer)
     pubKeyWriter := ecdhes.NewWriter(buf)
     err = recPubKH.WriteWithNoSecrets(pubKeyWriter)
     if err != nil {
         //handle error
     }

     ecPubKey := new(ecdhessubtle.ECPublicKey)
     err := json.Unmarshal(buf.Bytes(), ecPubKey)

     // now create sender keyset handle with recipient public key (ecPubKey)
     sKH, err := keyset.NewHandle(ECDHES256KWAES256GCMKeyTemplateWithRecipients(
    		[]ecdhessubtle.ECPublicKey{*ecPubKey}))
     if err != nil {
         // handle error
     }

     // for more recipient keys pass in a list: []ecdhessubtle.ECPublicKey{*ecPubKey1, *ecPubKey2, *ecPubKey3, etc.})
     // at least 1 recipient is required.

     // extract sender public keyset handle to encrypt
     senderPubKH, err := sKH.Public()
     if err != nil {
         //handle error
     }

     e := ecdhes.NewECDHESEncrypt(senderPubKH)

     ct, err = e.Encrypt([]byte("secret message"), []byte("some aad"))
     if err != nil {
         // handle error
     }

     // get a handle on the decryption key material for a recipient
     // this is usually reloading the recipient's keyset handle (ie: `recKH` above) from a kms
     refRecKH , err := keyset.NewHandle( .....reference/rebuild `recKH` here...);
     d := ecdhes.NewECDHESDecrypt(refRecKH)

     pt, err := d.Decrypt(ct)
     if err != nil {
         // handle error
     }
 }

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ECDHES256KWAES256GCMKeyTemplate 

func ECDHES256KWAES256GCMKeyTemplate() *tinkpb.KeyTemplate

ECDHES256KWAES256GCMKeyTemplate is a KeyTemplate that generates an ECDH-ES P-256 key wrapping and AES256-GCM CEK. It is used to represent a recipient key to execute the CompositeDecrypt primitive with the following parameters:

Keys from this template represent a valid recipient public/private key pairs and can be stored in the KMS

func ECDHES256KWAES256GCMKeyTemplateWithRecipients 

func ECDHES256KWAES256GCMKeyTemplateWithRecipients(recPublicKeys []subtle.ECPublicKey) (*tinkpb.KeyTemplate, error)

ECDHES256KWAES256GCMKeyTemplateWithRecipients is similar to ECDHES256KWAES256GCMKeyTemplate but adding recipients keys to execute the CompositeEncrypt primitive for encrypting a message targeted to one ore more recipients. Keys from this template offer valid CompositeEncrypt primitive execution only and should not be stored in the KMS

func GetCurveType 

func GetCurveType(curve string) (commonpb.EllipticCurveType, error)

GetCurveType is a utility function that converts a string EC curve name into an EC curve proto type

func NewECDHESDecrypt 

func NewECDHESDecrypt(h *keyset.Handle) (api.CompositeDecrypt, error)

NewECDHESDecrypt returns an CompositeDecrypt primitive from the given keyset handle.

func NewECDHESDecryptWithKeyManager 

func NewECDHESDecryptWithKeyManager(h *keyset.Handle, km registry.KeyManager) (api.CompositeDecrypt, error)

NewECDHESDecryptWithKeyManager returns an CompositeDecrypt primitive from the given keyset handle and custom key manager.

func NewECDHESEncrypt 

func NewECDHESEncrypt(h *keyset.Handle) (api.CompositeEncrypt, error)

NewECDHESEncrypt returns an CompositeEncrypt primitive from the given keyset handle.

func NewECDHESEncryptWithKeyManager 

func NewECDHESEncryptWithKeyManager(h *keyset.Handle, km registry.KeyManager) (api.CompositeEncrypt, error)

NewECDHESEncryptWithKeyManager returns an CompositeEncrypt primitive from the given h keyset handle and custom km key manager.

Types

type PubKeyWriter 

type PubKeyWriter struct {
	// contains filtered or unexported fields
}

PubKeyWriter will write the raw bytes of a Tink KeySet's primary public key. The raw bytes are a marshaled ecdhessubtle.ECPublicKey type. The keyset must have a keyURL value equal to `ecdhesPublicKeyTypeURL` constant of this package Note: This writer should be used only for ECDHES public key export. Other export of public keys should be called 

via localkms package.

func NewWriter 

func NewWriter(w io.Writer) *PubKeyWriter

NewWriter creates a new PubKeyWriter instance

func (*PubKeyWriter) Write 

func (p *PubKeyWriter) Write(keyset *tinkpb.Keyset) error

Write writes the public keyset to the underlying w.Writer.

func (*PubKeyWriter) WriteEncrypted 

func (p *PubKeyWriter) WriteEncrypted(keyset *tinkpb.EncryptedKeyset) error

WriteEncrypted writes the encrypted keyset to the underlying w.Writer.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.