crypto

package

v1.5.0 Latest Latest Go to latest Published: Feb 10, 2026 License: MIT Imports: 10 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/inovacc/omni

Links

Open Source Insights

Documentation ¶

Rendered for

Overview ¶

Package crypto provides AES-256-GCM encryption for cloud profile credentials.

Index ¶

Constants
func DecryptWithKey(encrypted, key []byte) ([]byte, error)
func DeriveProfileKey(masterKey []byte, provider, name string) []byte
func EncryptWithKey(data, key []byte) ([]byte, error)
func GenerateKey() ([]byte, error)
func GetMachineID() (string, error)
func GetOrCreateMasterKey(baseDir string) ([]byte, error)
func LoadMasterKey(baseDir string) ([]byte, error)
type MasterKeyData

Constants ¶

View Source

const (
	// KeySize is the AES-256 key size in bytes.
	KeySize = 32
	// NonceSize is the GCM nonce size in bytes.
	NonceSize = 12
	// TagSize is the GCM authentication tag size in bytes.
	TagSize = 16
	// MinEncryptedSize is the minimum size of encrypted data (nonce + tag).
	MinEncryptedSize = NonceSize + TagSize

	// PrefixEncrypted indicates encrypted data.
	PrefixEncrypted = "ENC:"
	// PrefixOpen indicates unencrypted data (fallback mode).
	PrefixOpen = "OPEN:"
)

Variables ¶

This section is empty.

Functions ¶

func DecryptWithKey ¶

func DecryptWithKey(encrypted, key []byte) ([]byte, error)

DecryptWithKey decrypts data using AES-256-GCM with the provided key. Expects input format: [12-byte nonce][ciphertext][16-byte GCM tag]

func DeriveProfileKey ¶

func DeriveProfileKey(masterKey []byte, provider, name string) []byte

DeriveProfileKey derives a profile-specific encryption key from the master key. Uses SHA256(masterKey || provider:name) to create isolated keys per profile.

func EncryptWithKey ¶

func EncryptWithKey(data, key []byte) ([]byte, error)

EncryptWithKey encrypts data using AES-256-GCM with the provided key. Returns: [12-byte nonce][ciphertext][16-byte GCM tag]

func GenerateKey ¶

func GenerateKey() ([]byte, error)

GenerateKey generates a random 32-byte encryption key.

func GetMachineID ¶

func GetMachineID() (string, error)

GetMachineID returns a unique identifier for the current machine. This is used to derive encryption keys that are tied to the machine. The implementation is platform-specific.

func GetOrCreateMasterKey ¶

func GetOrCreateMasterKey(baseDir string) ([]byte, error)

GetOrCreateMasterKey retrieves or creates the master encryption key. The master key is encrypted using a key derived from the machine ID.

func LoadMasterKey ¶

func LoadMasterKey(baseDir string) ([]byte, error)

LoadMasterKey loads and decrypts the master key from disk.

Types ¶

type MasterKeyData ¶

type MasterKeyData struct {
	Salt      []byte `json:"salt"`
	Encrypted []byte `json:"encrypted"`
}

MasterKeyData holds the encrypted master key and its salt.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL