Documentation
¶
Overview ¶
Package rsa implements RSA envelope encryption using JWE (JSON Web Encryption) format. It conforms to the interface in the envelope package.
The implementation uses:
- RSA-OAEP-256 (RSA-OAEP with SHA-256) for key encryption
- AES-256-GCM (A256GCM) for content encryption
- JWE Compact Serialization format as defined in RFC 7516
The output is a JWE string with 5 base64url-encoded parts separated by dots: header.encryptedKey.iv.ciphertext.tag
Index ¶
Constants ¶
const (
// EncryptionType is the type identifier for RSA JWE encryption
EncryptionType = "JWE-RSA"
)
Variables ¶
This section is empty.
Functions ¶
func LoadPublicKeyFromPEM ¶
LoadPublicKeyFromPEM parses an RSA public key from PEM-encoded bytes. The PEM block should be of type "PUBLIC KEY" or "RSA PUBLIC KEY".
Types ¶
type Encryptor ¶
type Encryptor struct {
// contains filtered or unexported fields
}
Encryptor provides envelope encryption using RSA-OAEP-256 for key wrapping and AES-256-GCM for data encryption, outputting JWE Compact Serialization format.
func NewEncryptor ¶
NewEncryptor creates a new Encryptor with the provided RSA public key. The RSA key must be at least minRSAKeySize bits. The encryptor will use RSA-OAEP-256 for key encryption and A256GCM for content encryption.
func (*Encryptor) Encrypt ¶
func (e *Encryptor) Encrypt(data []byte) (*envelope.EncryptedData, error)
Encrypt performs envelope encryption on the provided data. It returns an EncryptedData struct containing JWE Compact Serialization format and type metadata. The JWE uses RSA-OAEP-256 for key encryption and A256GCM for content encryption.
Source Files