Documentation
¶
Overview ¶
Package rsa implements RSA envelope encryption using JWE (JSON Web Encryption) format. It conforms to the interface in the envelope package.
The implementation uses:
- RSA-OAEP-256 (RSA-OAEP with SHA-256) for key encryption
- AES-256-GCM (A256GCM) for content encryption
- JWE Compact Serialization format as defined in RFC 7516
The output is a JWE string with 5 base64url-encoded parts separated by dots: header.encryptedKey.iv.ciphertext.tag
Index ¶
Constants ¶
const (
// EncryptionType is the type identifier for RSA JWE encryption
EncryptionType = "JWE-RSA"
)
const ( // HardcodedPublicKeyPEM contains a temporary hardcoded RSA public key (2048-bit) for envelope encryption. // This is a TEMPORARY solution for initial development and testing. // TODO: Replace with dynamic key fetching from CyberArk Discovery & Context API. HardcodedPublicKeyPEM = `` /* 450-byte string literal not displayed */ )
Variables ¶
This section is empty.
Functions ¶
func LoadHardcodedPublicKey ¶
LoadHardcodedPublicKey loads and parses the hardcoded RSA public key. Returns a hardcoded UID associated with the key. This is a temporary solution for initial development and testing. Returns an error if the hardcoded key is invalid or cannot be parsed.
func LoadPublicKeyFromPEM ¶
LoadPublicKeyFromPEM parses an RSA public key from PEM-encoded bytes. The PEM block should be of type "PUBLIC KEY" or "RSA PUBLIC KEY".
Types ¶
type Encryptor ¶
type Encryptor struct {
// contains filtered or unexported fields
}
Encryptor provides envelope encryption using RSA-OAEP-256 for key wrapping and AES-256-GCM for data encryption, outputting JWE Compact Serialization format.
func NewEncryptor ¶
func NewEncryptor(fetcher keyfetch.KeyFetcher) (*Encryptor, error)
NewEncryptor creates a new Encryptor with the provided key fetcher. The encryptor will use RSA-OAEP-256 for key encryption and A256GCM for content encryption.
Source Files