encryption

package
v0.1.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 1, 2026 License: MIT Imports: 8 Imported by: 0

README

encryption

AES-256-GCM encryption and decryption service for sensitive data.

Install

go get github.com/kbukum/gokit

Quick Start

package main

import (
    "fmt"
    "github.com/kbukum/gokit/encryption"
)

func main() {
    svc, err := encryption.NewService("my-secret-key")
    if err != nil {
        panic(err)
    }

    // Encrypt
    ciphertext, err := svc.Encrypt("sensitive data")
    if err != nil {
        panic(err)
    }
    fmt.Println(ciphertext) // base64-encoded

    // Decrypt
    plaintext, err := svc.Decrypt(ciphertext)
    if err != nil {
        panic(err)
    }
    fmt.Println(plaintext) // "sensitive data"
}

Key Types & Functions

Name Description
Service AES-256-GCM encryption/decryption service
NewService(key string) Create service (key is SHA-256 hashed to 32 bytes)
Encrypt(plaintext string) Encrypt to base64-encoded ciphertext
Decrypt(ciphertext string) Decrypt from base64-encoded ciphertext

⬅ Back to main README

Documentation

Overview

Package encryption provides AES-GCM encryption and decryption for sensitive data in gokit applications.

It supports automatic key derivation from passphrases using SHA-256 hashing, producing 256-bit keys for AES-GCM authenticated encryption.

Usage 

enc, err := encryption.New("my-secret-passphrase")
ciphertext, err := enc.Encrypt(plaintext)
plaintext, err := enc.Decrypt(ciphertext)

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Algorithm 

type Algorithm string

Algorithm represents supported encryption algorithms. 

const (
	// AlgorithmAESGCM is AES-256-GCM (default, widely supported).
	AlgorithmAESGCM Algorithm = "aes-256-gcm"

	// AlgorithmChaCha20 is ChaCha20-Poly1305 (modern, fast on CPUs without AES-NI).
	AlgorithmChaCha20 Algorithm = "chacha20-poly1305"
)

type ChaCha20Service 

type ChaCha20Service struct {
	// contains filtered or unexported fields
}

ChaCha20Service handles encryption/decryption using ChaCha20-Poly1305. This is a modern AEAD cipher that performs well on CPUs without AES hardware acceleration (e.g., ARM devices, older processors).

func NewChaCha20 

func NewChaCha20(key string) (*ChaCha20Service, error)

NewChaCha20 creates a new ChaCha20-Poly1305 encryption service. The key is hashed with SHA-256 to produce a consistent 32-byte key.

func (*ChaCha20Service) Decrypt 

func (s *ChaCha20Service) Decrypt(ciphertext string) (string, error)

Decrypt decrypts a base64-encoded ciphertext.

func (*ChaCha20Service) Encrypt 

func (s *ChaCha20Service) Encrypt(plaintext string) (string, error)

Encrypt encrypts plaintext and returns a base64-encoded result.

type Encryptor 

type Encryptor interface {
	Encrypt(plaintext string) (string, error)
	Decrypt(ciphertext string) (string, error)
}

Encryptor defines the interface for symmetric encryption and decryption. Projects choose which implementation to use based on their requirements.

func New 

func New(key string, opts ...Option) (Encryptor, error)

New creates an Encryptor with the given key and options. Default algorithm is AES-256-GCM. Use WithAlgorithm to select ChaCha20-Poly1305.

The key is hashed to the required length for the chosen algorithm.

type Option 

type Option func(*options)

Option configures the encryption service.

func WithAlgorithm 

func WithAlgorithm(alg Algorithm) Option

WithAlgorithm selects the encryption algorithm (default: AES-256-GCM).

type Service 

type Service struct {
	// contains filtered or unexported fields
}

Service handles encryption/decryption of sensitive data using AES-256-GCM.

func NewService 

func NewService(key string) (*Service, error)

NewService creates a new encryption service with the given key. The key is hashed with SHA-256 to produce a consistent 32-byte AES key.

func (*Service) Decrypt 

func (s *Service) Decrypt(ciphertext string) (string, error)

Decrypt decrypts a base64-encoded ciphertext.

func (*Service) Encrypt 

func (s *Service) Encrypt(plaintext string) (string, error)

Encrypt encrypts plaintext and returns a base64-encoded result.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.