Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

crypto

package module

Go to main page

Versions in this module

v0

v0.1.1

Apr 30, 2026

Changes in this version

+ const AESKeySize

+ const GMCNonceSize

+ func DecryptObjectDeterministic(ct []byte, context string, dek []byte) ([]byte, error)

+ func DecryptObjectLinearOPE(ct []byte, dek []byte) (uint64, error)

+ func DecryptObjectProbabilistic(ct []byte, dek []byte) ([]byte, error)

+ func DenormalizeFloat32(v uint64) float32

+ func DenormalizeFloat64(v uint64) float64

+ func DenormalizeInt32(v uint64) int32

+ func DenormalizeInt64(v uint64) int64

+ func DenormalizeTime(v uint64) time.Time

+ func DenormalizeTimeSeconds(v uint64) time.Time

+ func DenormalizeUint32(v uint64) uint32

+ func EncryptObjectDeterministic(pt []byte, context string, dek []byte) ([]byte, error)

+ func EncryptObjectDeterministicFixed(pt []byte, context string, dek []byte) ([]byte, error)

+ func EncryptObjectLinearOPE(plaintext uint64, dek []byte) ([]byte, error)

+ func EncryptObjectProbabilistic(pt []byte, dek []byte) ([]byte, error)

+ func GenerateEphemeralKeypair() (clientPriv [32]byte, clientPub [32]byte, err error)

+ func NormalizeFloat32(v float32) uint64

+ func NormalizeFloat64(v float64) uint64

+ func NormalizeInt32(v int32) uint64

+ func NormalizeInt64(v int64) uint64

+ func NormalizeTime(t time.Time) uint64

+ func NormalizeTimeSeconds(t time.Time) uint64

+ func NormalizeUint32(v uint32) uint64

+ func NormalizeValue(v any) (uint64, error)

+ func UnwrapSingleDEK(ctx context.Context, config SessionConfig, wrappedDEK []byte, nonce []byte) ([]byte, error)

+ type EnclaveSecureSession struct

+ Attestation []byte

+ AttestationResult *verificationResult

+ AttestationVerified bool

+ ClientPriv [32]byte

+ ClientPub [32]byte

+ EnclavePubRaw []byte

+ ExpectedNonce []byte

+ ExpiresAt time.Time

+ SessionId string

+ SessionKey []byte

+ func InitEnclaveSecureSession(ctx context.Context, config SessionConfig) (*EnclaveSecureSession, error)

+ func (ess *EnclaveSecureSession) Close()

+ func (ess *EnclaveSecureSession) GenerateDEK(ctx context.Context, tableHash string, count int) (generatedDEKs []GeneratedDEK, iek []byte, err error)

+ func (ess *EnclaveSecureSession) GetAttestationInfo() map[string]any

+ func (ess *EnclaveSecureSession) GetTableIEK(ctx context.Context, tableHash string) ([]byte, error)

+ func (ess *EnclaveSecureSession) SessionUnwrap(ctx context.Context, items []enclaveproto.SessionUnwrapItem) (enclaveproto.SessionUnwrapResponse, error)

+ func (ess *EnclaveSecureSession) UnsealDEK(ctx context.Context, encryptedDEK []byte, nonce []byte, objectID string) ([]byte, error)

+ type GeneratedDEK struct

+ KMSEncryptedDEK []byte

+ MasterKeyEncryptedDEK []byte

+ MasterKeyNonce []byte

+ PlaintextDEK []byte

+ type SessionConfig struct

+ APIKey string

+ Endpoint string

+ ExpectedPCRs map[uint]string

+ HTTPTimeout time.Duration

+ MaxAttestationAge time.Duration

+ RootCA *x509.Certificate

+ TenantID string

+ VerifyPCRs bool