encryption

package
v0.8.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 18, 2025 License: Apache-2.0 Imports: 6 Imported by: 1

Documentation

Overview

Package encryption provides encryption and decryption functions, while abstracting away key management concerns. Uses AES-GCM encryption, with key rotation, keeping keys in memory.

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrKeyNotFound = errors.New("data key not found")
)

Functions

This section is empty.

Types

type Manager 

type Manager struct {
	// contains filtered or unexported fields
}

Manager uses AES-GCM encryption and keeps in memory the data encryption keys. The active encryption key is automatically rotated once it has been used over a certain amount of times - defined by maxWriteCount.

func NewManager 

func NewManager() (*Manager, error)

NewManager returns Manager, which satisfies db.Encryptor and db.Decryptor

func (*Manager) Decrypt 

func (m *Manager) Decrypt(edata, nonce []byte, keyID uint32) ([]byte, error)

Decrypt accepts a chunk of encrypted data, the nonce used to encrypt it and the ID of the used key (as it rotates). It returns the decrypted data or an error.

func (*Manager) Encrypt 

func (m *Manager) Encrypt(data []byte) ([]byte, []byte, uint32, error)

Encrypt encrypts the specified data, returning: the encrypted data, the nonce used to encrypt the data, and an ID identifying the key that was used (as it rotates). On failure error is returned instead.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.