Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func LoadOrGenerateKEK ¶
func LoadOrGenerateKEK(opts KEKOptions) ([]byte, error)
LoadOrGenerateKEK loads a 32-byte KEK according to options. File/env values are expected to be base64-encoded 32 bytes. If Source is generated or GenerateIfMissing is true, a new random key will be produced and, if FilePath is set, persisted with permissions 0600.
func RandomBytes ¶
RandomBytes returns n cryptographically-secure random bytes.
Types ¶
type AEADCipher ¶
type AEADCipher struct {
// contains filtered or unexported fields
}
AEADCipher provides authenticated encryption with associated data (AEAD) using AES-256-GCM.
func NewAEADCipher ¶
func NewAEADCipher(key []byte) (*AEADCipher, error)
NewAEADCipher creates a new AEAD cipher with the provided 32-byte key.
func (*AEADCipher) Decrypt ¶
func (a *AEADCipher) Decrypt(data, aad []byte) ([]byte, error)
Decrypt decrypts data produced by Encrypt. Input must be nonce||ciphertext.
func (*AEADCipher) Encrypt ¶
func (a *AEADCipher) Encrypt(plaintext, aad []byte) ([]byte, error)
Encrypt encrypts plaintext with optional associated data (aad). It returns nonce||ciphertext, where nonce is 12 random bytes.
func (*AEADCipher) Zeroize ¶
func (a *AEADCipher) Zeroize()
Zeroize attempts to clear key material from memory.
Source Files