crypto

package

v0.9.0 Latest Latest Go to latest Published: Mar 27, 2026 License: Apache-2.0 Imports: 8 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/ultravioletrs/cocos

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func DecryptAESGCM(ciphertext, key, iv, tag, aad []byte) ([]byte, error)
func DecryptWithWrappedKey(encryptedResource EncryptedResource, privateKey *ecdh.PrivateKey) ([]byte, error)
type EncryptedResource
- func ParseEncryptedResource(data []byte) (*EncryptedResource, error)
type EphemeralPublicKey

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrDecryptionFailed indicates a decryption operation failed.
	ErrDecryptionFailed = errors.New("decryption failed")
	// ErrInvalidKey indicates the provided key is invalid.
	ErrInvalidKey = errors.New("invalid decryption key")
	// ErrInvalidCiphertext indicates the ciphertext is invalid or corrupted.
	ErrInvalidCiphertext = errors.New("invalid ciphertext")
	// ErrInvalidFormat indicates the encrypted resource format is invalid.
	ErrInvalidFormat = errors.New("invalid encrypted resource format")
)

Functions ¶

func DecryptAESGCM ¶

func DecryptAESGCM(ciphertext, key, iv, tag, aad []byte) ([]byte, error)

DecryptAESGCM decrypts data using AES-GCM with the provided key. This is used when the decryption key is provided directly (not wrapped).

func DecryptWithWrappedKey ¶

func DecryptWithWrappedKey(encryptedResource EncryptedResource, privateKey *ecdh.PrivateKey) ([]byte, error)

DecryptWithWrappedKey decrypts data using a wrapped key and ECDH key derivation. This matches the KBS encryption format with ephemeral key exchange.

Types ¶

type EncryptedResource ¶

type EncryptedResource struct {
	// Ciphertext is the encrypted data.
	Ciphertext []byte `json:"ciphertext"`
	// EncryptedKey is the wrapped encryption key.
	EncryptedKey []byte `json:"encrypted_key"`
	// IV is the initialization vector for AES-GCM.
	IV []byte `json:"iv"`
	// Tag is the authentication tag for AES-GCM.
	Tag []byte `json:"tag"`
	// AAD is the additional authenticated data.
	AAD []byte `json:"aad,omitempty"`
	// EPK is the ephemeral public key for ECDH key derivation.
	EPK *EphemeralPublicKey `json:"epk,omitempty"`
}

EncryptedResource represents an encrypted resource from KBS. This matches the format used by Confidential Containers KBS.

func ParseEncryptedResource ¶

func ParseEncryptedResource(data []byte) (*EncryptedResource, error)

ParseEncryptedResource parses a JSON-encoded encrypted resource.

type EphemeralPublicKey ¶

type EphemeralPublicKey struct {
	// Curve is the elliptic curve (should be "P-256").
	Curve string `json:"crv"`
	// X is the X coordinate of the public key.
	X string `json:"x"`
	// Y is the Y coordinate of the public key.
	Y string `json:"y"`
}

EphemeralPublicKey represents an ephemeral EC P-256 public key.

Source Files ¶

View all Source files

decrypt.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL