securestring

package

v0.85.0-pre.1 Latest Latest Go to latest Published: Feb 15, 2026 License: BSD-3-Clause Imports: 4 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/vormadev/vorma

Links

Open Source Insights

README ¶

kit/securestring

github.com/vormadev/vorma/kit/securestring

String-oriented encryption wrapper over kit/securebytes.

It serializes a value to encrypted bytes and returns base64 text, which is useful for cookies, headers, and JSON fields.

Import

import "github.com/vormadev/vorma/kit/securestring"

Quick Start

keys := getKeyset() // *keyset.Keyset

sealed, err := securestring.Serialize(keys, map[string]string{"uid": "u-1"})
if err != nil {
	return err
}

payload, err := securestring.Parse[map[string]string](keys, sealed)
if err != nil {
	return err
}
_ = payload

Relationship to `securebytes`

securebytes is the core crypto/serialization layer.
securestring adds base64 encoding/decoding.

Inherited behavior from securebytes:

key rotation support via ordered keysets
ciphertext integrity checks
gob serialization constraints (for example concrete type registration for interface payloads)

Size Limits

MaxBase64Size is the maximum accepted encoded input size for Parse.
Empty input is rejected.
Oversized base64 input is rejected before decode.
Invalid base64 input returns an error.

MaxBase64Size is derived from securebytes.MaxSize using base64 expansion math.

API Reference

const MaxBase64Size
type SecureString string
func Serialize(ks *keyset.Keyset, rv securebytes.RawValue) (SecureString, error)
func Parse[T any](ks *keyset.Keyset, ss SecureString) (T, error)

Documentation ¶

Overview ¶

This package assumes that the caller's use case is not sensitive to timing attacks. In other words, it assumes that, even if an attacker can figure out the current index of the secret key originally used to encrypt the data, that information would not be materially useful to them. This is a reasonable assumption for most use cases. This is a light base64 wrapper over the "securebytes" package.

Index ¶

Constants
func Parse[T any](ks *keyset.Keyset, ss SecureString) (T, error)
type SecureString
- func Serialize(ks *keyset.Keyset, rv securebytes.RawValue) (SecureString, error)

Constants ¶

View Source

const MaxBase64Size = ((securebytes.MaxSize + 2) / 3) * 4

Variables ¶

This section is empty.

Functions ¶

func Parse ¶

func Parse[T any](ks *keyset.Keyset, ss SecureString) (T, error)

Types ¶

type SecureString ¶

type SecureString string // Base64-encoded, encrypted value

func Serialize ¶

func Serialize(ks *keyset.Keyset, rv securebytes.RawValue) (SecureString, error)

Source Files ¶

View all Source files

securestring.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL