Documentation
¶
Overview ¶
Package crypto provides field-level encryption for fabriq (e.g. blob_source credentials). It is core-pure: stdlib only, zero TwinOS knowledge.
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // ErrNotConfigured is returned by callers when encryption is required but no // key was configured. ErrNotConfigured = errors.New("fabriq: encryption not configured") // ErrKeyVersion is returned when a ciphertext's key-version byte is unknown. ErrKeyVersion = errors.New("fabriq: ciphertext key version not recognized") )
Functions ¶
This section is empty.
Types ¶
type AESGCM ¶
type AESGCM struct {
// contains filtered or unexported fields
}
AESGCM implements Encryptor with AES-256-GCM. Envelope layout:
[1-byte keyVersion][12-byte nonce][ciphertext+tag]
type Encryptor ¶
type Encryptor interface {
Encrypt(plaintext, aad []byte) ([]byte, error)
Decrypt(ciphertext, aad []byte) ([]byte, error)
}
Encryptor encrypts and decrypts opaque byte fields. aad (additional authenticated data) binds the ciphertext to its context (e.g. the tenant id) so a stolen ciphertext cannot be replayed into another row; the SAME aad must be supplied to Decrypt.
Source Files
Click to show internal directories.
Click to hide internal directories.