Documentation
¶
Overview ¶
Package local provides an in-memory AES-256-GCM encryption provider for testing. It stores master keys in memory and supports key revocation for crypto-shredding simulation.
This provider should NOT be used in production. Use the kms or vault providers instead.
Index ¶
- type Option
- type Provider
- func (p *Provider) AddKey(keyID string, key []byte) error
- func (p *Provider) Close() error
- func (p *Provider) Decrypt(_ context.Context, keyID string, ciphertext []byte) ([]byte, error)
- func (p *Provider) DecryptDataKey(_ context.Context, keyID string, encryptedKey []byte) ([]byte, error)
- func (p *Provider) Encrypt(_ context.Context, keyID string, plaintext []byte) ([]byte, error)
- func (p *Provider) GenerateDataKey(_ context.Context, keyID string) (*encryption.DataKey, error)
- func (p *Provider) RevokeKey(keyID string) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Provider ¶
type Provider struct {
// contains filtered or unexported fields
}
Provider is an in-memory AES-256-GCM encryption provider for testing. Keys are stored in memory and never persisted.
func (*Provider) AddKey ¶
AddKey adds a master key to the provider. The key must be exactly 32 bytes (AES-256).
func (*Provider) Decrypt ¶
Decrypt decrypts ciphertext using AES-256-GCM with the specified master key.
func (*Provider) DecryptDataKey ¶
func (p *Provider) DecryptDataKey(_ context.Context, keyID string, encryptedKey []byte) ([]byte, error)
DecryptDataKey decrypts a previously encrypted DEK using the master key.
func (*Provider) Encrypt ¶
Encrypt encrypts plaintext using AES-256-GCM with the specified master key.
func (*Provider) GenerateDataKey ¶
GenerateDataKey creates a new random 32-byte DEK and encrypts it with the master key.
Source Files