encryption

package
v1.12.1-0...-676f45f Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 14, 2022 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var NoopCrypter = noopCrypter{}

NoopCrypter is just a pass-through crypter - it does not actually encrypt or decrypt any data

Functions

func Decrypt 

func Decrypt(encryptd []byte, decrypter Decrypter) ([]byte, error)

Decrypt turns a slice of bytes serialized as an MaybeEncryptedRecord into a slice of plaintext bytes

func Defaults 

func Defaults(key []byte, fips bool) (Encrypter, Decrypter)

Defaults returns a default encrypter and decrypter. If the FIPS parameter is set to true, the only algorithm supported on both the encrypter and decrypter will be fernet.

func Encrypt 

func Encrypt(plaintext []byte, encrypter Encrypter) ([]byte, error)

Encrypt turns a slice of bytes into a serialized MaybeEncryptedRecord slice of bytes

func GenerateSecretKey 

func GenerateSecretKey() []byte

GenerateSecretKey generates a secret key that can be used for encrypting data using this package

func HumanReadableKey 

func HumanReadableKey(key []byte) string

HumanReadableKey displays a secret key in a human readable way

func ParseHumanReadableKey 

func ParseHumanReadableKey(key string) ([]byte, error)

ParseHumanReadableKey returns a key as bytes from recognized serializations of said keys

Types

type Decrypter 

type Decrypter interface {
	Decrypt(api.MaybeEncryptedRecord) ([]byte, error)
}

A Decrypter can decrypt an encrypted record

type Encrypter 

type Encrypter interface {
	Encrypt(data []byte) (*api.MaybeEncryptedRecord, error)
}

A Encrypter can encrypt some bytes into an encrypted record

type ErrCannotDecrypt 

type ErrCannotDecrypt struct {
	// contains filtered or unexported fields
}

ErrCannotDecrypt is the type of error returned when some data cannot be decryptd as plaintext

func (ErrCannotDecrypt) Error 

func (e ErrCannotDecrypt) Error() string

type Fernet 

type Fernet struct {
	// contains filtered or unexported fields
}

Fernet wraps the `fernet` library as an implementation of encrypter/decrypter.

func NewFernet 

func NewFernet(key []byte) Fernet

NewFernet returns a new Fernet encrypter/decrypter with the given key

func (Fernet) Algorithm 

func (f Fernet) Algorithm() api.MaybeEncryptedRecord_Algorithm

Algorithm returns the type of algorithm this is (Fernet, which uses AES128-CBC)

func (Fernet) Decrypt 

func (f Fernet) Decrypt(record api.MaybeEncryptedRecord) ([]byte, error)

Decrypt decrypts a MaybeEncryptedRecord and returns some bytes

func (Fernet) Encrypt 

func (f Fernet) Encrypt(data []byte) (*api.MaybeEncryptedRecord, error)

Encrypt encrypts some bytes and returns an encrypted record

type MultiDecrypter 

type MultiDecrypter struct {
	// contains filtered or unexported fields
}

MultiDecrypter is a decrypter that will attempt to decrypt with multiple decrypters. It references them by algorithm, so that only the relevant decrypters are checked instead of every single one. The reason for multiple decrypters per algorithm is to support hitless encryption key rotation.

For raft encryption for instance, during an encryption key rotation, it's possible to have some raft logs encrypted with the old key and some encrypted with the new key, so we need a decrypter that can decrypt both.

func NewMultiDecrypter 

func NewMultiDecrypter(decrypters ...Decrypter) MultiDecrypter

NewMultiDecrypter returns a new MultiDecrypter given multiple Decrypters. If any of the Decrypters are also MultiDecrypters, they are flattened into a single map, but it does not deduplicate any decrypters. Note that if something is neither a MultiDecrypter nor a specificDecrypter, it is ignored.

func (MultiDecrypter) Decrypt 

func (m MultiDecrypter) Decrypt(r api.MaybeEncryptedRecord) ([]byte, error)

Decrypt tries to decrypt using any decrypters that match the given algorithm.

type NACLSecretbox 

type NACLSecretbox struct {
	// contains filtered or unexported fields
}

NACLSecretbox is an implementation of an encrypter/decrypter. Encrypting generates random Nonces.

func NewNACLSecretbox 

func NewNACLSecretbox(key []byte) NACLSecretbox

NewNACLSecretbox returns a new NACL secretbox encrypter/decrypter with the given key

func (NACLSecretbox) Algorithm 

func (n NACLSecretbox) Algorithm() api.MaybeEncryptedRecord_Algorithm

Algorithm returns the type of algorithm this is (NACL Secretbox using XSalsa20 and Poly1305)

func (NACLSecretbox) Decrypt 

func (n NACLSecretbox) Decrypt(record api.MaybeEncryptedRecord) ([]byte, error)

Decrypt decrypts a MaybeEncryptedRecord and returns some bytes

func (NACLSecretbox) Encrypt 

func (n NACLSecretbox) Encrypt(data []byte) (*api.MaybeEncryptedRecord, error)

Encrypt encrypts some bytes and returns an encrypted record

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.