GO-2024-2451: IV collision in github.com/bincyber/go-sqlcrypter

aesgcm

package

v0.2.0 Latest Latest Go to latest Published: Nov 11, 2022 License: MIT Imports: 6 Imported by: 2

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/bincyber/go-sqlcrypter

Links

Open Source Insights

README ¶

AES GCM

256-bit AES in Galois/Counter Mode (GCM)

Example

package main

import (
	"github.com/bincyber/go-sqlcrypter"
	"github.com/bincyber/go-sqlcrypter/aesgcm"
)

func main() {
	s := "32-byte-hex-encoded-data-encryption-key-here"

	key, err := hex.DecodeString(s)
	if err != nil {
		// handle error
	}

	aesCrypter, err := aesgcm.New(key, nil)
	if err != nil {
		// handle error
	}
	sqlcrypter.Init(aesCrypter)
}

Key Rotation

AESCrypter supports key rotation by allowing two data encryption keys (DEKs) to be specified during initialization. When aesgcm.New() is called with two DEKs, the first key is used to encrypt (and decrypt) any new data, while the second key is only used to decrypt existing data.

Note: Before the old key can stop being used, any existing data must be re-encrypted with the new key by running Update queries over the database records. Handling this is out of scope for this library.

Documentation ¶

Index ¶

func New(key []byte, previousKey []byte) (sqlcrypter.Crypterer, error)
type AESCrypter
- func (a *AESCrypter) Decrypt(w io.Writer, r io.Reader) error
- func (a *AESCrypter) Encrypt(w io.Writer, r io.Reader) error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func New ¶

func New(key []byte, previousKey []byte) (sqlcrypter.Crypterer, error)

New initializes the AES GCM crypter with the provided data encryption key (DEK). To support key rotation, a previous DEK can optionally be provided. If the previous DEK is set, it is only used for decryption. Any new data is encrypted with the current DEK.

Types ¶

type AESCrypter ¶

type AESCrypter struct {
	// contains filtered or unexported fields
}

AESCrypter is an implementation of the Crypterer interface using 256-bit AES in Galeious Counter Mode with support for key rotation.

func (*AESCrypter) Decrypt ¶

func (a *AESCrypter) Decrypt(w io.Writer, r io.Reader) error

Decrypt decrypts ciphertext to plaintext. It first attempts to decrypt using the previous DEK if specified, followed by the current DEK.

func (*AESCrypter) Encrypt ¶

func (a *AESCrypter) Encrypt(w io.Writer, r io.Reader) error

Encrypt encrypts plaintext to ciphertext using the current DEK.

Source Files ¶

View all Source files

aes.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL