cryptval

package module
v0.0.0-...-fba932a Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 2, 2017 License: BSD-2-Clause Imports: 7 Imported by: 0

README

Introduction

Build Status GoDoc

cryptval helps to encrypt and decrypt database values in Go by implementing the database/sql/.Scanner and database/sql/driver.Valuer interfaces.

It's goal is to encrypt only a single or a few database fields, such as OAuth tokens for a user, or other sensitive information. I.e. it's not suitable to store all contents encrypted.

The ciphertext is stored in the database and is base64 encoded, therefore the column's data type must be able to store this, such as TEXT.

The cryptography is copied from https://github.com/gtank/cryptopasta and has the issue outlined: https://github.com/gtank/cryptopasta/issues/14

Installation

go get -u github.com/bradleyfalzon/cryptval

Encrypt Example

key := []byte{0x4f, 0x25, 0xcc, 0xf0, 0xcb, 0x5d, 0xc6, 0x7a, 0x26, 0x1f, 0x13, 0xc4, 0x72, 0x9d, 0x54, 0xc9, 0x9a, 0x9e, 0xfd, 0xf1, 0x6a, 0xe9, 0x45, 0x7f, 0x2e, 0x33, 0xfe, 0xca, 0x80, 0x71, 0x6d, 0x79}
plaintext := []byte("some-secret")
secret := cryptval.New(cryptval.NewGCM256(key)).EncryptBytes(plaintext)

_, err = db.Exec("INSERT INTO cv (secret) VALUES (?)", secret)
if err != nil {
	log.Fatalln("unexpected error:", err)
}

Decrypt Example

key := []byte{0x4f, 0x25, 0xcc, 0xf0, 0xcb, 0x5d, 0xc6, 0x7a, 0x26, 0x1f, 0x13, 0xc4, 0x72, 0x9d, 0x54, 0xc9, 0x9a, 0x9e, 0xfd, 0xf1, 0x6a, 0xe9, 0x45, 0x7f, 0x2e, 0x33, 0xfe, 0xca, 0x80, 0x71, 0x6d, 0x79}
secret := cryptval.New(cryptval.NewGCM256(key))
err := db.QueryRow("SELECT name FROM cv").Scan(name)

if err != nil {
	log.Fatalln("unexpected error:", err)
}
log.Println("secret (plaintext):", secret)

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Cipher 

type Cipher interface {
	Encrypt(plaintext []byte) (ciphertext []byte, err error)
	Decrypt(ciphertext []byte) (plaintext []byte, err error)
}

A Cipher encrypts plaintext or decrypts ciphertext.

func NewGCM256 

func NewGCM256(key [32]byte) Cipher

NewGCM256 returns a Cipher using AES-256 in Galois/Counter Mode.

type CryptVal 

type CryptVal struct {
	Plaintext []byte
	// contains filtered or unexported fields
}

A CryptVal is used to encrypt values for storage in a database, and decrypts them, storing the plaintext in Plaintext.

func New 

func New(cipher Cipher) *CryptVal

New returns a CryptVal with the chosen cipher.

func (*CryptVal) EncryptBytes 

func (s *CryptVal) EncryptBytes(plaintext []byte) *CryptVal

EncryptBytes sets plaintext to be encrypted. Returns itself to support fluent syntax.

func (*CryptVal) Scan 

func (s *CryptVal) Scan(value interface{}) error

Scan implements the Scanner interface by decrypting value and storing the result in s.Bytes.

func (CryptVal) Value 

func (s CryptVal) Value() (driver.Value, error)

Value implements the driver Valuer interface by encrypting s.Bytes and returning the ciphertext.

type GCM 

type GCM struct {
	// contains filtered or unexported fields
}

GCM is a cipher using AES in Galois/Counter Mode.

func (GCM) Decrypt 

func (c GCM) Decrypt(ciphertext []byte) ([]byte, error)

Decrypt implements the Cipher interface.

See: https://github.com/gtank/cryptopasta/blob/bc3a108a5776376aa811eea34b93383837994340/encrypt.go#L60-L80

func (GCM) Encrypt 

func (c GCM) Encrypt(plaintext []byte) (ciphertext []byte, err error)

Encrypt implements the Cipher interface.

See: https://github.com/gtank/cryptopasta/blob/bc3a108a5776376aa811eea34b93383837994340/encrypt.go#L37-L55

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.