dbcrypt

package
v2.10.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 22, 2024 License: AGPL-3.0 Imports: 14 Imported by: 0

Documentation

Overview

Package dbcrypt provides a database.Store wrapper that encrypts/decrypts values stored at rest in the database.

Encryption is done using Ciphers, which is an abstraction over a set of encryption keys. Each key has a unique identifier, which is used to uniquely identify the key whilst maintaining secrecy.

Currently, AES-256-GCM is the only implemented cipher mode. The Cipher is currently used to encrypt/decrypt the following fields: - database.UserLink.OAuthAccessToken - database.UserLink.OAuthRefreshToken - database.GitAuthLink.OAuthAccessToken - database.GitAuthLink.OAuthRefreshToken - database.DBCryptSentinelValue

Multiple ciphers can be provided to support key rotation. The primary cipher is used to encrypt and decrypt all data. Secondary ciphers are only used for decryption and, as a general rule, should only be active when rotating keys.

Encryption keys are stored in the database in the table `dbcrypt_keys`. The table has the following schema:

  • number: the key number. This is used to avoid conflicts when rotating keys.
  • created_at: the time the key was created.
  • active_key_digest: the SHA256 digest of the active key. If null, the key has been revoked.
  • revoked_key_digest: the SHA256 digest of the revoked key. If null, the key has not been revoked.
  • revoked_at: the time the key was revoked. If null, the key has not been revoked.
  • test: the encrypted value of the string "coder". This is used to ensure that the key is valid.

Encrypted fields are stored in the database as a base64-encoded string. Each encrypted column MUST have a corresponding _key_id column that is a foreign key reference to `dbcrypt_keys.active_key_digest`. This ensures that a key cannot be revoked until all rows that use that key have been migrated to a new key.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Decrypt 

func Decrypt(ctx context.Context, log slog.Logger, sqlDB *sql.DB, ciphers []Cipher) error

Decrypt decrypts all user tokens and revokes all ciphers.

func Delete 

func Delete(ctx context.Context, log slog.Logger, sqlDB *sql.DB) error

Delete deletes all user tokens and revokes all ciphers. This is a destructive operation and should only be used as a last resort, for example, if the database encryption key has been lost.

func New 

func New(ctx context.Context, db database.Store, ciphers ...Cipher) (database.Store, error)

New creates a database.Store wrapper that encrypts/decrypts values stored at rest in the database.

func Rotate 

func Rotate(ctx context.Context, log slog.Logger, sqlDB *sql.DB, ciphers []Cipher) error

Rotate rotates the database encryption keys by re-encrypting all user tokens with the first cipher and revoking all other ciphers.

Types

type Cipher 

type Cipher interface {
	Encrypt([]byte) ([]byte, error)
	Decrypt([]byte) ([]byte, error)
	HexDigest() string
}

func NewCiphers 

func NewCiphers(keys ...[]byte) ([]Cipher, error)

NewCiphers is a convenience function for creating multiple ciphers. It currently only supports AES-256-GCM.

type DecryptFailedError 

type DecryptFailedError struct {
	Inner error
}

DecryptFailedError is returned when decryption fails.

func (*DecryptFailedError) Error 

func (e *DecryptFailedError) Error() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.