Documentation ¶
Overview ¶
Package kfstore provides a self-contained encrypted data store for sensitive data managed by keyfish. A Store is packaged as a JSON object containing an encrypted database packet.
Index ¶
Constants ¶
const AccessKeyLen = chacha20poly1305.KeySize // 32 bytes
AccessKeyLen is the required length in bytes of an access key.
const Format = "ks1"
Format is the storage format label supported by this package.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type KeyFunc ¶
KeyFunc is a function that takes a salt value as input and returns an encryption key.
type Store ¶
type Store[DB any] struct { // contains filtered or unexported fields }
A Store is the encoded form of a database in persistent storage.
The contents of a store are encoded as a JSON object, inside which the database is encrypted with chacha20poly1305 using the AEAD construction and a randomly-generated data key. The data key is itself encrypted (using the same construction) with a caller-provided access key, and stored alongside the data.
The concrete type of DB must be JSON-marshalable.
func New ¶
New creates a new store using accessKey to encrypt the store key.
If the accessKey was generated using a key-derivation function, the salt value for the KDF may be passed as keySalt, and it will be stored in plain text alongside the data. This value is made available to the caller when the store is reopened. It is optional and may be nil or empty.
If init != nil, it is used as the initial database for the store; otherwise an empty DB is created.
func Open ¶
Open opens a Store from the contents of r. Open calls accessKey with the stored key derivation salt (which may be empty) to obtain the access key, which is used to decrypt the stored data.