kfstore

package

v0.0.44 Latest Latest Go to latest Published: Mar 11, 2024 License: BSD-3-Clause Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/creachadair/keyfish

Links

Open Source Insights

Documentation ¶

Overview ¶

Package kfstore provides a self-contained encrypted data store for sensitive data managed by keyfish. A Store is packaged as a JSON object containing an encrypted database packet.

Index ¶

Constants
type KeyFunc
- func AccessKey[S ~string | ~[]byte](key S) KeyFunc
type Store
- func New[DB any](accessKey, keySalt []byte, init *DB) (*Store[DB], error)
- func Open[DB any](r io.Reader, accessKey KeyFunc) (*Store[DB], error)
- func (s *Store[DB]) DB() *DB
- func (s *Store[DB]) WriteTo(w io.Writer) (int64, error)

Constants ¶

View Source

const AccessKeyLen = chacha20poly1305.KeySize // 32 bytes

AccessKeyLen is the required length in bytes of an access key.

View Source

const Format = "ks1"

Format is the storage format label supported by this package.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type KeyFunc ¶

type KeyFunc func(salt []byte) []byte

KeyFunc is a function that takes a salt value as input and returns an encryption key.

func AccessKey ¶

func AccessKey[S ~string | ~[]byte](key S) KeyFunc

AccessKey returns a KeyFunc that ignores its argument and returns the specified string as the key. It is a convenience wrapper for passing pre-generated key.

type Store ¶

type Store[DB any] struct {
	// contains filtered or unexported fields
}

A Store is the encoded form of a database in persistent storage.

The contents of a store are encoded as a JSON object, inside which the database is encrypted with chacha20poly1305 using the AEAD construction and a randomly-generated data key. The data key is itself encrypted (using the same construction) with a caller-provided access key, and stored alongside the data.

The concrete type of DB must be JSON-marshalable.

func New ¶

func New[DB any](accessKey, keySalt []byte, init *DB) (*Store[DB], error)

New creates a new store using accessKey to encrypt the store key.

If the accessKey was generated using a key-derivation function, the salt value for the KDF may be passed as keySalt, and it will be stored in plain text alongside the data. This value is made available to the caller when the store is reopened. It is optional and may be nil or empty.

If init != nil, it is used as the initial database for the store; otherwise an empty DB is created.

func Open ¶

func Open[DB any](r io.Reader, accessKey KeyFunc) (*Store[DB], error)

Open opens a Store from the contents of r. Open calls accessKey with the stored key derivation salt (which may be empty) to obtain the access key, which is used to decrypt the stored data.

func (*Store[DB]) DB ¶

func (s *Store[DB]) DB() *DB

DB returns the database associated with s. The result is never nil. If s == nil or points to an invalid Store, DB panics.

func (*Store[DB]) WriteTo ¶

func (s *Store[DB]) WriteTo(w io.Writer) (int64, error)

WriteTo encodes and encrypts the current contents of s and writes it to w.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL