Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DecryptMessage ¶
func DecryptMessage(ctx context.Context, keyspec string, encMessage *EncodedMessage, w io.Writer) error
DecryptMessage takes a Cloud KMS keyspec, a pointer to an EncodedMessage, and writes the decrypted message to the Writer w, returning an error if any. keyspec is formated as project/{project_id}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}.
Types ¶
type EncodedMessage ¶
type EncodedMessage struct { EncryptedKey []byte `json:"encrypted_key,omitempty"` Ciphertext []byte `json:"ciphertext,omitempty"` }
EncodedMessage is a structure which containes an encrypted key as well as the encrypted ciphertext. It can be serialized to JSON.
func EncryptMessage ¶
func EncryptMessage(ctx context.Context, keyspec string, message io.Reader) (*EncodedMessage, error)
EncryptMessage encrypts the data from the message Reader using a random encryption key, and then encrypts that key using the GCP CloudKMS key represented by keyspec. keyspec should be in the format project/{project_id}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}. The function returns an EncodedMessage and an error if there is an error.
type EnvelopeKey ¶
EnvelopeKey contains both an unencrypted and encrypted version of the encryption key for a message.