README
¶
moov-io/cryptfs
Moov's mission is to give developers an easy way to create and integrate bank processing into their own software products. Our open source projects are each focused on solving a single responsibility in financial services and designed around performance, scalability, and ease of use.
cryptfs implements Go's io/fs.FS interface for interacting with the local filesystem to transparently encrypt/decrypt files. This is useful as a library because it offers applications a well tested routine for keeping data protected.
Project Status
cryptfs is included in multiple open-source projects Moov offers and is used in production environments. Please star the project if you are interested in its progress. If you find any bugs or desire additional encryption/encoding algorithms we would appreciate an issue or pull request. Thanks!
Usage
Cryptfs supports AES and GPG for encryption and Base64 (Standard Raw) encoding. Currently cryptfs is usable as a Go library in your applications. This needs to be initialized prior to reading or writing any files.
AES Cryptor
key := []byte("1234567812345678")) // insecure key
fsys, err := cryptfs.FromCryptor(cryptfs.NewAESCryptor(key))
if err != nil {
// do something
}
fsys.SetCoder(cryptfs.Base64()) // optional, default is the raw bytes
GPG Cryptor
fsys, err := cryptfs.FromCryptor(cryptfs.NewGPGCryptorFile(publicKeyPath, privateKeyPath, password))
if err != nil {
// do something
}
fsys.SetCoder(cryptfs.Base64()) // optional, default is the raw bytes
Once initialized you can perform open/read and write operations.
Open
file, err := fsys.Open(path)
if err != nil {
// do something
}
ReadFile
plaintext, err := fsys.ReadFile(path)
if err != nil {
// do something
}
WriteFile
err := fsys.WriteFile(path, data, 0600)
if err != nil {
// do something
}
Command Line
Moov offers a command line tool for using this library as well. It's handy for operational debugging and testing.
Getting help
| channel | info |
|---|---|
| Twitter @moov | You can follow Moov.io's Twitter feed to get updates on our project(s). You can also tweet us questions or just share blogs or stories. |
| GitHub Issue | If you are able to reproduce a problem please open a GitHub Issue under the specific project that caused the error. |
| moov-io slack | Join our slack channel to have an interactive discussion about the development of the project. |
Supported and tested platforms
- 64-bit Linux (Ubuntu, Debian), macOS, and Windows
Contributing
Yes please! Please review our Contributing guide and Code of Conduct to get started! Checkout our issues for first time contributors for something to help out with.
This project uses Go Modules and Go v1.18 or newer. See Golang's install instructions for help setting up Go. You can download the source code and we offer tagged and released versions as well. We highly recommend you use a tagged release for production.
License
Apache License 2.0 - See LICENSE for details.
Documentation
¶
Index ¶
- type AESConfig
- type AESCryptor
- type Coder
- type CompressionConfig
- type Compressor
- type Config
- type Cryptor
- func NewGPGCryptor(publicKey, privateKey io.Reader, password []byte) (Cryptor, error)
- func NewGPGCryptorFile(publicKeyPath, privateKeyPath string, password []byte) (Cryptor, error)
- func NewGPGDecryptor(data io.Reader, password []byte) (Cryptor, error)
- func NewGPGDecryptorFile(path string, password []byte) (Cryptor, error)
- func NewGPGEncryptor(data io.Reader) (Cryptor, error)
- func NewGPGEncryptorFile(path string) (Cryptor, error)
- func NoEncryption() Cryptor
- type EncodingConfig
- type EncryptionConfig
- type FS
- func (fsys *FS) Disfigure(plaintext []byte) ([]byte, error)
- func (fsys *FS) Open(name string) (fs.File, error)
- func (fsys *FS) ReadFile(name string) ([]byte, error)
- func (fsys *FS) Reveal(encodedBytes []byte) ([]byte, error)
- func (fsys *FS) SetCoder(coder Coder)
- func (fsys *FS) SetCompression(compressor Compressor)
- func (fsys *FS) WriteFile(filepath string, plaintext []byte, perm fs.FileMode) error
- type GPGConfig
- type GPGCryptor
- type GzipConfig
- type KubernetesConfig
- type TokenConfig
- type VaultConfig
- type VaultCryptor
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AESCryptor ¶
type AESCryptor struct {
// contains filtered or unexported fields
}
func NewAESCryptor ¶
func NewAESCryptor(key []byte) (*AESCryptor, error)
NewAESCryptor returns an Cryptor which performs AES encryption/decryption.
The key must be 16, 24, or 32 bytes to select AES-128, AES-192, or AES-256.
type Coder ¶
type Coder interface {
// contains filtered or unexported methods
}
Coder is an interface describing two operations which transform data into another format. This can be done to compress or disfigure bytes.
func Base64 ¶
func Base64() Coder
Base64 is a Coder which transforms data following RFC 4648 section 3.2. There are no padding characters added or accepted by this Coder.
type CompressionConfig ¶ added in v0.6.0
type CompressionConfig struct {
Gzip *GzipConfig `json:"gzip" yaml:"gzip"`
}
type Compressor ¶ added in v0.5.0
type Compressor interface {
// contains filtered or unexported methods
}
func Gzip ¶ added in v0.5.0
func Gzip() Compressor
func GzipLevel ¶ added in v0.5.0
func GzipLevel(level int) Compressor
GzipLevel allows callers to specify the compression level. Refer to compress/gzip.DefaultCompression and other values for more details.
func GzipRequired ¶ added in v0.5.0
func GzipRequired(level int) Compressor
GzipRequired forces the Compressor to only allow gzipped data to be decompressed.
Refer to compress/gzip.DefaultCompression and other values for more details on levels.
func NoCompression ¶ added in v0.5.0
func NoCompression() Compressor
type Config ¶ added in v0.6.0
type Config struct {
Compression CompressionConfig `json:"compression" yaml:"compression"`
Encryption EncryptionConfig `json:"encryption" yaml:"encryption"`
Encoding EncodingConfig `json:"encoding" yaml:"encoding"`
}
type Cryptor ¶
type Cryptor interface {
// contains filtered or unexported methods
}
func NewGPGCryptor ¶ added in v0.4.0
func NewGPGCryptorFile ¶ added in v0.4.0
func NewGPGDecryptor ¶ added in v0.4.0
func NewGPGDecryptorFile ¶ added in v0.4.0
func NewGPGEncryptorFile ¶ added in v0.4.0
func NoEncryption ¶ added in v0.6.0
func NoEncryption() Cryptor
type EncodingConfig ¶ added in v0.6.0
type EncodingConfig struct {
Base64 bool `json:"base64" yaml:"base64"`
}
type EncryptionConfig ¶ added in v0.6.0
type EncryptionConfig struct {
AES *AESConfig `json:"aes" yaml:"aes"`
GPG *GPGConfig `json:"gpg" yaml:"gpg"`
Vault *VaultConfig `json:"vault" yaml:"vault"`
}
type FS ¶
type FS struct {
// contains filtered or unexported fields
}
func FromConfig ¶ added in v0.6.0
func FromCryptor ¶
FromCryptor returns an FS instance and allows passing the results of creating a Cryptor directly as the arguments.
func (*FS) SetCompression ¶ added in v0.5.0
func (fsys *FS) SetCompression(compressor Compressor)
type GPGCryptor ¶ added in v0.4.0
type GPGCryptor struct {
// contains filtered or unexported fields
}
type GzipConfig ¶ added in v0.6.0
type KubernetesConfig ¶ added in v0.7.0
type KubernetesConfig struct {
Path string `json:"path" yaml:"path"`
}
type TokenConfig ¶ added in v0.7.0
type TokenConfig struct {
Token string `json:"token" yaml:"token"`
}
type VaultConfig ¶ added in v0.7.0
type VaultConfig struct {
Address string `json:"address" yaml:"address"`
Token *TokenConfig `json:"token" yaml:"token"`
Kubernetes *KubernetesConfig `json:"kubernetes" yaml:"kubernetes"`
// KeyName is the named transit key to use
KeyName string `json:"keyName" yaml:"keyName"`
}
type VaultCryptor ¶ added in v0.7.0
type VaultCryptor struct {
// contains filtered or unexported fields
}
func NewVaultCryptor ¶ added in v0.7.0
func NewVaultCryptor(conf VaultConfig) (*VaultCryptor, error)
func (*VaultCryptor) Healthy ¶ added in v0.7.0
func (v *VaultCryptor) Healthy() error
Source Files
Directories