crypto

package module

v1.0.0 Latest Latest Go to latest Published: Dec 30, 2019 License: Apache-2.0 Imports: 19 Imported by: 13

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/nortonlifelock/crypto

README ¶

crypto

Documentation ¶

Index ¶

Constants
func DecryptSourceConfig(ms domain.DatabaseConnection, sourceConfig domain.SourceConfig, config config) (domain.SourceConfig, error)
func Hash(in string) string
type AESClient
- func (client *AESClient) Decrypt(in string) (out string, err error)
- func (client *AESClient) Encrypt(in string) (out string, err error)
type Client
type KMSClient
- func CreateKMSClientWithProfile(keyID string, profile string) (client *KMSClient, err error)
- func (kmsClient *KMSClient) Decrypt(encryptedText string) (message string, err error)
- func (kmsClient *KMSClient) Encrypt(message string) (encryptedString string, err error)

Constants ¶

View Source

const (
	// EncryptMode tells KMS to perform an encryption operation
	EncryptMode = iota

	// DecryptMode tells KMS to perform an decryption operation
	DecryptMode
)

View Source

const (
	// KMS is a const that delineates the type of encryption used (AWS Key Management System)
	KMS = "kms"

	// AES256 is a const that delineates the type of encryption used (AES256)
	AES256 = "aes"
)

Variables ¶

This section is empty.

Functions ¶

func DecryptSourceConfig ¶

func DecryptSourceConfig(ms domain.DatabaseConnection, sourceConfig domain.SourceConfig, config config) (domain.SourceConfig, error)

DecryptSourceConfig takes in a source config as an argument, and decrypts the fields that are expected to be encrypted Should not store encrypted pass inside the sourceConfig because when a client reconnects, it will try to decrypt the already decrypted password

func Hash ¶

func Hash(in string) string

Hash returns the 32-bit FNV-1a hash of an input string

Types ¶

type AESClient ¶

type AESClient struct {
	// contains filtered or unexported fields
}

AESClient performs encryption and decryption using AES256

func (*AESClient) Decrypt ¶

func (client *AESClient) Decrypt(in string) (out string, err error)

Decrypt takes a base64 encoded encrypted string, first decodes the string, and then decrypts it

func (*AESClient) Encrypt ¶

func (client *AESClient) Encrypt(in string) (out string, err error)

Encrypt encrypts the input using AES256 and then encodes it in base64

type Client ¶

type Client interface {
	Encrypt(string) (string, error)
	Decrypt(string) (string, error)
}

Client manages

func NewEncryptionClient ¶

func NewEncryptionClient(clientType string, db domain.DatabaseConnection, applicationEncryptionKey string, orgID string) (client Client, err error)

NewEncryptionClient takes in an application level encryption key (a KMS key) The fields in the database are encrypted with an organization specific encryption key, which is not the same as the application level encryption key This ensures that one organization cannot read the fields of another. The organization encryption key in the database itself is encrypted using the KMS application level encryption key The organization encryption key must be pulled from the database and decrypted before the client is created The application level encryption key should only exist in the root organization of an organization hierarchy

func NewEncryptionClientWithDirectKey ¶

func NewEncryptionClientWithDirectKey(clientType string, key string) (client Client, err error)

NewEncryptionClientWithDirectKey takes the key used for encryption as a direct argument, and does not grab an encrypted, organization specific key from the database like NewEncryptionClient does

func NewEncryptionClientWithProfile ¶

func NewEncryptionClientWithProfile(clientType string, db domain.DatabaseConnection, applicationEncryptionKey string, orgID string, profile string) (client Client, err error)

type KMSClient ¶

type KMSClient struct {
	Client *kms.KMS

	KeySpec string
	// contains filtered or unexported fields
}

KMSClient holds all information required to perform encryption and decryption. Once the object is created, once can simply call encrypt or decrypt on it

func CreateKMSClientWithProfile ¶

func CreateKMSClientWithProfile(keyID string, profile string) (client *KMSClient, err error)

CreateKMSClientWithProfile creates a KMSClient object. The keyID is the AWS KMS key ID. The profile is optional and may be passed as an empty string

func (*KMSClient) Decrypt ¶

func (kmsClient *KMSClient) Decrypt(encryptedText string) (message string, err error)

Decrypt decrypts the argument using AWS KMS and the key ID in the KMS client

func (*KMSClient) Encrypt ¶

func (kmsClient *KMSClient) Encrypt(message string) (encryptedString string, err error)

Encrypt encrypts the argument using AWS KMS and the key ID in the KMS client

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL