Documentation
¶
Index ¶
Constants ¶
const SecureLookupPrefix = "cn"
SecureLookupPrefix will format the secure lookup token to "[prefix]-[encoder id]-[index]".
Variables ¶
var DefaultOptions = Options{ // contains filtered or unexported fields }
DefaultOptions represents the recommended default Options for secure encoding.
Functions ¶
This section is empty.
Types ¶
type DecoderExtension ¶
type DecoderExtension struct {
jsoniter.DecoderExtension
// contains filtered or unexported fields
}
DecoderExtension is a JSON encoder extension for the encryption and decryption of JSON encoded data. It supports full encryption / decryption of the encoded block in in addition to sparse encryption and hashing of structs on a per field basis via supplementary JSON struct field tag options. For addition information sparse encryption & hashing, please SEE: https://git.tcp.direct/kayos/chestnut-bitcask/blob/master/README.md
For additional information on json-iterator extensions, please SEE: https://github.com/json-iterator/go/wiki/Extension
func NewSecureDecoderExtension ¶
func NewSecureDecoderExtension(encoderID string, dfn DecryptionFunction, opt ...Option) *DecoderExtension
NewSecureDecoderExtension returns a new DecoderExtension using the supplied DecryptionFunction. If an encoder id is supplied, this decoder will restrict itself to packages with a matching id.
func (*DecoderExtension) Close ¶
func (ext *DecoderExtension) Close()
Close should be called after Unmarshal.
func (*DecoderExtension) DecorateDecoder ¶
func (ext *DecoderExtension) DecorateDecoder(typ reflect2.Type, decoder jsoniter.ValDecoder) jsoniter.ValDecoder
DecorateDecoder customizes the decoding by specifying alternate lookup table decoder that recognizes previously encoded lookup table keys and replaces them with decoded values.
func (*DecoderExtension) Open ¶
func (ext *DecoderExtension) Open() error
Open should be called before Unmarshal to prepare the decoder.
func (*DecoderExtension) Unseal ¶
func (ext *DecoderExtension) Unseal(encoded []byte) ([]byte, error)
Unseal decrypts and returns the encoded value as an unsealed package. If sparse is true AND the data format is sparse, the data will not be decrypted the struct will be decoded with empty values in place of secure fields. TODO: We could hash the encoded data and add that to our plaintext block before we
encrypt it as a tamper check. Not sure that is necessary or useful right now though.
type DecryptionFunction ¶
DecryptionFunction defines the prototype for the decryption callback. See WARNING regarding use of PassthroughDecryption.
var PassthroughDecryption DecryptionFunction = func(ciphertext []byte) ([]byte, error) { return hex.DecodeString(string(ciphertext)) }
PassthroughDecryption is a dummy function for development and testing *ONLY*.
* WARNING: DO NOT USE IN PRODUCTION. * PassthroughDecryption is *NOT* decryption and *DOES NOT* decrypt data.
type EmptyOption ¶
type EmptyOption struct{}
EmptyOption does not alter the encoder configuration. It can be embedded in another structure to build custom encoder options.
type EncoderExtension ¶
type EncoderExtension struct {
jsoniter.EncoderExtension
// contains filtered or unexported fields
}
EncoderExtension is a JSON encoder extension for the encryption and decryption of JSON encoded data. It supports full encryption / decryption of the encoded block in in addition to sparse encryption and hashing of structs on a per field basis via supplementary JSON struct field tag options. For additional information on sparse encryption & hashing, please SEE: https://git.tcp.direct/kayos/chestnut-bitcask/blob/master/README.md
For additional information on json-iterator extensions, please SEE: https://github.com/json-iterator/go/wiki/Extension
func NewSecureEncoderExtension ¶
func NewSecureEncoderExtension(encoderID string, efn EncryptionFunction, opt ...Option) *EncoderExtension
NewSecureEncoderExtension returns a new EncoderExtension using the supplied EncryptionFunction. If no encoder id is supplied, a new random encoder id will be used.
func (*EncoderExtension) Close ¶
func (ext *EncoderExtension) Close()
Close should be called after Marshal, but before Seal. Calling Seal before Close will call Close automatically if necessary.
func (*EncoderExtension) Open ¶
func (ext *EncoderExtension) Open() error
Open should be called before Marshal to prepare the encoder.
func (*EncoderExtension) Seal ¶
func (ext *EncoderExtension) Seal(encoded []byte) ([]byte, error)
Seal encrypts and returns the encoded value as a sealed package.
func (*EncoderExtension) UpdateStructDescriptor ¶
func (ext *EncoderExtension) UpdateStructDescriptor(structDescriptor *jsoniter.StructDescriptor)
UpdateStructDescriptor customizes the encoding by specifying alternate lookup encoder for secure struct field tags and hash struct field strings.
type EncryptionFunction ¶
EncryptionFunction defines the prototype for the encryption callback. See WARNING regarding use of PassthroughEncryption.
var PassthroughEncryption EncryptionFunction = func(plaintext []byte) ([]byte, error) { return []byte(hex.EncodeToString(plaintext)), nil }
PassthroughEncryption is a dummy function for development and testing *ONLY*.
* WARNING: DO NOT USE IN PRODUCTION. * PassthroughEncryption is *NOT* encryption and *DOES NOT* encrypt data.
type Option ¶
type Option interface {
// contains filtered or unexported methods
}
A Option sets options such as compression or sparse decoding.
func SparseDecode ¶
func SparseDecode() Option
SparseDecode returns a Option that set the decoder to return sparsely decoded data. If the JSON data was not sparely encoded, this does nothing.
func WithCompression ¶
WithCompression returns a Option that compresses & decompresses data with Zstd.
func WithCompressor ¶
func WithCompressor(compressor compress.CompressorFunc) Option
WithCompressor returns a Option that compresses data.
func WithDecompressor ¶
func WithDecompressor(decompressor compress.DecompressorFunc) Option
WithDecompressor returns a Option that decompresses data.
type Options ¶
type Options struct {
// contains filtered or unexported fields
}
Options provides a default implementation for common options for a secure encoding.
Source Files