data

package

v1.0.0 Latest Latest Go to latest Published: Jun 5, 2020 License: Apache-2.0 Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/GoogleCloudPlatform/storage-client-side-encryption-proxy

Links

Open Source Insights

Documentation ¶

Index ¶

type EncryptedData
- func NewEncryptedData(kekName string, wdekName string, wdek string, data []byte) EncryptedData
type EncryptionEngine
- func NewEncryptionEngine(kekName string, wDekPathName string, gcpClient registry.KMSClient, ...) *EncryptionEngine
type Encryptor

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type EncryptedData ¶

type EncryptedData struct {
	KekName       string `json:"kek"`
	WdekName      string `json:"wdekName"`
	Wdek          string `json:"wdek"`
	EncryptedData string `json:"data"`
}

EncryptedData is the object stored in the bucket.

EncryptedData is base64 encoded for transfer.
Wdek from Tink is json and encrypted.
WdekName is the primaryKeyID for the dek
KekName is the key stored in GCP KMS

func NewEncryptedData ¶

func NewEncryptedData(kekName string, wdekName string, wdek string, data []byte) EncryptedData

NewEncryptedData constructs an object to send to GCS

type EncryptionEngine ¶

type EncryptionEngine struct {
	// contains filtered or unexported fields
}

EncryptionEngine specifies necessary details to use Tink.

func NewEncryptionEngine ¶

func NewEncryptionEngine(kekName string, wDekPathName string, gcpClient registry.KMSClient, logger *logrus.Logger) *EncryptionEngine

NewEncryptionEngine creates engines with required parameters

func (*EncryptionEngine) Load ¶

func (ee *EncryptionEngine) Load(data EncryptedData)

Load grabs the wDek and reads it in.

func (*EncryptionEngine) Obfuscate ¶

func (ee *EncryptionEngine) Obfuscate(dataPlain []byte) []byte

Obfuscate encrypts data using the underlying encryption engine

func (*EncryptionEngine) Package ¶

func (ee *EncryptionEngine) Package(data []byte) EncryptedData

Package marshalls the encrypted data with key hierarchy information to be stored as a blob of structured data

func (*EncryptionEngine) ReadWdek ¶

func (ee *EncryptionEngine) ReadWdek()

ReadWdek loads the wdek using KMS

func (*EncryptionEngine) Reveal ¶

func (ee *EncryptionEngine) Reveal(cipherData []byte) []byte

Reveal decrypts data using the underlying encryption engine

func (*EncryptionEngine) WriteWdek ¶

func (ee *EncryptionEngine) WriteWdek()

WriteWdek outputs JSON file with wDEK (encrypted)

type Encryptor ¶

type Encryptor interface {
	Obfuscate(data io.Reader)
	Reveal() io.Writer

	ReadWdek()
	WriteWdek()

	Package(data []byte) EncryptedData
	Load(data EncryptedData)
}

Encryptor defines methods to support data encryption

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL