tink-aead-cli

command module
v0.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 7, 2022 License: MIT Imports: 5 Imported by: 0

README

tink-aead-cli

An implementation of Google Tink CLI for AEAD encryption based on Tink-Golang

Version: v0.0.2

Download Binary

Download pre-build binary from Release Page.

Usage:

Usage of tink-aead-cli:
-a string
    associated data to be encrypted/decrypted
-c string
    Cipher text file path to be encrypted/decrypted
-k string
    Stored DEK that is encrypted by KEK in KMS
-m string
    mode configuration, can be one of 'encrypt' or 'decrypt'
-p string
    Platin text file path to be encrypted/decrypted
-s string
    cerdential file for accessing kms
-t string
    Key templates for aead, can be one of: AES256CTRHMACSHA256,AES256GCMNoPrefix,ChaCha20Poly1305,AES128CTRHMACSHA256,AES128GCM (default "AES128GCM")
-u string
    kms key uri, can only be started with gcp-kms://

Templates

  • Non-Streaming: AES128CTRHMACSHA256, AES128GCM, AES256CTRHMACSHA256, AES256GCMNoPrefix, ChaCha20Poly1305
  • Streaming: AES128CTRHMACSHA256Segment1MB, AES128CTRHMACSHA256Segment4KB, AES128GCMHKDF1MB, AES128GCMHKDF4KB, AES256CTRHMACSHA256Segment1MB, AES256CTRHMACSHA256Segment4KB, AES256GCMHKDF1MB, AES256GCMHKDF4KB

Examples:

  1. Encrypt plain text file by envelope encryption (DEK is stored in output cipher text file)
tink-aead-cli -m encrypt -p plainTextFile -c cipherTextFile -s credentials.json -u gcp-kms://xxx
  1. Decrypt cipher text file by envelope encryption (DEK is stored in input cipher text file)
tink-aead-cli -m decrypt -p plainTextFile -c cipherTextFile -s credentials.json -u gcp-kms://xxx
  1. Encrypt plain text file by stored keyset. (DEK is stored in a separate file)
tink-aead-cli -m encrypt -p plainTextFile -c cipherTextFile -k keyFile -s credentials.json -u gcp-kms://xxx
  1. Decrypt cipher text file by stored keyset. (DEK is stored in a separate file)
tink-aead-cli -m decrypt -p plainTextFile -c cipherTextFile -k keyFile -s credentials.json -u gcp-kms://xxx
  1. Create a data encryption key (DEK). (DEK will be stored in a separate file)
tink-aead-cli -m newkey -k keyFile -s credentials.json -u gcp-kms://xxx

Build from source

./build.sh

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.