Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
// Key template for aead or streaming_aead
Template KeyTemplate
// KeyURI can only be started with gcp-kms://
// If KeyFile not presented, use envelope encryption, otherwise use remote KEK to decrypt local KeyFile.
KeyURI string
// Credentials file for accessing kms
Credentials string
// KeyFile for local DEK encryption, optional.
KeyFile string
}
Config defines necessary fields to initial an EncrypterDecrypter.
type EncrypterDecrypter ¶
type EncrypterDecrypter interface {
// EncryptFile encrypts source plain text file to destination cipher text file.
// Use envelope encryption if KeyFile is not provided, otherwise use KeyFile for local encryption.
// ad indicates the associated data for authenticated encryption, optionally.
EncryptFile(src, dst string, ad []byte) error
// DecryptFile decrypts source cipher text file to destination plain text file.
// Use envelope decryption if KeyFile is not provided, otherwise use KeyFile for local decryption.
// ad indicates the associated data for authenticated decryption, optionally.
DecryptFile(src, dst string, ad []byte) error
// NewDataKey cretes a new local DEK that will be encrypted.
// Use remote KEK to encrypt the DEK.
NewDataKey(keypath string) error
}
EncrypterDecrypter defines the interface for encrypting and decrypting.
func NewEncrypterDecrypter ¶
func NewEncrypterDecrypter(config Config) (EncrypterDecrypter, error)
NewEncrypterDecrypter returns a valid EncrypterDecrypter.
type KeyTemplate ¶
type KeyTemplate string
KeyTemplate defines the template for tink.
var ( AES128CTRHMACSHA256KeyTemplate KeyTemplate = "AES128CTRHMACSHA256" AES128GCMKeyTemplate KeyTemplate = "AES128GCM" AES256CTRHMACSHA256KeyTemplate KeyTemplate = "AES256CTRHMACSHA256" AES256GCMNoPrefixKeyTemplate KeyTemplate = "AES256GCMNoPrefix" ChaCha20Poly1305KeyTemplate KeyTemplate = "ChaCha20Poly1305" )
enum for all key templates supported in tink.
var ( AES128CTRHMACSHA256Segment1MBKeyTemplate KeyTemplate = "AES128CTRHMACSHA256Segment1MB" AES128CTRHMACSHA256Segment4KBKeyTemplate KeyTemplate = "AES128CTRHMACSHA256Segment4KB" AES128GCMHKDF1MBKeyTemplate KeyTemplate = "AES128GCMHKDF1MB" AES128GCMHKDF4KBKeyTemplate KeyTemplate = "AES128GCMHKDF4KB" AES256CTRHMACSHA256Segment1MBKeyTemplate KeyTemplate = "AES256CTRHMACSHA256Segment1MB" AES256CTRHMACSHA256Segment4KBKeyTemplate KeyTemplate = "AES256CTRHMACSHA256Segment4KB" AES256GCMHKDF1MBKeyTemplate KeyTemplate = "AES256GCMHKDF1MB" AES256GCMHKDF4KBKeyTemplate KeyTemplate = "AES256GCMHKDF4KB" )
enum for all stream key templates supported in tink.
func (KeyTemplate) IsStream ¶
func (t KeyTemplate) IsStream() (bool, error)
IsStream indicates whether the template is for streaming.
type StreamEncrypterDecrypter ¶
type StreamEncrypterDecrypter interface {
// Encrypt encrypts source input stream to destination output stream.
// Use KeyFile for local encryption.
// ad indicates the associated data for authenticated encryption, optionally.
Encrypt(src io.Reader, dst io.Writer, ad []byte) error
// Decrypt decrypts source input stream to destination output stream.
// Use KeyFile for local decryption.
// ad indicates the associated data for authenticated decryption, optionally.
Decrypt(src io.Reader, dst io.Writer, ad []byte) error
// NewDataKey cretes a new local DEK that will be encrypted remotely and stored in local KeyFile.
// Use remote KEK to encrypt the DEK.
NewDataKey(keypath string) error
}
StreamEncrypterDecrypter defines the interface for encrypting and decrypting.
func NewStreamEncrypterDecrypter ¶
func NewStreamEncrypterDecrypter(config Config) (StreamEncrypterDecrypter, error)
NewStreamEncrypterDecrypter returns a valid StreamEncrypterDecrypter.
Source Files
Click to show internal directories.
Click to hide internal directories.