Documentation
¶
Index ¶
- type KMS
- func (k *KMS) Connect(parentSegment ...*xray.XRayParentSegment) (err error)
- func (k *KMS) DecryptViaCmkAes256(cipherText string) (plainText string, err error)
- func (k *KMS) DecryptViaCmkRsa2048(cipherText string) (plainText string, err error)
- func (k *KMS) DecryptWithDataKeyAes256(cipherText string, cipherKey string) (plainText string, err error)
- func (k *KMS) Disconnect()
- func (k *KMS) EncryptViaCmkAes256(plainText string) (cipherText string, err error)
- func (k *KMS) EncryptViaCmkRsa2048(plainText string) (cipherText string, err error)
- func (k *KMS) EncryptWithDataKeyAes256(plainText string, cipherKey string) (cipherText string, err error)
- func (k *KMS) GenerateDataKeyAes256() (cipherKey string, err error)
- func (k *KMS) ReEncryptViaCmkAes256(sourceCipherText string, targetKmsKeyName string) (targetCipherText string, err error)
- func (k *KMS) ReEncryptViaCmkRsa2048(sourceCipherText string, targetKmsKeyName string) (targetCipherText string, err error)
- func (k *KMS) SignViaCmkRsa2048(dataToSign string) (signature string, err error)
- func (k *KMS) UpdateParentSegment(parentSegment *xray.XRayParentSegment)
- func (k *KMS) VerifyViaCmkRsa2048(dataToVerify string, signatureToVerify string) (signatureValid bool, err error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type KMS ¶
type KMS struct {
// define the AWS region that KMS is located at
AwsRegion awsregion.AWSRegion
// custom http2 client options
HttpOptions *awshttp2.HttpClientSettings
// define kms key name
AesKmsKeyName string
RsaKmsKeyName string
SignatureKmsKeyName string
// contains filtered or unexported fields
}
KMS struct encapsulates the AWS KMS access functionality
func (*KMS) Connect ¶
func (k *KMS) Connect(parentSegment ...*xray.XRayParentSegment) (err error)
Connect will establish a connection to the KMS service
func (*KMS) DecryptViaCmkAes256 ¶
DecryptViaCmkAes256 will use kms cmk to decrypt cipherText using symmetric aes 256 kms cmk key, and return plainText string, the cipherText can only be decrypted with the symmetric aes 256 kms cmk key
func (*KMS) DecryptViaCmkRsa2048 ¶
DecryptViaCmkRsa2048 will use kms cmk to decrypt cipherText using asymmetric rsa 2048 kms cmk private key, and return plainText string, the cipherText can only be decrypted with the asymmetric rsa 2048 kms cmk private key
func (*KMS) DecryptWithDataKeyAes256 ¶
func (k *KMS) DecryptWithDataKeyAes256(cipherText string, cipherKey string) (plainText string, err error)
DecryptWithDataKeyAes256 will decrypt cipherText using cipherKey that was generated via GenerateDataKeyAes256()
cipherKey = encrypted data key in hex (must use KMS CMK to decrypt such key)
func (*KMS) Disconnect ¶
func (k *KMS) Disconnect()
Disconnect will disjoin from aws session by clearing it
func (*KMS) EncryptViaCmkAes256 ¶
EncryptViaCmkAes256 will use kms cmk to encrypt plainText using aes 256 symmetric kms cmk key, and return cipherText string, the cipherText can only be decrypted with aes 256 symmetric kms cmk key
func (*KMS) EncryptViaCmkRsa2048 ¶
EncryptViaCmkRsa2048 will use kms cmk to encrypt plainText with asymmetric rsa 2048 kms cmk public key, and return cipherText string, the cipherText can only be decrypted with the paired asymmetric rsa 2048 kms cmk private key
*** To Encrypt using Public Key Outside of KMS ***
- Copy Public Key from AWS KMS for the given RSA CMK
- Using External RSA Public Key Crypto Encrypt Function with the given Public Key to Encrypt
func (*KMS) EncryptWithDataKeyAes256 ¶
func (k *KMS) EncryptWithDataKeyAes256(plainText string, cipherKey string) (cipherText string, err error)
EncryptWithDataKeyAes256 will encrypt plainText using cipherKey that was generated via GenerateDataKeyAes256()
cipherKey = encrypted data key in hex (must use KMS CMK to decrypt such key)
func (*KMS) GenerateDataKeyAes256 ¶
GenerateDataKeyAes256 will return an encrypted data key generated by kms cmk, this data key is encrypted, and able to decrypt only via kms cmk (therefore it is safe to store in memory or at rest)
cipherKey = encrypted data key in hex (must use KMS CMK to decrypt such key)
func (*KMS) ReEncryptViaCmkAes256 ¶
func (k *KMS) ReEncryptViaCmkAes256(sourceCipherText string, targetKmsKeyName string) (targetCipherText string, err error)
ReEncryptViaCmkAes256 will re-encrypt sourceCipherText using the new targetKmsKeyName via kms, (must be targeting aes 256 key) the re-encrypted cipherText is then returned
func (*KMS) ReEncryptViaCmkRsa2048 ¶
func (k *KMS) ReEncryptViaCmkRsa2048(sourceCipherText string, targetKmsKeyName string) (targetCipherText string, err error)
ReEncryptViaCmkRsa2048 will re-encrypt sourceCipherText using the new targetKmsKeyName via kms, (must be targeting rsa 2048 key) the re-encrypted cipherText is then returned
func (*KMS) SignViaCmkRsa2048 ¶
SignViaCmkRsa2048 will sign dataToSign using KMS CMK RSA Sign/Verify Key (Private Key on KMS will be used to securely sign)
func (*KMS) UpdateParentSegment ¶ added in v1.1.4
func (k *KMS) UpdateParentSegment(parentSegment *xray.XRayParentSegment)
UpdateParentSegment updates this struct's xray parent segment, if no parent segment, set nil
func (*KMS) VerifyViaCmkRsa2048 ¶
func (k *KMS) VerifyViaCmkRsa2048(dataToVerify string, signatureToVerify string) (signatureValid bool, err error)
VerifyViaCmkRsa2048 will verify dataToVerify with signature using KMS CMK RSA Sign/Verify Key (Public Key on KMS will be used securely to verify)
signatureToVerify = prior signed signature in hex to verify against the dataToVerify parameter
*** To Verify using Public Key Outside of KMS ***
- Copy Public Key from AWS KMS for the given RSA CMK
- Using External RSA Public Key Crypto Verify Function with the given Public Key to Verify
Source Files