Documentation
¶
Index ¶
- func GetKEK(kmsKeyARN string, isTesting bool) (tink.AEAD, error)
- func VerifySignature(publicKeyBytes, sig, data []byte) (bool, error)
- type DelegatedKey
- type TinkDelegatedKey
- func GenerateDataKey(kek tink.AEAD) (*TinkDelegatedKey, []byte, error)
- func GenerateSigningKey(kek tink.AEAD) (*TinkDelegatedKey, []byte, []byte, error)
- func NewTinkDelegatedKey(kh *keyset.Handle, kek tink.AEAD) *TinkDelegatedKey
- func UnwrapKeyset(encryptedKeyset []byte, kek tink.AEAD) (*TinkDelegatedKey, error)
- func (dk *TinkDelegatedKey) Algorithm() string
- func (dk *TinkDelegatedKey) AllowedForRawMaterials() bool
- func (dk *TinkDelegatedKey) Decrypt(ciphertext []byte, associatedData []byte) ([]byte, error)
- func (dk *TinkDelegatedKey) Encrypt(plaintext []byte, associatedData []byte) ([]byte, error)
- func (dk *TinkDelegatedKey) Sign(data []byte) ([]byte, error)
- func (dk *TinkDelegatedKey) WrapKeyset() ([]byte, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func VerifySignature ¶
Types ¶
type DelegatedKey ¶
type DelegatedKey interface {
// Algorithm returns the name of the algorithm used by the delegated key.
Algorithm() string
// AllowedForRawMaterials indicates if the key can be used with raw cryptographic materials.
AllowedForRawMaterials() bool
// Encrypt encrypts the given plaintext using the algorithm specified by the key.
Encrypt(plaintext []byte, associatedData []byte) (ciphertext []byte, err error)
// Decrypt decrypts the given ciphertext using the algorithm specified by the key.
Decrypt(ciphertext []byte, associatedData []byte) (plaintext []byte, err error)
// Sign signs the given data using the algorithm specified by the key.
Sign(data []byte) (signature []byte, err error)
// WrapKeyset wraps the keyset using the algorithm specified by the key.
WrapKeyset() (wrappedKeyset []byte, err error)
}
DelegatedKey is an interface for keys that support encryption, decryption, signing, and unwrapping.
type TinkDelegatedKey ¶
type TinkDelegatedKey struct {
// contains filtered or unexported fields
}
func GenerateDataKey ¶
func GenerateDataKey(kek tink.AEAD) (*TinkDelegatedKey, []byte, error)
func GenerateSigningKey ¶
func NewTinkDelegatedKey ¶
func NewTinkDelegatedKey(kh *keyset.Handle, kek tink.AEAD) *TinkDelegatedKey
func UnwrapKeyset ¶
func UnwrapKeyset(encryptedKeyset []byte, kek tink.AEAD) (*TinkDelegatedKey, error)
func (*TinkDelegatedKey) Algorithm ¶
func (dk *TinkDelegatedKey) Algorithm() string
func (*TinkDelegatedKey) AllowedForRawMaterials ¶
func (dk *TinkDelegatedKey) AllowedForRawMaterials() bool
func (*TinkDelegatedKey) Decrypt ¶
func (dk *TinkDelegatedKey) Decrypt(ciphertext []byte, associatedData []byte) ([]byte, error)
func (*TinkDelegatedKey) Encrypt ¶
func (dk *TinkDelegatedKey) Encrypt(plaintext []byte, associatedData []byte) ([]byte, error)
func (*TinkDelegatedKey) WrapKeyset ¶
func (dk *TinkDelegatedKey) WrapKeyset() ([]byte, error)
Source Files
Click to show internal directories.
Click to hide internal directories.