envelope

package
v0.0.0-...-0c42e4c Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 19, 2017 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Overview

Package envelope transforms values for storage at rest using a Envelope provider

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewEnvelopeTransformer

func NewEnvelopeTransformer(envelopeService Service, cacheSize int, baseTransformerFunc func(cipher.Block) value.Transformer) (value.Transformer, error)

NewEnvelopeTransformer returns a transformer which implements a KEK-DEK based envelope encryption scheme. It uses envelopeService to encrypt and decrypt DEKs. Respective DEKs (in encrypted form) are prepended to the data items they encrypt. A cache (of size cacheSize) is maintained to store the most recently used decrypted DEKs in memory.

Types

type Service

type Service interface {
	// Decrypt a given bytearray to obtain the original data as bytes.
	Decrypt(data []byte) ([]byte, error)
	// Encrypt bytes to a ciphertext.
	Encrypt(data []byte) ([]byte, error)
}

Service allows encrypting and decrypting data using an external Key Management Service.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL