Documentation ¶
Overview ¶
Example ¶
ctx, cancel := context.WithCancel(context.Background()) defer cancel() // use "smGbjm71Nxd1Ig5FS0wj9SlbzAIrnolCz9bQQ6uAhl4=" as secret c, err := New(ctx, "base64key://smGbjm71Nxd1Ig5FS0wj9SlbzAIrnolCz9bQQ6uAhl4=") if err != nil { fmt.Println(err) return } defer c.Close() plainKey := make([]byte, 32) rand.Read(plainKey) cypherKey, err := c.EncryptKey(ctx, plainKey) if err != nil { fmt.Println(err) return } plainText := "asdfghjklñqwertyuiozxcvbnm," cypherText, err := c.Encrypt(ctx, []byte(plainText), cypherKey) if err != nil { fmt.Println(err) return } result, err := c.Decrypt(ctx, cypherText, cypherKey) if err != nil { fmt.Println(err) return } if r := string(result); r != plainText { fmt.Printf("unexpected result: %s", r) }
Output:
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
var OpenCensusViews = secrets.OpenCensusViews
OpenCensusViews are predefined views for OpenCensus metrics. The views include counts and latency distributions for API method calls.
Functions ¶
func Decrypt ¶
Decrypt decrypts the received data with a passphrase using AES GCM
Example ¶
msg := "zxcvbnmasdfghjklqwertyuiop1234567890" passphrase := "some secret" cypherMsg, err := Encrypt([]byte(msg), []byte(passphrase)) if err != nil { fmt.Println(err) return } cypherMsg2, err2 := Encrypt([]byte(msg), []byte(passphrase)) if err2 != nil { fmt.Println(err2) return } if bytes.Equal(cypherMsg, cypherMsg2) { fmt.Println("two executions with the same input shall not generate the same output") return } res1, err3 := Decrypt(cypherMsg, []byte(passphrase)) if err != nil { fmt.Println(err3) return } res2, err4 := Decrypt(cypherMsg2, []byte(passphrase)) if err != nil { fmt.Println(err4) return } if !bytes.Equal(res1, res2) { fmt.Println("results are different:", string(res1), string(res2)) return }
Output:
func Encrypt ¶
Encrypt encrypts the received data with a passphrase using AES GCM
Example ¶
msg := "zxcvbnmasdfghjklqwertyuiop1234567890" passphrase := "some secret" cypherMsg, err := Encrypt([]byte(msg), []byte(passphrase)) if err != nil { fmt.Println(err) return } cypherMsg2, err2 := Encrypt([]byte(msg), []byte(passphrase)) if err2 != nil { fmt.Println(err2) return } if bytes.Equal(cypherMsg, cypherMsg2) { fmt.Println("two executions with the same input shall not generate the same output") }
Output:
Types ¶
type Cypher ¶
type Cypher struct {
// contains filtered or unexported fields
}
Cypher is a structure able to encrypt and decrypt messages with an encrypted key. Before encrypting or decrypting the message, the encrypted key is decrypted with the help of the wrapped secrets.Keeper
func New ¶
New returns a Cypher wrapping a secrets.Keeper accesing the secret stored at the given url. The url depends on the secrets driver required (awskms, azurekeyvault, gcpkms, hashivault and localsecrets). See the URLOpener documentation in gocloud.dev/secrets driver subpackages for details on supported URL formats, and https://gocloud.dev/concepts/urls for more information.
func (*Cypher) Decrypt ¶
Decrypt decrypts an encrypted text using a encrypted key, returning a plain message. Before using the given key, it decrypts the key with the secrets.Keeper