Documentation ¶
Overview ¶
Package ecrypto provides convenience functions for cryptography inside an enclave.
Sealing ¶
Sealing is the process of encrypting data with a key derived from the enclave and the CPU it is running on. Sealed data can only be decrypted by the same enclave and CPU. Use it to persist data to disk.
Use SealWithUniqueKey if the data should only be decryptable by the current enclave app version. Use SealWithProductKey if it should also be decryptable by future versions of the enclave app.
These functions perform AES-GCM encryption. If you need something else, use the seal functions of package enclave.
Index ¶
- func Decrypt(ciphertext []byte, key []byte, additionalData []byte) ([]byte, error)
- func Encrypt(plaintext []byte, key []byte, additionalData []byte) ([]byte, error)
- func SealWithProductKey(plaintext []byte, additionalData []byte) ([]byte, error)
- func SealWithUniqueKey(plaintext []byte, additionalData []byte) ([]byte, error)
- func Unseal(ciphertext []byte, additionalData []byte) ([]byte, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Decrypt ¶
Decrypt decrypts a ciphertext produced by Encrypt.
The additionalData must match the value passed to Encrypt.
func Encrypt ¶
Encrypt encrypts a given plaintext with a supplied key using AES-GCM.
Optionally pass additionalData to be authenticated.
func SealWithProductKey ¶
SealWithProductKey encrypts a given plaintext with a key derived from the signer and product id of the enclave.
Optionally pass additionalData to be authenticated.
func SealWithUniqueKey ¶
SealWithUniqueKey encrypts a given plaintext with a key derived from a measurement of the enclave.
Optionally pass additionalData to be authenticated.
Ciphertexts can't be decrypted if the UniqueID of the enclave changes. If you want to be able to decrypt ciphertext across enclave versions, use SealWithProductKey.
Types ¶
This section is empty.