envelopeenc

package

v0.0.0-...-de0f673 Latest Latest Go to latest Published: Mar 20, 2020 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation ¶

Overview ¶

Envelope encryption - envelope contains secret content encrypted with NaCl secretbox symmetric key, and that key is separately encrypted for each RSA public key recipient.

Index ¶

type Envelope
- func Encrypt(plaintext []byte, keks []*rsa.PublicKey) (*Envelope, error)
- func Unmarshal(buf []byte) (*Envelope, error)
- func (e *Envelope) Decrypt(privKey *rsa.PrivateKey) ([]byte, error)
- func (e *Envelope) Marshal() ([]byte, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Envelope ¶

type Envelope struct {
	KeySlots         []envelopeKeySlot `json:"key_slots"`
	EncryptedContent []byte            `json:"content"` // nonce || secretbox_ciphertext
}

func Encrypt ¶

func Encrypt(plaintext []byte, keks []*rsa.PublicKey) (*Envelope, error)

func Unmarshal ¶

func Unmarshal(buf []byte) (*Envelope, error)

func (*Envelope) Decrypt ¶

func (e *Envelope) Decrypt(privKey *rsa.PrivateKey) ([]byte, error)

func (*Envelope) Marshal ¶

func (e *Envelope) Marshal() ([]byte, error)

Format:

uvarint version (always 1) uvarint length of EncryptedContent []byte EncryptedContent uvarint amount of key slots

for each key slot

uvarint  length of KekId
string   KekId
uvarint  length of DekEncrypted
[]byte   DekEncrypted

NOTE: I would've gladly used Protobuf, but looks like you need a metric shit-ton of

imported (even runtime) code to use it.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL