encryption

package
v0.28.9 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 31, 2024 License: MIT Imports: 14 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GenerateJWTKeysetsFromCloudKMS added in v0.7.0

func GenerateJWTKeysetsFromCloudKMS(keyUri string, credentialsJSON []byte) (privateEc256 []byte, publicEc256 []byte, err error)

func GenerateLocalKeys added in v0.7.0

func GenerateLocalKeys() (masterKey []byte, privateEc256 []byte, publicEc256 []byte, err error)

func GenerateRandomBytes

func GenerateRandomBytes(n int) (string, error)

GenerateRandomBytes generates a random string of n bytes.

func NewCloudKMSEncryption added in v0.7.0

func NewCloudKMSEncryption(keyUri string, credentialsJSON, privateEc256, publicEc256 []byte) (*cloudkmsEncryptionService, error)

NewCloudKMSEncryption creates a GCP CloudKMS-backed encryption service.

func NewLocalEncryption added in v0.7.0

func NewLocalEncryption(masterKey []byte, privateEc256 []byte, publicEc256 []byte) (*localEncryptionService, error)

NewLocalEncryption creates a new local encryption service. keysetBytes is the raw keyset in base64-encoded JSON format. This can be generated by calling hatchet-admin keyset create-local.

Types

type EncryptionService added in v0.7.0

type EncryptionService interface {
	// Encrypt encrypts the given plaintext with the given data id. The data id is used to
	// associate the ciphertext with the data in the database.
	// For more information, see: https://developers.google.com/tink/client-side-encryption#kms_envelope_aead
	Encrypt(plaintext []byte, dataId string) ([]byte, error)

	// Decrypt decrypts the given ciphertext with the given data id. The data id is used to
	// associate the ciphertext with the data in the database.
	// For more information, see: https://developers.google.com/tink/client-side-encryption#kms_envelope_aead
	Decrypt(ciphertext []byte, dataId string) ([]byte, error)

	// GetPrivateJWTHandle returns a private JWT handle. This is used to sign JWTs.
	GetPrivateJWTHandle() *keyset.Handle

	// GetPublicJWTHandle returns a public JWT handle. This is used to verify JWTs.
	GetPublicJWTHandle() *keyset.Handle
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL