multi

package
v2.3.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 18, 2023 License: MPL-2.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

View Source
const BaseEncryptor = "__base__"

Variables

View Source
var ErrKeyNotFound = errors.New("given key ID not found")

Functions

This section is empty.

Types

type PooledWrapper

type PooledWrapper struct {
	// contains filtered or unexported fields
}

PooledWrapper allows multiple wrappers to be used for decryption based on key ID. This allows for rotation of data by allowing data to be decrypted across multiple (possibly derived) wrappers and encrypted with the default. Functions on this type will likely panic if the wrapper is not created via NewPooledWrapper.

func NewPooledWrapper

func NewPooledWrapper(ctx context.Context, base wrapping.Wrapper) (*PooledWrapper, error)

NewPooledWrapper creates a PooledWrapper and sets its encrypting wrapper to the one that is passed in.

func (*PooledWrapper) AddWrapper

func (m *PooledWrapper) AddWrapper(ctx context.Context, w wrapping.Wrapper) (bool, error)

AddWrapper adds a wrapper to the PooledWrapper. For safety, it will refuse to overwrite an existing wrapper; use RemoveWrapper to remove that one first. The return parameter indicates if the wrapper was successfully added, that is, it will be false if an existing wrapper would have been overridden. If you want to change the encrypting wrapper, create a new PooledWrapper or call SetEncryptingWrapper.

func (*PooledWrapper) AllKeyIds

func (m *PooledWrapper) AllKeyIds() []string

AllKeyIds returns a sorted copy of all the pooled wrapper's key ids

func (*PooledWrapper) Decrypt

func (m *PooledWrapper) Decrypt(ctx context.Context, ct *wrapping.BlobInfo, opt ...wrapping.Option) ([]byte, error)

Decrypt will use the embedded KeyId in the encrypted blob info to select which wrapper to use for decryption. If there is no key info it will attempt decryption with the current encryptor. It will return an ErrKeyNotFound if it cannot find a suitable key.

func (*PooledWrapper) Encrypt

func (m *PooledWrapper) Encrypt(ctx context.Context, pt []byte, opt ...wrapping.Option) (*wrapping.BlobInfo, error)

Encrypt encrypts using the current encryptor

func (*PooledWrapper) Finalize

func (m *PooledWrapper) Finalize(context.Context, ...wrapping.Option) error

This does nothing; it's up to the user to initialize and finalize any given wrapper

func (*PooledWrapper) HmacKeyId

func (m *PooledWrapper) HmacKeyId(ctx context.Context) (string, error)

HmacKeyId returns the HmacKeyId of the current encryptor

func (*PooledWrapper) Init

This does nothing; it's up to the user to initialize and finalize any given wrapper

func (*PooledWrapper) KeyBytes

func (m *PooledWrapper) KeyBytes(ctx context.Context) ([]byte, error)

KeyBytes implements the option KeyExporter interface which will return the baseEncryptor key bytes

func (*PooledWrapper) KeyId

func (m *PooledWrapper) KeyId(ctx context.Context) (string, error)

KeyId returns the KeyId of the current encryptor

func (*PooledWrapper) RemoveWrapper

func (m *PooledWrapper) RemoveWrapper(ctx context.Context, keyId string) (bool, error)

RemoveWrapper removes a wrapper from the PooledWrapper, identified by key ID. It will not remove the encrypting wrapper; use SetEncryptingWrapper for that. Returns whether or not a wrapper was removed, which will always be true unless it was the base encryptor.

func (*PooledWrapper) SetConfig

SetConfig sets config, but there is currently nothing to set on pooleed wrappers; set configuration on the chosen underlying wrappers instead.

func (*PooledWrapper) SetEncryptingWrapper

func (m *PooledWrapper) SetEncryptingWrapper(ctx context.Context, w wrapping.Wrapper) (bool, error)

SetEncryptingWrapper resets the encrypting wrapper to the one passed in. It will also add the previous encrypting wrapper to the set of decrypting wrappers; it can then be removed via its key ID and RemoveWrapper if desired. It will return false (not successful) if the given key ID is already in use.

func (*PooledWrapper) Type

func (*PooledWrapper) WrapperForKeyId

func (m *PooledWrapper) WrapperForKeyId(keyID string) wrapping.Wrapper

WrapperForKeyId returns the wrapper for the given keyID. Returns nil if no wrapper was found for the given key ID.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL