local

package

v0.3.2 Latest Latest Go to latest Published: May 9, 2023 License: Apache-2.0 Imports: 3 Imported by: 11

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/hyperledger/aries-framework-go

Links

Open Source Insights

Documentation ¶

Overview ¶

Package local provides a local secret lock service. The user must create a master key and store it in a local file or an environment variable prior to using this service.

The user has the option to encrypt the master key using hkdf.NewMasterLock(passphrase, hash func(), salt) found in the sub package masterlock/hkdf. There's also the option of using pbkdf2.NewMasterLock() instead of hkdf which is located under masterlock/pbkdf2.

This lock services uses the NIST approved AES-GCM 256 bit encryption as per NIST SP 800-38D.

The user can then call either:

MasterKeyFromPath(path) or
MasterKeyFromEnv(envPrefix, keyURI)

to get an io.Reader instance needed to read the master key and create a keys Lock service.

The content of the master key reader may be either raw bytes or base64URL encoded (by masterlock if protected or manually if not). Base64URL encoding is useful when setting a master key in an environment variable as some OSs may reject setting env variables with binary data as value. The service will attempt to base64URL decode the content of reader first and if it fails, will try to create the service with the raw (binary) content.

To get the lock service, call:

NewService(reader, secLock)

where reader is the instance returned from one of the MasterKeyFrom..() functions mentioned above and secLock which is the masterKey lock used to encrypt/decrypt the master key. If secLock is nil then the masterKey content in reader will be used as-is without being decrypted. The keys however are always encrypted using the read masterKey.

Index ¶

func MasterKeyFromEnv(envPrefix, keyURI string) (io.Reader, error)
func MasterKeyFromPath(path string) (io.Reader, error)
func NewService(masterKeyReader io.Reader, secLock secretlock.Service) (secretlock.Service, error)
type Lock

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func MasterKeyFromEnv ¶

func MasterKeyFromEnv(envPrefix, keyURI string) (io.Reader, error)

MasterKeyFromEnv creates a new instance of a local secret lock Reader to read a master key found in a env variable with key: `envPrefix` + `keyURI`.

func MasterKeyFromPath ¶

func MasterKeyFromPath(path string) (io.Reader, error)

MasterKeyFromPath creates a new instance of a local secret lock Reader to read a master key stored in `path`.

func NewService ¶

func NewService(masterKeyReader io.Reader, secLock secretlock.Service) (secretlock.Service, error)

NewService creates a new instance of local secret lock service using a master key in masterKeyReader. If the masterKey is not protected (secLock=nil) this function will attempt to base64 URL Decode the content of masterKeyReader and if it fails, then will attempt to create a secret lock cipher with the raw key as is.

Types ¶

type Lock ¶

type Lock = local.Lock

Lock is a secret lock service responsible for encrypting keys using a master key.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
masterlock
hkdf Package hkdf provides an hkdf implementation of secretlock as a masterlock.	Package hkdf provides an hkdf implementation of secretlock as a masterlock.
pbkdf2 Package pbkdf2 provides an pbkdf2 implementation of secretlock as a masterlock.	Package pbkdf2 provides an pbkdf2 implementation of secretlock as a masterlock.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL