crypt

package module
v0.0.0-...-eecd21b Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 24, 2022 License: MIT Imports: 7 Imported by: 0

README

Build Status codecov PkgGoDev

struct-crypt

This package provides simple struct tag based encryption for Go via the nacl/secretbox api.

The package provides a Transform struct which holds your secret key. This can then be applied to Encrypt a struct, or Decrypt a struct.

The struct tags determine which fields are plaintext, and which are ciphertext.

The tag for a plaintext field is "encrypt" followed by a target field name to place the ciphertext into, e.g. encrypt:"CiphertextTarget"

The tag for a ciphertext field is "decrypt" followed by a target field name to place the plaintext into, e.g. decrypt:"PlaintextTarget"

The tags are not required to be symmetric, so you do not have to decrypt into the same field that encrypts into another field.

All fields must be a byte slice, or a string. If the ciphertext field is a string, it will be stored as a base64 standard encoding representation of the underlying bytes.

By default, all fields are cleared to their zero value after they are transformed. If you do not want this behavior on a field, you may add ,preserve to the tag, e.g. encrypt:"password,preserve"

Example

package main

import (
	crypt "github.com/jmhobbs/struct-crypt"
)

type example struct {
	Plaintext  string `encrypt:"Ciphertext"`
	Ciphertext string `decrypt:"Plaintext"`
	DecSecret  string `encrypt:"EncSecret,preserve"`
	EncSecret  []byte `decrypt:"DecSecret,preserve"`
}

func main() {
	var secret [32]byte
	copy(secret[:], []byte("-----32-byte-encryption-key-----"))

	transform := crypt.New(secret)

	e := example{
		Plaintext: "top secret",
		DecSecret: "also secret",
	}
	/*
	 Plaintext: "top secret"
	Ciphertext: ""
	 DecSecret: "also secret"
	 EncSecret: []
	*/

	err := transform.Encrypt(&e)
	if err != nil {
		panic(err)
	}
	/*
	 Plaintext: ""
	Ciphertext: "dmvKi8BR0ehuM3Eu6zuZZeqEjAB6hbGom+FWAsWSFSehSqpvgU0cEK44M4Bv6Mo6gjo="
	 DecSecret: "also secret"
	 EncSecret: [39 142 155 38 15...119 35 109]
	*/

	err = transform.Decrypt(&e)
	/*
	 Plaintext: "top secret"
	Ciphertext: ""
	 DecSecret: "also secret"
	 EncSecret: [39 142 155 38 15...119 35 109]
	*/
}

Documentation

Overview

Package crypt implements a transformer which encrypts and decrypts struct fields based on their tags. The struct tags determine which fields are plaintext, and which are ciphertext.

The tag for a plaintext field is "encrypt" followed by a target field name to place the ciphertext into, e.g. 

`encrypt:"Ciphertext"`

The tag for a ciphertext field is "decrypt" followed by a target field name to place the plaintext into, e.g. 

`decrypt:"Plaintext"`

The tags are not required to be symmetric, so you do not have to decrypt into the same field that encrypts into another field.

All fields must be a byte slice, or a string. If the ciphertext field is a string, it will be stored as a base64 representation of the underlying bytes.

By default, all fields are cleared to their zero value after they are transformed. If you do not want this behavior on a field, you may add `,preserve` to the tag, e.g. `encrypt:"password,preserve"`

All encryption is done though the golang.org/x/crypto/nacl/secretbox package.

Example 
// Struct tags target other, public fields, and do not have to be symmetric.
type ExampleStruct struct {
	StringPlainText  string `encrypt:"BytesCipherText"`
	StringCipherText string `decrypt:"StringPlainText"`
	BytesPlainText   []byte `encrypt:"StringCipherText"`
	BytesCipherText  []byte `decrypt:"BytesPlainText"`
}

// By default fields are cleared when encrypted or decrypted. Use `,preserve` to prevent this.
type PreserveStruct struct {
	PlainText  string `encrypt:"CipherText,preserve"`
	CipherText string `decrypt:"PlainText"`
}

Output:

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type FieldError 

type FieldError struct {
	// contains filtered or unexported fields
}

func (FieldError) Error 

func (err FieldError) Error() string

type InvalidInputError 

type InvalidInputError struct {
	// contains filtered or unexported fields
}

func (InvalidInputError) Error 

func (err InvalidInputError) Error() string

type Transform 

type Transform struct {
	// contains filtered or unexported fields
}

Transform is used to automatically encrypt or decrypt fields.

func New 

func New(secret [32]byte) *Transform

New creates a Transform for the secret argument.

Example

Ensure you use a strong random source to generate your key, and keep it safe. 

buf := make([]byte, 32)
if _, err := rand.Read(buf); err != nil {
	panic(err.Error())
}
var secret [32]byte
copy(secret[:], buf[:])
_ = New(secret)

Output:

func (*Transform) Decrypt 

func (e *Transform) Decrypt(input interface{}) error

Decrypt all tagged fields to their targets.

func (*Transform) Encrypt 

func (e *Transform) Encrypt(input interface{}) error

Encrypt all tagged fields to their targets.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.