Documentation
¶
Index ¶
- Constants
- func BytesToPrivateKey(priv []byte) (*rsa.PrivateKey, error)
- func BytesToPublicKey(pub []byte) (*rsa.PublicKey, error)
- func DecryptData(r io.Reader, w io.Writer, priv *rsa.PrivateKey) error
- func DecryptWithAesKey(data, key []byte) ([]byte, error)
- func DecryptWithKms(ctx context.Context, data []byte, project, location, keyring, key string) ([]byte, error)
- func DecryptWithPrivateKey(ciphertext []byte, priv *rsa.PrivateKey) ([]byte, error)
- func EncryptData(r io.Reader, w io.Writer, pub *rsa.PublicKey) error
- func EncryptWithAesKey(data, key []byte) ([]byte, error)
- func EncryptWithKms(ctx context.Context, data []byte, project, location, keyring, key string) ([]byte, error)
- func EncryptWithPublicKey(msg []byte, pub *rsa.PublicKey) ([]byte, error)
- func GenerateKeyPair(bits int) (*rsa.PrivateKey, *rsa.PublicKey, error)
- func NewAesKey() ([]byte, error)
- func PrivateKeyToBytes(priv *rsa.PrivateKey) []byte
- func PublicKeyToBytes(pub *rsa.PublicKey) ([]byte, error)
- func SignData(r io.Reader, w io.Writer, priv *rsa.PrivateKey) error
- func SignWithPrivateKey(data []byte, priv *rsa.PrivateKey) ([]byte, error)
- func VerifySignature(r io.Reader, sig []byte, pub *rsa.PublicKey) error
- func VerifyWithPublicKey(data []byte, sig []byte, pub *rsa.PublicKey) error
- type EncryptedBlock
Constants ¶
const (
DefaultBits2048 = 2048
)
Variables ¶
This section is empty.
Functions ¶
func BytesToPrivateKey ¶
func BytesToPrivateKey(priv []byte) (*rsa.PrivateKey, error)
BytesToPrivateKey bytes to private key
func BytesToPublicKey ¶
BytesToPublicKey bytes to public key
func DecryptData ¶
DecryptData works with input reader and writer and the private key scanning the input one line at a time (this is specific to how this tool stores encrypted data) and spawning goroutines to decrypt such chunks of data. wait channel is used to synchronize the writing but reading input and decrypting process is not synchronized because it does not have to be.
func DecryptWithAesKey ¶
DecryptWithAesKey decrypts data using AES key
func DecryptWithKms ¶
func DecryptWithKms(ctx context.Context, data []byte, project, location, keyring, key string) ([]byte, error)
DecryptWithKms decrypts input data using Google KMS. You must have a service account referenced by env. var. GOOGLE_APPLICATION_CREDENTIALS
func DecryptWithPrivateKey ¶
func DecryptWithPrivateKey(ciphertext []byte, priv *rsa.PrivateKey) ([]byte, error)
DecryptWithPrivateKey decrypts data with private key
func EncryptData ¶
EncryptData works with reader and writer and the public key. It makes no assumptions about the input data and reads byte buffer chunks and spawns goroutines to encrypt each block. wait is used to synchronize writing to the writer, but encryption of each block is not synchronized.
func EncryptWithAesKey ¶
EncryptWithAesKey encrypts data using AES key
func EncryptWithKms ¶
func EncryptWithKms(ctx context.Context, data []byte, project, location, keyring, key string) ([]byte, error)
EncryptWithKms encrypts input data using Google KMS. You must have a service account referenced by env. var. GOOGLE_APPLICATION_CREDENTIALS
func EncryptWithPublicKey ¶
EncryptWithPublicKey encrypts data with public key
func GenerateKeyPair ¶
GenerateKeyPair generates a new RSA key pair
func PrivateKeyToBytes ¶
func PrivateKeyToBytes(priv *rsa.PrivateKey) []byte
PrivateKeyToBytes private key to bytes
func PublicKeyToBytes ¶
PublicKeyToBytes public key to bytes
func SignWithPrivateKey ¶
func SignWithPrivateKey(data []byte, priv *rsa.PrivateKey) ([]byte, error)
SignWithPrivateKey signs data using private key
func VerifySignature ¶
VerifySignature verifies the signature for the input data
Types ¶
type EncryptedBlock ¶
type EncryptedBlock struct { DataEncryptionKey []byte `json:"d,omitempty"` Ciphertext []byte `json:"c,omitempty"` }
EncryptedBlock represents the structure of the encrypted data. Data is encrypted using symmetric key, and the key is then encrypted using asymmetric key and then kept next to the data. Each block of data has its own data encryption key (DEK), however, all data encryption keys are encrypted using the same key encryption key (KEK).
func (*EncryptedBlock) Marshal ¶
func (g *EncryptedBlock) Marshal() ([]byte, error)
Marshal serializes encrypted block