crypto

package
v0.0.75 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 22, 2024 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Overview

Package crypto provides cryptographic functions

Index

Constants

View Source 
const (
	// DefaultAlgorithm defines the default algorithm to use for encryption.
	DefaultAlgorithm = algorithms.Aes256Gcm
	// FallbackAlgorithm defines an older algorithm we use for old data.
	FallbackAlgorithm = algorithms.Aes256Cfb
)

Variables

View Source 
var (
	// ErrDecrypt is returned when we cannot decrypt a secret.
	ErrDecrypt = errors.New("unable to decrypt")
	// ErrEncrypt is returned when we cannot encrypt a secret.
	ErrEncrypt = errors.New("unable to encrypt")
)

Functions

func GenerateNonce 

func GenerateNonce() (string, error)

GenerateNonce generates a nonce for the OAuth2 flow. The nonce is a base64 encoded

func IsNonceValid 

func IsNonceValid(nonce string, noncePeriod int64) (bool, error)

IsNonceValid checks if a nonce is valid. A nonce is valid if it is a base64 encoded string

Types

type EncryptedData 

type EncryptedData struct {
	// The type of encryption used.
	Algorithm algorithms.Type
	// The encrypted data represented as a base64 encoded string.
	EncodedData string
	// An identifier which specifies the key used.
	// Used to handle multiple keys during key rotation.
	KeyVersion string
}

EncryptedData represents the structure we use to store encrypted data in the database.

func DeserializeEncryptedData 

func DeserializeEncryptedData(contents json.RawMessage) (EncryptedData, error)

DeserializeEncryptedData deserialized the data generated by EncryptedData.Serialize()

func NewBackwardsCompatibleEncryptedData 

func NewBackwardsCompatibleEncryptedData(encryptedData string) EncryptedData

NewBackwardsCompatibleEncryptedData creates an instance of EncryptedData with appropriate defaults plugged in. This is used for existing secrets and should be removed once we migrate to the new encryption model.

func (*EncryptedData) Serialize 

func (e *EncryptedData) Serialize() (json.RawMessage, error)

Serialize converts the contents to JSON. This is intended for storage in the database.

type Engine 

type Engine interface {
	// EncryptOAuthToken takes an OAuth2 token, serializes to JSON and encrypts it.
	EncryptOAuthToken(token *oauth2.Token) (EncryptedData, error)
	// DecryptOAuthToken takes an OAuth2 token encrypted using EncryptOAuthToken and decrypts it.
	DecryptOAuthToken(encryptedToken EncryptedData) (oauth2.Token, error)
	// EncryptString encrypts a string.
	EncryptString(data string) (EncryptedData, error)
	// DecryptString decrypts a string encrypted with EncryptString.
	DecryptString(encryptedString EncryptedData) (string, error)
}

Engine provides all functions to encrypt and decrypt data

func NewEngineFromConfig 

func NewEngineFromConfig(config *serverconfig.Config) (Engine, error)

NewEngineFromConfig creates a new crypto engine from the service config TODO: modify to support multiple keys/algorithms

Source Files

View all Source files

Directories

Path Synopsis
Package algorithms contains implementations of various crypto algorithms for the crypto engine.
 Package algorithms contains implementations of various crypto algorithms for the crypto engine.
Package keystores contains logic for loading encryption keys from a keystores
 Package keystores contains logic for loading encryption keys from a keystores
mock
Package mock_keystores is a generated GoMock package.
 Package mock_keystores is a generated GoMock package.
Package mock_crypto is a generated GoMock package.
 Package mock_crypto is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.