daead

package
v2.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 16, 2024 License: Apache-2.0 Imports: 17 Imported by: 8

Documentation

Overview

Package daead provides implementations of the DeterministicAEAD primitive.

Unlike AEAD, implementations of this interface are not semantically secure, because encrypting the same plaintex always yields the same ciphertext.

Example 
package main

import (
	"bytes"
	"fmt"
	"log"

	"github.com/tink-crypto/tink-go/v2/daead"
	"github.com/tink-crypto/tink-go/v2/insecurecleartextkeyset"
	"github.com/tink-crypto/tink-go/v2/keyset"
)

func main() {
	// A keyset created with "tinkey create-keyset --key-template=AES256_SIV". Note
	// that this keyset has the secret key information in cleartext.
	jsonKeyset := `{
			"key": [{
				"keyData": {
						"keyMaterialType":
								"SYMMETRIC",
						"typeUrl":
								"type.googleapis.com/google.crypto.tink.AesSivKey",
						"value":
								"EkAl9HCMmKTN1p3V186uhZpJQ+tivyc4IKyE+opg6SsEbWQ/WesWHzwCRrlgRuxdaggvgMzwWhjPnkk9gptBnGLK"
				},
				"keyId": 1919301694,
				"outputPrefixType": "TINK",
				"status": "ENABLED"
		}],
		"primaryKeyId": 1919301694
	}`

	// Create a keyset handle from the cleartext keyset in the previous
	// step. The keyset handle provides abstract access to the underlying keyset to
	// limit the exposure of accessing the raw key material. WARNING: In practice,
	// it is unlikely you will want to use a insecurecleartextkeyset, as it implies
	// that your key material is passed in cleartext, which is a security risk.
	// Consider encrypting it with a remote key in Cloud KMS, AWS KMS or HashiCorp Vault.
	// See https://github.com/google/tink/blob/master/docs/GOLANG-HOWTO.md#storing-and-loading-existing-keysets.
	keysetHandle, err := insecurecleartextkeyset.Read(
		keyset.NewJSONReader(bytes.NewBufferString(jsonKeyset)))
	if err != nil {
		log.Fatal(err)
	}

	// Retrieve the DAEAD primitive we want to use from the keyset handle.
	primitive, err := daead.New(keysetHandle)
	if err != nil {
		log.Fatal(err)
	}

	// Use the primitive to encrypt a message. In this case the primary key of the
	// keyset will be used (which is also the only key in this example).
	plaintext := []byte("message")
	associatedData := []byte("associated data")
	ciphertext, err := primitive.EncryptDeterministically(plaintext, associatedData)
	if err != nil {
		log.Fatal(err)
	}

	// Use the primitive to decrypt the message. Decrypt finds the correct key in
	// the keyset and decrypts the ciphertext. If no key is found or decryption
	// fails, it returns an error.
	decrypted, err := primitive.DecryptDeterministically(ciphertext, associatedData)
	if err != nil {
		log.Fatal(err)
	}

	fmt.Println(ciphertext)
	fmt.Println(string(decrypted))
}

Output:

[1 114 102 56 62 150 98 146 84 99 211 36 127 214 229 231 157 56 143 192 250 132 32 153 124 244 238 112]
message

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

func AESSIVKeyTemplate 

func AESSIVKeyTemplate() *tinkpb.KeyTemplate

AESSIVKeyTemplate is a KeyTemplate that generates a AES-SIV key.

func New 

func New(handle *keyset.Handle) (tink.DeterministicAEAD, error)

New returns a DeterministicAEAD primitive from the given keyset handle.

Types

This section is empty.

Source Files

View all Source files

Directories

Path Synopsis
Package subtle provides subtle implementations of the DeterministicAEAD primitive.
 Package subtle provides subtle implementations of the DeterministicAEAD primitive.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.