Documentation
¶
Overview ¶
Package insecurecleartextkeyset provides methods to read or write cleartext keyset material.
This package contains dangerous functions, and is separate from the rest of Tink so that its usage can be restricted and audited.
Example (CleartextKeysetInBinary) ¶
package main
import (
"bytes"
"fmt"
"log"
"github.com/tink-crypto/tink-go/v2/aead"
"github.com/tink-crypto/tink-go/v2/insecurecleartextkeyset"
"github.com/tink-crypto/tink-go/v2/keyset"
)
func main() {
// Generate a new keyset handle for the primitive we want to use.
handle, err := keyset.NewHandle(aead.AES256GCMKeyTemplate())
if err != nil {
log.Fatal(err)
}
// Serialize the keyset.
buff := &bytes.Buffer{}
err = insecurecleartextkeyset.Write(handle, keyset.NewBinaryWriter(buff))
if err != nil {
log.Fatal(err)
}
serializedKeyset := buff.Bytes()
// serializedKeyset can now be stored at a secure location.
// WARNING: Storing the keyset in cleartext to disk is not recommended!
// Parse the keyset.
parsedHandle, err := insecurecleartextkeyset.Read(
keyset.NewBinaryReader(bytes.NewBuffer(serializedKeyset)))
if err != nil {
log.Fatal(err)
}
// Get the primitive.
primitive, err := aead.New(parsedHandle)
if err != nil {
log.Fatal(err)
}
// Use the primitive.
plaintext := []byte("message")
associatedData := []byte("example encryption")
ciphertext, err := primitive.Encrypt(plaintext, associatedData)
if err != nil {
log.Fatal(err)
}
decrypted, err := primitive.Decrypt(ciphertext, associatedData)
if err != nil {
log.Fatal(err)
}
fmt.Println(string(decrypted))
}
Output: message
Example (CleartextKeysetInJSON) ¶
package main
import (
"bytes"
"fmt"
"log"
"github.com/tink-crypto/tink-go/v2/aead"
"github.com/tink-crypto/tink-go/v2/insecurecleartextkeyset"
"github.com/tink-crypto/tink-go/v2/keyset"
)
func main() {
// Generate a new keyset handle for the primitive we want to use.
handle, err := keyset.NewHandle(aead.AES256GCMKeyTemplate())
if err != nil {
log.Fatal(err)
}
// Serialize the keyset.
buff := &bytes.Buffer{}
err = insecurecleartextkeyset.Write(handle, keyset.NewJSONWriter(buff))
if err != nil {
log.Fatal(err)
}
serializedKeyset := buff.Bytes()
// serializedKeyset can now be stored at a secure location.
// WARNING: Storing the keyset in cleartext to disk is not recommended!
// Parse the keyset.
parsedHandle, err := insecurecleartextkeyset.Read(keyset.NewJSONReader(bytes.NewBuffer(serializedKeyset)))
if err != nil {
log.Fatal(err)
}
// Get the primitive.
primitive, err := aead.New(parsedHandle)
if err != nil {
log.Fatal(err)
}
// Use the primitive.
plaintext := []byte("message")
associatedData := []byte("example encryption")
ciphertext, err := primitive.Encrypt(plaintext, associatedData)
if err != nil {
log.Fatal(err)
}
decrypted, err := primitive.Decrypt(ciphertext, associatedData)
if err != nil {
log.Fatal(err)
}
fmt.Println(string(decrypted))
}
Output: message
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func KeysetHandle
deprecated
KeysetHandle creates a keyset.Handle from cleartext key material.
Callers should verify that the returned *keyset.Handle isn't nil.
Deprecated: Use Read instead with a serialized keyset.
sks, err := proto.Marshal(ks)
if err != nil {
return err
}
h, err := insecurecleartextkeyset.Read(keyset.NewBinaryReader(bytes.NewBuffer(sks)))
if err != nil {
return err
}
func KeysetMaterial ¶
KeysetMaterial returns the key material contained in a keyset.Handle.
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.