transit

package
v0.6.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 21, 2016 License: MPL-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source
const (
	ErrTooOld = "ciphertext version is disallowed by policy (too old)"
)

Variables

This section is empty.

Functions

func Backend

func Backend(conf *logical.BackendConfig) *backend

func Factory

func Factory(conf *logical.BackendConfig) (logical.Backend, error)

Types

type ArchivedKeys added in v0.5.0

type ArchivedKeys struct {
	Keys []KeyEntry `json:"keys"`
}

ArchivedKeys stores old keys. This is used to keep the key loading time sane when there are huge numbers of rotations.

type KeyEntry added in v0.3.0

type KeyEntry struct {
	Key          []byte `json:"key"`
	CreationTime int64  `json:"creation_time"`
}

KeyEntry stores the key and metadata

type KeyEntryMap added in v0.3.0

type KeyEntryMap map[int]KeyEntry

KeyEntryMap is used to allow JSON marshal/unmarshal

func (KeyEntryMap) MarshalJSON added in v0.3.0

func (kem KeyEntryMap) MarshalJSON() ([]byte, error)

MarshalJSON implements JSON marshaling

func (KeyEntryMap) UnmarshalJSON added in v0.3.0

func (kem KeyEntryMap) UnmarshalJSON(data []byte) error

MarshalJSON implements JSON unmarshaling

type Policy

type Policy struct {
	Name       string      `json:"name"`
	Key        []byte      `json:"key,omitempty"` //DEPRECATED
	Keys       KeyEntryMap `json:"keys"`
	CipherMode string      `json:"cipher"`

	// Derived keys MUST provide a context and the master underlying key is
	// never used. If convergent encryption is true, the context will be used
	// as the nonce as well.
	Derived              bool   `json:"derived"`
	KDFMode              string `json:"kdf_mode"`
	ConvergentEncryption bool   `json:"convergent_encryption"`

	// The minimum version of the key allowed to be used
	// for decryption
	MinDecryptionVersion int `json:"min_decryption_version"`

	// The latest key version in this policy
	LatestVersion int `json:"latest_version"`

	// The latest key version in the archive. We never delete these, so this is
	// a max.
	ArchiveVersion int `json:"archive_version"`

	// Whether the key is allowed to be deleted
	DeletionAllowed bool `json:"deletion_allowed"`
}

Policy is the struct used to store metadata

func (*Policy) Decrypt added in v0.3.0

func (p *Policy) Decrypt(context, nonce []byte, value string) (string, error)

func (*Policy) DeriveKey added in v0.2.0

func (p *Policy) DeriveKey(context []byte, ver int) ([]byte, error)

DeriveKey is used to derive the encryption key that should be used depending on the policy. If derivation is disabled the raw key is used and no context is required, otherwise the KDF mode is used with the context to derive the proper key.

func (*Policy) Encrypt added in v0.3.0

func (p *Policy) Encrypt(context, nonce []byte, value string) (string, error)

func (*Policy) Persist added in v0.3.0

func (p *Policy) Persist(storage logical.Storage) error

func (*Policy) Serialize

func (p *Policy) Serialize() ([]byte, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL