Documentation
¶
Index ¶
- func CompressEnv(data []byte) ([]byte, error)
- func DecompressEnv(data []byte) ([]byte, error)
- func DecryptENV(prk []byte, encryptedData []byte, nonce []byte) ([]byte, error)
- func DecryptPrivateKey(encryptedPrivateKey *config.EncryptedPrivateKey, password string, ...) ([]byte, error)
- func DeletePrivateKey(user string) error
- func DeriveWrapKey(sharedSecret []byte) ([]byte, error)
- func EncodeEnv(env map[string]string) ([]byte, error)
- func EncryptENV(prk []byte, data []byte) ([]byte, []byte, error)
- func EncryptPrivateKey(privateKey *ecdh.PrivateKey, password string, ...) (*config.EncryptedPrivateKey, error)
- func GenerateDEK() ([]byte, error)
- func GenerateKeyPair(password string) (*config.KeyPair, error)
- func GenerateServiceRoleKeyPair() (*config.ServiceRoleKeyPair, error)
- func LoadPrivateKey(user string) ([]byte, error)
- func NormalizeEnv(env map[string]string) []byte
- func ParseEnv(raw []byte) (map[string]string, error)
- func PrepareEnvForRollback(env map[string]string) ([]byte, error)
- func PrepareEnvForStorage(parsed map[string]string) ([]byte, error)
- func ReadCompressedEnv(data []byte) (map[string]string, error)
- func RemoveAccessToken() error
- func RemoveRefreshToken() error
- func RemoveUserEmail() error
- func RemoveUserId() error
- func RewrapDEKs(oldPRK []byte, newPRK []byte, wrappedDEKs []config.WrappedDEK) ([]config.NewWrappedDEK, error)
- func SaveAccessToken(accessToken string) error
- func SavePrivateKey(user string, secret []byte) error
- func SaveRefreshToken(refreshToken string) error
- func SaveUserEmail(email string) error
- func SaveUserId(id uuid.UUID) error
- func UnwrapDEK(prk []byte, wrappedDEK []byte, dekNonce []byte) ([]byte, error)
- func UnwrapPRK(wrapped *WrappedKey, userPrivateKey []byte) ([]byte, error)
- func WrapDEK(prk []byte, dek []byte) ([]byte, []byte, error)
- func X25519SharedSecret(privateKeyBytes []byte, peerPublicKeyBytes []byte) ([]byte, error)
- type DiffingResult
- type EphemeralKeyPair
- type WrappedKey
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CompressEnv ¶
func DecompressEnv ¶
func DecryptPrivateKey ¶
func DecryptPrivateKey( encryptedPrivateKey *config.EncryptedPrivateKey, password string, argonParams *config.Argon2idParams, ) ([]byte, error)
func DeletePrivateKey ¶
func DeriveWrapKey ¶
func EncryptPrivateKey ¶
func EncryptPrivateKey(privateKey *ecdh.PrivateKey, password string, argonParams *config.Argon2idParams) (*config.EncryptedPrivateKey, error)
func GenerateDEK ¶ added in v1.1.0
func GenerateServiceRoleKeyPair ¶
func GenerateServiceRoleKeyPair() (*config.ServiceRoleKeyPair, error)
func LoadPrivateKey ¶
func NormalizeEnv ¶
func RemoveAccessToken ¶ added in v1.1.3
func RemoveAccessToken() error
func RemoveRefreshToken ¶ added in v1.1.3
func RemoveRefreshToken() error
func RemoveUserEmail ¶
func RemoveUserEmail() error
func RemoveUserId ¶
func RemoveUserId() error
func RewrapDEKs ¶ added in v1.2.0
func RewrapDEKs(oldPRK []byte, newPRK []byte, wrappedDEKs []config.WrappedDEK) ([]config.NewWrappedDEK, error)
func SaveAccessToken ¶ added in v1.1.3
func SavePrivateKey ¶
func SaveRefreshToken ¶
func SaveUserEmail ¶
func SaveUserId ¶
Types ¶
type DiffingResult ¶
type DiffingResult struct {
Added []string `json:"added"`
Removed []string `json:"removed"`
Modified []string `json:"modified"`
}
func DiffEnvVersions ¶
func DiffEnvVersions(oldVersion, newVersion map[string]string) DiffingResult
type EphemeralKeyPair ¶
type EphemeralKeyPair struct {
PrivateKey []byte // 32 bytes (destroy after use)
PublicKey []byte // 32 bytes (sent to server)
}
func GenerateEphemeralKeyPair ¶
func GenerateEphemeralKeyPair() (*EphemeralKeyPair, error)
type WrappedKey ¶
type WrappedKey struct {
WrappedPRK []byte `json:"wrapped_prk"` // AES-GCM ciphertext
WrapNonce []byte `json:"wrap_nonce"` // 12 bytes
WrapEphemeralPub []byte `json:"wrap_ephemeral_pub"` // 32 bytes
}
func WrapPRKForUser ¶ added in v1.1.0
func WrapPRKForUser( prk []byte, recipientUserPublicKey []byte, ) (*WrappedKey, error)
Source Files
Click to show internal directories.
Click to hide internal directories.