▽

Package keyenc

func DeriveECDHES ¶

func DeriveECDHES(alg, apu, apv []byte, privkey interface{}, pubkey interface{}, keysize uint32) ([]byte, error)

func DeriveZ ¶

func DeriveZ(privkeyif interface{}, pubkeyif interface{}) ([]byte, error)

func Unwrap ¶

func Unwrap(block cipher.Block, ciphertxt []byte) ([]byte, error)

func Wrap ¶

func Wrap(kek cipher.Block, cek []byte) ([]byte, error)

type AES ¶

AES encrypts content encryption keys using AES key wrap. Contrary to what the name implies, it also decrypt encrypted keys

type AES struct {
    // contains filtered or unexported fields
}

func NewAES ¶

func NewAES(alg jwa.KeyEncryptionAlgorithm, sharedkey []byte) (*AES, error)

NewAES creates a key-wrap encrypter using AES. Although the name suggests otherwise, this does the decryption as well.

func (*AES) Algorithm ¶

func (kw *AES) Algorithm() jwa.KeyEncryptionAlgorithm

Algorithm returns the key encryption algorithm being used

func (*AES) Decrypt ¶

func (kw *AES) Decrypt(enckey []byte) ([]byte, error)

Decrypt decrypts the encrypted key using AES key unwrap

func (*AES) Encrypt ¶

func (kw *AES) Encrypt(cek []byte) (keygen.ByteSource, error)

KeyEncrypt encrypts the given content encryption key

func (*AES) KeyID ¶

func (kw *AES) KeyID() string

KeyID returns the key ID associated with this encrypter

func (*AES) SetKeyID ¶

func (kw *AES) SetKeyID(v string)

type AESGCMEncrypt ¶

AESGCM encrypts content encryption keys using AES-GCM key wrap.

type AESGCMEncrypt struct {
    // contains filtered or unexported fields
}

func NewAESGCMEncrypt ¶

func NewAESGCMEncrypt(alg jwa.KeyEncryptionAlgorithm, sharedkey []byte) (*AESGCMEncrypt, error)

func (AESGCMEncrypt) Algorithm ¶

func (kw AESGCMEncrypt) Algorithm() jwa.KeyEncryptionAlgorithm

func (AESGCMEncrypt) Encrypt ¶

func (kw AESGCMEncrypt) Encrypt(cek []byte) (keygen.ByteSource, error)

func (AESGCMEncrypt) KeyID ¶

func (kw AESGCMEncrypt) KeyID() string

func (*AESGCMEncrypt) SetKeyID ¶

func (kw *AESGCMEncrypt) SetKeyID(v string)

type Decrypter ¶

Decrypter is an interface for things that can decrypt keys

type Decrypter interface {
    Algorithm() jwa.KeyEncryptionAlgorithm
    Decrypt([]byte) ([]byte, error)
}

type DirectDecrypt ¶

DirectDecrypt does no encryption (Note: Unimplemented)

type DirectDecrypt struct {
    Key []byte
}

func (DirectDecrypt) Decrypt ¶

func (d DirectDecrypt) Decrypt() ([]byte, error)

Decrypt for DirectDecrypt does not do anything other than return a copy of the embedded key

type ECDHESDecrypt ¶

ECDHESDecrypt decrypts keys using ECDH-ES.

type ECDHESDecrypt struct {
    // contains filtered or unexported fields
}

func NewECDHESDecrypt ¶

func NewECDHESDecrypt(keyalg jwa.KeyEncryptionAlgorithm, contentalg jwa.ContentEncryptionAlgorithm, pubkey interface{}, apu, apv []byte, privkey interface{}) *ECDHESDecrypt

NewECDHESDecrypt creates a new key decrypter using ECDH-ES

func (ECDHESDecrypt) Algorithm ¶

func (kw ECDHESDecrypt) Algorithm() jwa.KeyEncryptionAlgorithm

Algorithm returns the key encryption algorithm being used

func (ECDHESDecrypt) Decrypt ¶

func (kw ECDHESDecrypt) Decrypt(enckey []byte) ([]byte, error)

Decrypt decrypts the encrypted key using ECDH-ES

type ECDHESEncrypt ¶

ECDHESEncrypt encrypts content encryption keys using ECDH-ES.

type ECDHESEncrypt struct {
    // contains filtered or unexported fields
}

func NewECDHESEncrypt ¶

func NewECDHESEncrypt(alg jwa.KeyEncryptionAlgorithm, enc jwa.ContentEncryptionAlgorithm, keysize int, keyif interface{}) (*ECDHESEncrypt, error)

NewECDHESEncrypt creates a new key encrypter based on ECDH-ES

func (ECDHESEncrypt) Algorithm ¶

func (kw ECDHESEncrypt) Algorithm() jwa.KeyEncryptionAlgorithm

Algorithm returns the key encryption algorithm being used

func (ECDHESEncrypt) Encrypt ¶

func (kw ECDHESEncrypt) Encrypt(cek []byte) (keygen.ByteSource, error)

KeyEncrypt encrypts the content encryption key using ECDH-ES

func (ECDHESEncrypt) KeyID ¶

func (kw ECDHESEncrypt) KeyID() string

KeyID returns the key ID associated with this encrypter

func (*ECDHESEncrypt) SetKeyID ¶

func (kw *ECDHESEncrypt) SetKeyID(v string)

type Encrypter ¶

Encrypter is an interface for things that can encrypt keys

type Encrypter interface {
    Algorithm() jwa.KeyEncryptionAlgorithm
    Encrypt([]byte) (keygen.ByteSource, error)
    // KeyID returns the key id for this Encrypter. This exists so that
    // you can pass in a Encrypter to MultiEncrypt, you can rest assured
    // that the generated key will have the proper key ID.
    KeyID() string

    SetKeyID(string)
}

type Noop ¶

type Noop struct {
    // contains filtered or unexported fields
}

func NewNoop ¶

func NewNoop(alg jwa.KeyEncryptionAlgorithm, sharedkey []byte) (*Noop, error)

func (*Noop) Algorithm ¶

func (kw *Noop) Algorithm() jwa.KeyEncryptionAlgorithm

func (*Noop) Encrypt ¶

func (kw *Noop) Encrypt(cek []byte) (keygen.ByteSource, error)

func (*Noop) KeyID ¶

func (kw *Noop) KeyID() string

func (*Noop) SetKeyID ¶

func (kw *Noop) SetKeyID(v string)

type PBES2Encrypt ¶

PBES2Encrypt encrypts keys with PBES2 / PBKDF2 password

type PBES2Encrypt struct {
    // contains filtered or unexported fields
}

func NewPBES2Encrypt ¶

func NewPBES2Encrypt(alg jwa.KeyEncryptionAlgorithm, password []byte) (*PBES2Encrypt, error)

func (PBES2Encrypt) Algorithm ¶

func (kw PBES2Encrypt) Algorithm() jwa.KeyEncryptionAlgorithm

func (PBES2Encrypt) Encrypt ¶

func (kw PBES2Encrypt) Encrypt(cek []byte) (keygen.ByteSource, error)

func (PBES2Encrypt) KeyID ¶

func (kw PBES2Encrypt) KeyID() string

func (*PBES2Encrypt) SetKeyID ¶

func (kw *PBES2Encrypt) SetKeyID(v string)

type RSAOAEPDecrypt ¶

RSAOAEPDecrypt decrypts keys using RSA OAEP algorithm

type RSAOAEPDecrypt struct {
    // contains filtered or unexported fields
}

func NewRSAOAEPDecrypt ¶

func NewRSAOAEPDecrypt(alg jwa.KeyEncryptionAlgorithm, privkey *rsa.PrivateKey) (*RSAOAEPDecrypt, error)

NewRSAOAEPDecrypt creates a new key decrypter using RSA OAEP

func (RSAOAEPDecrypt) Algorithm ¶

func (d RSAOAEPDecrypt) Algorithm() jwa.KeyEncryptionAlgorithm

Algorithm returns the key encryption algorithm being used

func (RSAOAEPDecrypt) Decrypt ¶

func (d RSAOAEPDecrypt) Decrypt(enckey []byte) ([]byte, error)

Decrypt decrypts the encrypted key using RSA OAEP

type RSAOAEPEncrypt ¶

RSAOAEPEncrypt encrypts keys using RSA OAEP algorithm

type RSAOAEPEncrypt struct {
    // contains filtered or unexported fields
}

func NewRSAOAEPEncrypt ¶

func NewRSAOAEPEncrypt(alg jwa.KeyEncryptionAlgorithm, pubkey *rsa.PublicKey) (*RSAOAEPEncrypt, error)

NewRSAOAEPEncrypt creates a new key encrypter using RSA OAEP

func (RSAOAEPEncrypt) Algorithm ¶

func (e RSAOAEPEncrypt) Algorithm() jwa.KeyEncryptionAlgorithm

Algorithm returns the key encryption algorithm being used

func (RSAOAEPEncrypt) Encrypt ¶

func (e RSAOAEPEncrypt) Encrypt(cek []byte) (keygen.ByteSource, error)

KeyEncrypt encrypts the content encryption key using RSA OAEP

func (RSAOAEPEncrypt) KeyID ¶

func (e RSAOAEPEncrypt) KeyID() string

KeyID returns the key ID associated with this encrypter

func (*RSAOAEPEncrypt) SetKeyID ¶

func (e *RSAOAEPEncrypt) SetKeyID(v string)

type RSAPKCS15Decrypt ¶

RSAPKCS15Decrypt decrypts keys using RSA PKCS1v15 algorithm

type RSAPKCS15Decrypt struct {
    // contains filtered or unexported fields
}

func NewRSAPKCS15Decrypt ¶

func NewRSAPKCS15Decrypt(alg jwa.KeyEncryptionAlgorithm, privkey *rsa.PrivateKey, keysize int) *RSAPKCS15Decrypt

NewRSAPKCS15Decrypt creates a new decrypter using RSA PKCS1v15

func (RSAPKCS15Decrypt) Algorithm ¶

func (d RSAPKCS15Decrypt) Algorithm() jwa.KeyEncryptionAlgorithm

Algorithm returns the key encryption algorithm being used

func (RSAPKCS15Decrypt) Decrypt ¶

func (d RSAPKCS15Decrypt) Decrypt(enckey []byte) ([]byte, error)

Decrypt decrypts the encrypted key using RSA PKCS1v1.5

type RSAPKCSEncrypt ¶

RSAPKCSEncrypt encrypts keys using RSA PKCS1v15 algorithm

type RSAPKCSEncrypt struct {
    // contains filtered or unexported fields
}

func NewRSAPKCSEncrypt ¶

func NewRSAPKCSEncrypt(alg jwa.KeyEncryptionAlgorithm, pubkey *rsa.PublicKey) (*RSAPKCSEncrypt, error)

NewRSAPKCSEncrypt creates a new key encrypter using PKCS1v15

func (RSAPKCSEncrypt) Algorithm ¶

func (e RSAPKCSEncrypt) Algorithm() jwa.KeyEncryptionAlgorithm

Algorithm returns the key encryption algorithm being used

func (RSAPKCSEncrypt) Encrypt ¶

func (e RSAPKCSEncrypt) Encrypt(cek []byte) (keygen.ByteSource, error)

KeyEncrypt encrypts the content encryption key using RSA PKCS1v15

func (RSAPKCSEncrypt) KeyID ¶

func (e RSAPKCSEncrypt) KeyID() string

KeyID returns the key ID associated with this encrypter

func (*RSAPKCSEncrypt) SetKeyID ¶

func (e *RSAPKCSEncrypt) SetKeyID(v string)