encrypt

package

v0.0.16 Latest Latest Go to latest Published: Apr 1, 2026 License: Apache-2.0 Imports: 13 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/PointerByte/QuicksGo

Links

Open Source Insights

Documentation ¶

Overview ¶

Package encrypt provides high-level cryptographic repositories for the security module.

The package groups helpers for:

symmetric encryption with AES-GCM
hashing and HMAC generation
RSA key generation and RSA-OAEP encryption
Ed25519 and RSA-based digital signatures

Applications can depend on the focused repository interfaces when they need only one capability, or use NewRepository to obtain a combined entry point for the main encryption services. Every operation receives a context.Context so callers can control request scope, deadlines, and cancellation across local and provider-backed implementations.

NewRepository selects its backend from viper key "encrypt.vault.mode". Supported values are:

"local" for in-process cryptography
"aws-kms" for AWS KMS-backed repositories
"azure-key-vault" for Azure Key Vault-backed repositories
"gcp-kms" for Google Cloud KMS-backed repositories

When the configuration value is empty or unsupported, NewRepository falls back to the local repository implementation.

Index ¶

func ParseEd25519PrivateKeyFromBase64(b64 string) (ed25519.PrivateKey, error)
func ParseEd25519PublicKeyFromBase64(b64 string) (ed25519.PublicKey, error)
func ParseRSAPrivateKeyFromBase64(b64 string) (*rsa.PrivateKey, error)
func ParseRSAPublicKeyFromBase64(b64 string) (*rsa.PublicKey, error)
type AsymmetricRepository
type HashRepository
type Mode
type Repository
- func NewRepository(mode Mode) Repository
type SignatureRepository
type SymmetricRepository

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ParseEd25519PrivateKeyFromBase64 ¶

func ParseEd25519PrivateKeyFromBase64(b64 string) (ed25519.PrivateKey, error)

ParseEd25519PrivateKeyFromBase64 decodes a Base64-encoded Ed25519 private key.

func ParseEd25519PublicKeyFromBase64 ¶

func ParseEd25519PublicKeyFromBase64(b64 string) (ed25519.PublicKey, error)

ParseEd25519PublicKeyFromBase64 decodes a Base64-encoded Ed25519 public key.

func ParseRSAPrivateKeyFromBase64 ¶

func ParseRSAPrivateKeyFromBase64(b64 string) (*rsa.PrivateKey, error)

ParseRSAPrivateKeyFromBase64 decodes a Base64-encoded RSA private key.

func ParseRSAPublicKeyFromBase64 ¶

func ParseRSAPublicKeyFromBase64(b64 string) (*rsa.PublicKey, error)

ParseRSAPublicKeyFromBase64 decodes a Base64-encoded RSA public key.

Types ¶

type AsymmetricRepository ¶

type AsymmetricRepository interface {
	// GeneratesRSAKey creates an RSA key pair encoded as Base64.
	GeneratesRSAKey(ctx context.Context, size common.SizeAsymetrycKey) (*models.AsymmetricKeyData, error)
	// RSA_OAEP_Encode encrypts plaintext with a Base64-encoded RSA public key.
	RSA_OAEP_Encode(ctx context.Context, publicKey, text string) (string, error)
	// RSA_OAEP_Decode decrypts Base64 ciphertext with a Base64-encoded RSA
	// private key.
	RSA_OAEP_Decode(ctx context.Context, privateKey, cipherText string) (string, error)
}

AsymmetricRepository exposes RSA key generation and RSA-OAEP helpers.

type HashRepository ¶

type HashRepository interface {
	// GenerateHMAC returns a Base64-encoded HMAC-SHA256 signature.
	GenerateHMAC(ctx context.Context, secretKey, message string) string
	// ValidateHMAC checks whether providedHash matches the message HMAC.
	ValidateHMAC(ctx context.Context, secretKey, message, providedHash string) bool
	// Sha256Hex returns the SHA-256 digest as a hexadecimal string.
	Sha256Hex(ctx context.Context, message string) string
	// Blake3 returns the BLAKE3 digest encoded as Base64.
	Blake3(ctx context.Context, message string) string
}

HashRepository exposes hashing and message-authentication helpers.

type Mode ¶

type Mode string

const (
	Local         Mode = "local"
	AwsKMS        Mode = "aws-kms"
	AzureKeyVault Mode = "azure-key-vault"
	GpcKMS        Mode = "gcp-kms"
)

type Repository ¶

type Repository interface {
	SymmetricRepository
	AsymmetricRepository
	HashRepository
	SignatureRepository
}

Repository groups the main encryption and signature capabilities exposed by the package.

func NewRepository ¶

func NewRepository(mode Mode) Repository

NewRepository returns a combined repository with the main cryptographic capabilities exposed by this package.

Supported values are "local", "aws-kms", "azure-key-vault", and "gcp-kms". When mode is empty or does not match a known value, the function falls back to the local implementation.

type SignatureRepository ¶

type SignatureRepository interface {
	// GeneratesEd255Key creates an Ed25519 key pair encoded as Base64.
	GeneratesEd255Key(ctx context.Context, size common.SizeAsymetrycKey) (*models.AsymmetricKeyData, error)
	// SignEd25519 signs text using a Base64-encoded Ed25519 private key.
	SignEd25519(ctx context.Context, privateKey, text string) (string, error)
	// VerifyEd25519 validates an Ed25519 Base64 signature.
	VerifyEd25519(ctx context.Context, publicKey, text, signature string) error

	// SignRSAPSS signs text with RSA-PSS using a Base64-encoded private key.
	SignRSAPSS(ctx context.Context, privateKey, text string) (string, error)
	// VerifyRSAPSS validates an RSA-PSS Base64 signature.
	VerifyRSAPSS(ctx context.Context, publicKey, text, signature string) error
	// SignPKCS1v15_SHA256 signs data with RSA PKCS#1 v1.5 using SHA-256.
	SignPKCS1v15_SHA256(ctx context.Context, data string, privateKey *rsa.PrivateKey) (string, error)
	// VerifySHA256 validates an RSA PKCS#1 v1.5 SHA-256 signature.
	VerifySHA256(ctx context.Context, data, signature string, publicKey *rsa.PublicKey) error
}

SignatureRepository exposes asymmetric signing and verification helpers.

type SymmetricRepository ¶

type SymmetricRepository interface {
	// GeneratesSymetrycKey returns a random Base64-encoded symmetric key.
	GeneratesSymetrycKey(ctx context.Context, size common.SizeSymetrycKey) (*models.SymmetricKeyData, error)

	// EncryptAES encrypts plaintext using a Base64-encoded AES key and optional
	// additional authenticated data.
	EncryptAES(ctx context.Context, secretKey, value string, additional *string) (string, error)
	// DecryptAES decrypts Base64 ciphertext produced by EncryptAES.
	DecryptAES(ctx context.Context, secretKey, cipherValue string, additional *string) (string, error)
}

SymmetricRepository exposes symmetric encryption helpers.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
aws-kms Package awskms provides the same repository-style cryptographic API as the local package, backed by AWS KMS where the service supports the operation.	Package awskms provides the same repository-style cryptographic API as the local package, backed by AWS KMS where the service supports the operation.
azure-key-vault Package azurekeyvault provides the same repository-style cryptographic API as the local package, backed by Azure Key Vault when a Key Vault key reference is supplied.	Package azurekeyvault provides the same repository-style cryptographic API as the local package, backed by Azure Key Vault when a Key Vault key reference is supplied.
common
gcp-kms Package gcpkms provides the same repository-style cryptographic API as the local package, backed by Google Cloud KMS when a Cloud KMS key reference is supplied.	Package gcpkms provides the same repository-style cryptographic API as the local package, backed by Google Cloud KMS when a Cloud KMS key reference is supplied.
local Package local provides in-process cryptographic helpers for symmetric encryption, hashing, RSA encryption, and digital signatures.	Package local provides in-process cryptographic helpers for symmetric encryption, hashing, RSA encryption, and digital signatures.
models

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL