crypto

package
v0.15.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 15, 2025 License: Apache-2.0 Imports: 15 Imported by: 8

Documentation

Index

Constants

View Source 
const (
	// ProducerCryptoFailureActionFail this is the default option to fail send if crypto operation fails.
	ProducerCryptoFailureActionFail = iota

	// ProducerCryptoFailureActionSend ignore crypto failure and proceed with sending unencrypted message.
	ProducerCryptoFailureActionSend
)
View Source 
const (
	// ConsumerCryptoFailureActionFail this is the default option to fail consume messages until crypto succeeds.
	ConsumerCryptoFailureActionFail = iota

	// ConsumerCryptoFailureActionDiscard  message is silently acknowledged and not delivered to the application
	ConsumerCryptoFailureActionDiscard

	// ConsumerCryptoFailureActionConsume deliver the encrypted message to the application.
	// It's the application's responsibility to decrypt the message.
	// if message is also compressed, decompression will fail.
	// If message contain batch messages, client will not be able to retrieve
	// individual messages in the batch.
	// delivered encrypted message contains EncryptionContext which contains encryption
	// and compression information in it using which application can decrypt the payload.
	ConsumerCryptoFailureActionConsume
)

Variables

This section is empty.

Functions

This section is empty.

Types

type DefaultMessageCrypto 

type DefaultMessageCrypto struct {
	// contains filtered or unexported fields
}

DefaultMessageCrypto implementation of the interface MessageCryto

func NewDefaultMessageCrypto 

func NewDefaultMessageCrypto(logCtx string, keyGenNeeded bool, logger log.Logger) (*DefaultMessageCrypto, error)

NewDefaultMessageCrypto get the instance of message crypto

func (*DefaultMessageCrypto) AddPublicKeyCipher 

func (d *DefaultMessageCrypto) AddPublicKeyCipher(keyNames []string, keyReader KeyReader) error

AddPublicKeyCipher encrypt data key using keyCrypto and cache

func (*DefaultMessageCrypto) Decrypt 

func (d *DefaultMessageCrypto) Decrypt(msgMetadata MessageMetadataSupplier,
	payload []byte,
	keyReader KeyReader) ([]byte, error)

Decrypt the payload using decrypted data key. Here data key is read from the message metadata and decrypted using private key.

func (*DefaultMessageCrypto) Encrypt 

func (d *DefaultMessageCrypto) Encrypt(encKeys []string,
	keyReader KeyReader,
	msgMetadata MessageMetadataSupplier,
	payload []byte) ([]byte, error)

Encrypt payload using encryption keys and add encrypted data key to message metadata. Here data key is encrypted using public key

func (*DefaultMessageCrypto) RemoveKeyCipher 

func (d *DefaultMessageCrypto) RemoveKeyCipher(keyName string) bool

RemoveKeyCipher remove encrypted data key from cache

type EncryptionKeyInfo 

type EncryptionKeyInfo struct {
	// contains filtered or unexported fields
}

EncryptionKeyInfo

func NewEncryptionKeyInfo 

func NewEncryptionKeyInfo(name string, key []byte, metadata map[string]string) *EncryptionKeyInfo

NewEncryptionKeyInfo create a new EncryptionKeyInfo

func (*EncryptionKeyInfo) Key 

func (eci *EncryptionKeyInfo) Key() []byte

Key get the key data

func (*EncryptionKeyInfo) Metadata 

func (eci *EncryptionKeyInfo) Metadata() map[string]string

Metadata get key metadata

func (*EncryptionKeyInfo) Name 

func (eci *EncryptionKeyInfo) Name() string

Name get the name of the key

type FileKeyReader 

type FileKeyReader struct {
	// contains filtered or unexported fields
}

FileKeyReader default implementation of KeyReader

func NewFileKeyReader 

func NewFileKeyReader(publicKeyPath, privateKeyPath string) *FileKeyReader

func (*FileKeyReader) PrivateKey 

func (d *FileKeyReader) PrivateKey(keyName string, keyMeta map[string]string) (*EncryptionKeyInfo, error)

PrivateKey read private key from the given path

func (*FileKeyReader) PublicKey 

func (d *FileKeyReader) PublicKey(keyName string, keyMeta map[string]string) (*EncryptionKeyInfo, error)

PublicKey read public key from the given path

type KeyReader 

type KeyReader interface {
	// PublicKey get public key that is be used by the producer to encrypt data key
	PublicKey(keyName string, metadata map[string]string) (*EncryptionKeyInfo, error)

	// PrivateKey get private key that is used by the consumer to decrypt data key
	PrivateKey(keyName string, metadata map[string]string) (*EncryptionKeyInfo, error)
}

KeyReader implement this interface to read and provide public & private keys key pair can be RSA, ECDSA

type MessageCrypto 

type MessageCrypto interface {

	// AddPublicKeyCipher encrypt data using the public key(s) in the argument.
	// If more than one key name is specified, data key is encrypted using each of those keys.
	// If the public key is expired or changed, application is responsible to remove
	// the old key and add the new key.
	AddPublicKeyCipher(keyNames []string, keyReader KeyReader) error

	// RemoveKeyCipher remove the key from the list
	RemoveKeyCipher(keyName string) bool

	// Encrypt the payload using the data key and update
	// message metadata with the key and encrypted data key
	Encrypt(encKeys []string, KeyReader KeyReader, msgMetadata MessageMetadataSupplier, payload []byte) ([]byte, error)

	// Decrypt the payload using the data key.
	// Keys used to encrypt the data key can be retrieved from msgMetadata
	Decrypt(msgMetadata MessageMetadataSupplier, payload []byte, KeyReader KeyReader) ([]byte, error)
}

MessageCrypto implement this interface to encrypt and decrypt messages

type MessageMetadata 

type MessageMetadata struct {
	// contains filtered or unexported fields
}

func (*MessageMetadata) EncryptionKeys 

func (m *MessageMetadata) EncryptionKeys() []EncryptionKeyInfo

func (*MessageMetadata) EncryptionParam 

func (m *MessageMetadata) EncryptionParam() []byte

func (*MessageMetadata) SetEncryptionParam 

func (m *MessageMetadata) SetEncryptionParam(param []byte)

func (*MessageMetadata) UpsertEncryptionKey added in v0.7.0 

func (m *MessageMetadata) UpsertEncryptionKey(keyInfo EncryptionKeyInfo)

type MessageMetadataSupplier 

type MessageMetadataSupplier interface {
	// EncryptionKeys read all the encryption keys from the MessageMetadata
	EncryptionKeys() []EncryptionKeyInfo

	// UpsertEncryptionKey add new or update existing EncryptionKeys in to the MessageMetadata
	UpsertEncryptionKey(EncryptionKeyInfo)

	// EncryptionParam read the ecryption parameter from the MessageMetadata
	EncryptionParam() []byte

	// SetEncryptionParam set encryption parameter in to the MessageMetadata
	SetEncryptionParam([]byte)
}

MessageMetadataSupplier wrapper implementation around message metadata

func NewMessageMetadataSupplier 

func NewMessageMetadataSupplier(messageMetadata *pb.MessageMetadata) MessageMetadataSupplier

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy