Documentation
¶
Overview ¶
Package encryption provides AES-256-GCM encryption for sensitive data. It's designed to be transparent to the existing engine, working as a middleware layer that can be enabled/disabled via configuration.
Index ¶
- Variables
- func GenerateKey() ([]byte, error)
- func GenerateKeyString() (string, error)
- func IsEncrypted(data string) bool
- type Config
- type EncryptionService
- func (es *EncryptionService) Decrypt(ciphertext string) (string, error)
- func (es *EncryptionService) DecryptBytes(data []byte) ([]byte, error)
- func (es *EncryptionService) Encrypt(plaintext string) (string, error)
- func (es *EncryptionService) EncryptBytes(data []byte) ([]byte, error)
- func (es *EncryptionService) GetMetrics() (encryptCount, decryptCount uint64)
- func (es *EncryptionService) ResetMetrics()
- func (es *EncryptionService) RotateKey(newKey []byte) (*EncryptionService, error)
Constants ¶
This section is empty.
Variables ¶
var ( ErrInvalidKeySize = errors.New("encryption key must be 32 bytes") ErrDecryptionFailed = errors.New("decryption failed") ErrInvalidCiphertext = errors.New("invalid ciphertext") ErrKeyDerivationFailed = errors.New("key derivation failed") )
Common errors
Functions ¶
func GenerateKey ¶
GenerateKey generates a secure 32-byte key for AES-256
func GenerateKeyString ¶
GenerateKeyString generates a base64-encoded key
func IsEncrypted ¶
IsEncrypted checks if a string appears to be encrypted (base64 with proper length)
Types ¶
type Config ¶
type Config struct {
Key string // Base64-encoded 32-byte key
}
Config holds encryption service configuration
type EncryptionService ¶
type EncryptionService struct {
// contains filtered or unexported fields
}
EncryptionService provides AES-256-GCM encryption/decryption
func NewEncryptionService ¶
func NewEncryptionService(key string) (*EncryptionService, error)
NewEncryptionService creates a new encryption service with the provided key
func NewEncryptionServiceWithBytes ¶
func NewEncryptionServiceWithBytes(key []byte) (*EncryptionService, error)
NewEncryptionServiceWithBytes creates a service with raw key bytes
func (*EncryptionService) Decrypt ¶
func (es *EncryptionService) Decrypt(ciphertext string) (string, error)
Decrypt decrypts base64-encoded ciphertext and returns plaintext
func (*EncryptionService) DecryptBytes ¶
func (es *EncryptionService) DecryptBytes(data []byte) ([]byte, error)
DecryptBytes decrypts binary data
func (*EncryptionService) Encrypt ¶
func (es *EncryptionService) Encrypt(plaintext string) (string, error)
Encrypt encrypts plaintext and returns base64-encoded ciphertext
func (*EncryptionService) EncryptBytes ¶
func (es *EncryptionService) EncryptBytes(data []byte) ([]byte, error)
EncryptBytes encrypts binary data
func (*EncryptionService) GetMetrics ¶
func (es *EncryptionService) GetMetrics() (encryptCount, decryptCount uint64)
GetMetrics returns encryption/decryption counts for monitoring
func (*EncryptionService) ResetMetrics ¶
func (es *EncryptionService) ResetMetrics()
ResetMetrics resets the metrics counters
func (*EncryptionService) RotateKey ¶
func (es *EncryptionService) RotateKey(newKey []byte) (*EncryptionService, error)
RotateKey creates a new encryption service with a new key This is useful for key rotation scenarios
Source Files