package streamingaead

import "github.com/google/tink/go/streamingaead"

Package streamingaead provides implementations of the streaming AEAD primitive.

AEAD encryption assures the confidentiality and authenticity of the data. This primitive is CPA secure.

Example

Code:play 

package main

import (
	"fmt"
	"io"
	"io/ioutil"
	"log"
	"os"
	"path/filepath"

	"github.com/google/tink/go/keyset"
	"github.com/google/tink/go/streamingaead"
)

func main() {
	dir, err := ioutil.TempDir("", "streamingaead")
	if err != nil {
		log.Fatal(err)
	}
	defer os.RemoveAll(dir)

	var (
		srcFilename = filepath.Join(dir, "plaintext.src")
		ctFilename  = filepath.Join(dir, "ciphertext.bin")
		dstFilename = filepath.Join(dir, "plaintext.dst")
	)

	if err := ioutil.WriteFile(srcFilename, []byte("this data needs to be encrypted"), 0666); err != nil {
		log.Fatal(err)
	}

	kh, err := keyset.NewHandle(streamingaead.AES256GCMHKDF4KBKeyTemplate())
	if err != nil {
		log.Fatal(err)
	}

	// TODO: save the keyset to a safe location. DO NOT hardcode it in source code.
	// Consider encrypting it with a remote key in Cloud KMS, AWS KMS or HashiCorp Vault.
	// See https://github.com/google/tink/blob/master/docs/GOLANG-HOWTO.md#storing-and-loading-existing-keysets.

	// Encrypt file.

	a, err := streamingaead.New(kh)
	if err != nil {
		log.Fatal(err)
	}

	srcFile, err := os.Open(srcFilename)
	if err != nil {
		log.Fatal(err)
	}

	ctFile, err := os.Create(ctFilename)
	if err != nil {
		log.Fatal(err)
	}

	aad := []byte("this data needs to be authenticated, but not encrypted")
	w, err := a.NewEncryptingWriter(ctFile, aad)
	if err != nil {
		log.Fatal(err)
	}

	if _, err := io.Copy(w, srcFile); err != nil {
		log.Fatal(err)
	}

	if err := w.Close(); err != nil {
		log.Fatal(err)
	}

	if err := ctFile.Close(); err != nil {
		log.Fatal(err)
	}
	if err := srcFile.Close(); err != nil {
		log.Fatal(err)
	}

	// Decrypt file.

	ctFile, err = os.Open(ctFilename)
	if err != nil {
		log.Fatal(err)
	}

	dstFile, err := os.Create(dstFilename)
	if err != nil {
		log.Fatal(err)
	}

	r, err := a.NewDecryptingReader(ctFile, aad)
	if err != nil {
		log.Fatal(err)
	}

	if _, err := io.Copy(dstFile, r); err != nil {
		log.Fatal(err)
	}

	if err := dstFile.Close(); err != nil {
		log.Fatal(err)
	}
	if err := ctFile.Close(); err != nil {
		log.Fatal(err)
	}

	b, err := ioutil.ReadFile(dstFilename)

	if err != nil {
		log.Fatal(err)
	}

	fmt.Println(string(b))
}

Output:

this data needs to be encrypted

Index

Examples

Functions

func AES128CTRHMACSHA256Segment1MBKeyTemplate

func AES128CTRHMACSHA256Segment1MBKeyTemplate() *tinkpb.KeyTemplate

AES128CTRHMACSHA256Segment1MBKeyTemplate is a KeyTemplate that generates an AES-CTR-HMAC key with the following parameters:

func AES128CTRHMACSHA256Segment4KBKeyTemplate

func AES128CTRHMACSHA256Segment4KBKeyTemplate() *tinkpb.KeyTemplate

AES128CTRHMACSHA256Segment4KBKeyTemplate is a KeyTemplate that generates an AES-CTR-HMAC key with the following parameters:

func AES128GCMHKDF1MBKeyTemplate

func AES128GCMHKDF1MBKeyTemplate() *tinkpb.KeyTemplate

AES128GCMHKDF1MBKeyTemplate is a KeyTemplate that generates an AES-GCM key with the following parameters:

func AES128GCMHKDF4KBKeyTemplate

func AES128GCMHKDF4KBKeyTemplate() *tinkpb.KeyTemplate

AES128GCMHKDF4KBKeyTemplate is a KeyTemplate that generates an AES-GCM key with the following parameters:

func AES256CTRHMACSHA256Segment1MBKeyTemplate

func AES256CTRHMACSHA256Segment1MBKeyTemplate() *tinkpb.KeyTemplate

AES256CTRHMACSHA256Segment1MBKeyTemplate is a KeyTemplate that generates an AES-CTR-HMAC key with the following parameters:

func AES256CTRHMACSHA256Segment4KBKeyTemplate

func AES256CTRHMACSHA256Segment4KBKeyTemplate() *tinkpb.KeyTemplate

AES256CTRHMACSHA256Segment4KBKeyTemplate is a KeyTemplate that generates an AES-CTR-HMAC key with the following parameters:

func AES256GCMHKDF1MBKeyTemplate

func AES256GCMHKDF1MBKeyTemplate() *tinkpb.KeyTemplate

AES256GCMHKDF1MBKeyTemplate is a KeyTemplate that generates an AES-GCM key with the following parameters:

func AES256GCMHKDF4KBKeyTemplate

func AES256GCMHKDF4KBKeyTemplate() *tinkpb.KeyTemplate

AES256GCMHKDF4KBKeyTemplate is a KeyTemplate that generates an AES-GCM key with the following parameters:

func New

New returns a StreamingAEAD primitive from the given keyset handle.

func NewWithKeyManager

func NewWithKeyManager(h *keyset.Handle, km registry.KeyManager) (tink.StreamingAEAD, error)

NewWithKeyManager returns a StreamingAEAD primitive from the given keyset handle and custom key manager.

Deprecated: Use New.

Source Files

aes_ctr_hmac_key_manager.go aes_gcm_hkdf_key_manager.go decrypt_reader.go streamingaead.go streamingaead_factory.go streamingaead_key_templates.go

Directories

PathSynopsis
streamingaead/subtlePackage subtle provides subtle implementations of the Streaming AEAD primitive.
streamingaead/subtle/noncebasedPackage noncebased provides a reusable streaming AEAD framework.
Version
v1.7.0 (latest)
Published
Aug 10, 2022
Platform
linux/amd64
Imports
17 packages
Last checked
3 months ago

Tools for package owners.