package aecmk

import "github.com/microsoft/go-mssqldb/aecmk"

Index

Constants 

const (
	CertificateStoreKeyProvider = "MSSQL_CERTIFICATE_STORE"
	CspKeyProvider              = "MSSQL_CSP_PROVIDER"
	CngKeyProvider              = "MSSQL_CNG_STORE"
	AzureKeyVaultKeyProvider    = "AZURE_KEY_VAULT"
	JavaKeyProvider             = "MSSQL_JAVA_KEYSTORE"
	KeyEncryptionAlgorithm      = "RSA_OAEP"
)

Variables 

var ColumnEncryptionKeyLifetime time.Duration = 2 * time.Hour

ColumnEncryptionKeyLifetime is the default lifetime of decrypted Column Encryption Keys in the global cache. The default is 2 hours

Functions

func RegisterCekProvider 

func RegisterCekProvider(name string, provider ColumnEncryptionKeyProvider) error

Types

type CekProvider 

type CekProvider struct {
	Provider ColumnEncryptionKeyProvider
	// contains filtered or unexported fields
}

func NewCekProvider 

func NewCekProvider(provider ColumnEncryptionKeyProvider) *CekProvider

func (*CekProvider) GetDecryptedKey 

func (cp *CekProvider) GetDecryptedKey(keyPath string, encryptedBytes []byte) (decryptedKey []byte, err error)

type ColumnEncryptionKeyProvider 

type ColumnEncryptionKeyProvider interface {
	// DecryptColumnEncryptionKey decrypts the specified encrypted value of a column encryption key.
	// The encrypted value is expected to be encrypted using the column master key with the specified key path and using the specified algorithm.
	DecryptColumnEncryptionKey(masterKeyPath string, encryptionAlgorithm string, encryptedCek []byte) []byte
	// EncryptColumnEncryptionKey encrypts a column encryption key using the column master key with the specified key path and using the specified algorithm.
	EncryptColumnEncryptionKey(masterKeyPath string, encryptionAlgorithm string, cek []byte) []byte
	// SignColumnMasterKeyMetadata digitally signs the column master key metadata with the column master key
	// referenced by the masterKeyPath parameter. The input values used to generate the signature should be the
	// specified values of the masterKeyPath and allowEnclaveComputations parameters. May return an empty slice if not supported.
	SignColumnMasterKeyMetadata(masterKeyPath string, allowEnclaveComputations bool) []byte
	// VerifyColumnMasterKeyMetadata verifies the specified signature is valid for the column master key
	// with the specified key path and the specified enclave behavior. Return nil if not supported.
	VerifyColumnMasterKeyMetadata(masterKeyPath string, allowEnclaveComputations bool) *bool
	// KeyLifetime is an optional Duration. Keys fetched by this provider will be discarded after their lifetime expires.
	// If it returns nil, the keys will expire based on the value of ColumnEncryptionKeyLifetime.
	// If it returns zero, the keys will not be cached.
	KeyLifetime() *time.Duration
}

ColumnEncryptionKeyProvider is the interface for decrypting and encrypting column encryption keys. It is similar to .Net https://learn.microsoft.com/dotnet/api/microsoft.data.sqlclient.sqlcolumnencryptionkeystoreprovider.

type ColumnEncryptionKeyProviderMap 

type ColumnEncryptionKeyProviderMap map[string]*CekProvider

no synchronization on this map. Providers register during init.

func GetGlobalCekProviders 

func GetGlobalCekProviders() (providers ColumnEncryptionKeyProviderMap)

Source Files

keyprovider.go

Directories

PathSynopsis
aecmk/akv
aecmk/localcert
Version
v1.6.0
Published
Aug 31, 2023
Platform
linux/amd64
Imports
3 packages
Last checked
2 minutes ago

Tools for package owners.