Categorygithub.com/bincyber/go-sqlcrypterprovidersaesgcm
package
0.2.0
Repository: https://github.com/bincyber/go-sqlcrypter.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
6
Dependents
1
Files
113 SLOC

# README

AES GCM

256-bit AES in Galois/Counter Mode (GCM)

Example

package main

import (
	"github.com/bincyber/go-sqlcrypter"
	"github.com/bincyber/go-sqlcrypter/aesgcm"
)

func main() {
	s := "32-byte-hex-encoded-data-encryption-key-here"

	key, err := hex.DecodeString(s)
	if err != nil {
		// handle error
	}

	aesCrypter, err := aesgcm.New(key, nil)
	if err != nil {
		// handle error
	}
	sqlcrypter.Init(aesCrypter)
}

Key Rotation

AESCrypter supports key rotation by allowing two data encryption keys (DEKs) to be specified during initialization. When aesgcm.New() is called with two DEKs, the first key is used to encrypt (and decrypt) any new data, while the second key is only used to decrypt existing data.

Note: Before the old key can stop being used, any existing data must be re-encrypted with the new key by running Update queries over the database records. Handling this is out of scope for this library.

# Functions

New initializes the AES GCM crypter with the provided data encryption key (DEK).

# Structs

AESCrypter is an implementation of the Crypterer interface using 256-bit AES in Galeious Counter Mode with support for key rotation.