LoadPolicy will load a policy from the provided storage path and set the necessary un-exported variables.

MarshalingTypeString retrieves an enum value from the enum constants string name.

MarshalingTypeValues returns all values of the enum.

NewEncryptedKeyStorageWrapper takes an EncryptedKeyStorageConfig and returns a new EncryptedKeyStorage object.

NewPolicy takes a policy config and returns a Policy with those settings.

ParsePaddingScheme expects a lower case string that can be directly compared to a defined padding scheme or returns an error.

ParsePKCS8Ed25519PrivateKey parses an unencrypted private key in PKCS #8, ASN.1 DER form.

ParsePKCS8RSAPSSPrivateKey parses an unencrypted private key in PKCS #8, ASN.1 DER form.

DefaultCacheSize is used if no cache size is specified for NewEncryptedKeyStorage.

DefaultPrefix is used if no prefix is specified for NewEncryptedKeyStorage.

DefaultVersionTemplate is used when no version template is provided.

EncryptedKeyPolicyVersionTpl is a template that can be used to minimize the amount of data that's stored with the ciphertext.

ErrTooOld is returned whtn the ciphertext or signatures's key version is too old.

Careful with iota; don't put anything before it in this const block because we need the default of zero to be the old-style KDF.

Careful with iota; don't put anything before it in this const block because we need the default of zero to be the old-style KDF.

golang.org/x/crypto/hkdf.

built-in helper.

Or this one...we need the default of zero to be the original AES256-GCM96.

Or this one...we need the default of zero to be the original AES256-GCM96.

Or this one...we need the default of zero to be the original AES256-GCM96.

Or this one...we need the default of zero to be the original AES256-GCM96.

Or this one...we need the default of zero to be the original AES256-GCM96.

Or this one...we need the default of zero to be the original AES256-GCM96.

Or this one...we need the default of zero to be the original AES256-GCM96.

Or this one...we need the default of zero to be the original AES256-GCM96.

Or this one...we need the default of zero to be the original AES256-GCM96.

Or this one...we need the default of zero to be the original AES256-GCM96.

Or this one...we need the default of zero to be the original AES256-GCM96.

Or this one...we need the default of zero to be the original AES256-GCM96.

Or this one...we need the default of zero to be the original AES256-GCM96.

Or this one...we need the default of zero to be the original AES256-GCM96.

Or this one...we need the default of zero to be the original AES256-GCM96.

Or this one...we need the default of zero to be the original AES256-GCM96.

ErrNilPolicy is returned if the provided policy is nil.

ErrNilStorage is returned if the provided storage is nil.

ErrPolicyConvergentEncryption is returned if the provided policy does not use convergent encryption.

ErrPolicyConvergentVersion is returned if the provided policy does not use a new enough convergent version.

ErrPolicyDerivedKeys is returned if the provided policy does not use derived keys.

EncryptedKeyStorageConfig is used to configure an EncryptedKeyStorage object.

KeyEntry stores the key and metadata.

Policy is the struct used to store metadata.

PolicyConfig is used to create a new policy.

PolicyRequest holds values used when requesting a policy.

SymmetricOpts are the arguments to symmetric operations that are "optional", e.g.

go:generate enumer -type=MarshalingType -trimprefix=MarshalingType -transform=snake.