Categorygithub.com/opentdf/platform/sdk
modulepackage
0.3.23
Repository: https://github.com/opentdf/platform.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
52
Dependents
8
Files
4.5k SLOC

# README

OpenTDF Data Security SDK

A Go implementation of the OpenTDF protocol, and access library for services included in the Data Security Platform.

Note: if you are consuming the SDK as a submodule you may need to add replace directives as follows:

replace (
  github.com/opentdf/platform/service => ./opentdf/service
	github.com/opentdf/platform/lib/fixtures => ./opentdf/lib/fixtures
	github.com/opentdf/platform/protocol/go => ./opentdf/protocol/go
	github.com/opentdf/platform/lib/ocrypto => ./opentdf/lib/ocrypto
	github.com/opentdf/platform/sdk => ./opentdf/sdk
	github.com/opentdf/platform/service => ./opentdf/service
)

Quick Start of the Go SDK

package main

import "fmt"
import "bytes"
import "io"
import "os"
import "strings"
import "github.com/opentdf/platform/sdk"


func main() {
  s, _ := sdk.New(
    sdk.WithAuth(mtls.NewGRPCAuthorizer(creds) /* or OIDC or whatever */),
    sdk.WithDataSecurityConfig(/* attribute schemas, kas multi-attribute mapping */),
  )

  plaintext := strings.NewReader("Hello, world!")
  var ciphertext bytes.Buffer
  _, err := s.CreateTDF(
    ciphertext,
    plaintext,
    sdk.WithDataAttributes("https://example.com/attr/Classification/value/Open"),
  )
  if err != nil {
    panic(err)
  }

  fmt.Printf("Ciphertext is %s bytes long", ciphertext.Len())

  ct2 := make([]byte, ciphertext.Len())
  copy(ct2, ciphertext.Bytes())
  r, err := s.NewTDFReader(bytes.NewReader(ct2))
  f, err := os.Create("output.txt")
  if err != nil {
    panic(err)
  }
  io.Copy(f, r)
}

Development

To test, run

go test ./... -short -race -cover

# Packages

No description provided by the author
No description provided by the author

# Functions

GetTdfType returns the type of TDF based on the reader.
IsValidNanoTdf detects whether, or not the reader is a valid Nano TDF.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
SizeOfAuthTagForCipher - Return the size in bytes of auth tag to be used for aes gcm encryption.
WithAssertions returns an Option that add assertions to TDF.
No description provided by the author
WithAutoconfigure toggles inferring KAS info for encrypt from data attributes.
WithClientCredentials returns an Option that sets up authentication with client credentials.
Deprecated: Use WithCustomCoreConnection instead.
WithCoreConnection returns an Option that sets up a connection to the core platform.
No description provided by the author
Deprecated: Use WithCustomCoreConnection instead.
No description provided by the author
WithDataAttributes appends the given data attributes to the bound policy.
WithDataAttributeValues appends the given data attributes to the bound policy.
No description provided by the author
WithECDSAPolicyBinding enable ecdsa policy binding.
No description provided by the author
WithInsecurePlaintextConn returns an Option that sets up HTTP connection sent in the clear.
WithInsecureSkipVerifyConn returns an Option that sets up HTTPS connection without verification.
WithIPC returns an Option that indicates the SDK should use IPC for communication this will allow the platform endpoint to be an empty string.
WithKasInformation adds all the kas urls and their corresponding public keys that is required to create and read the tdf.
WithMetaData returns an Option that add metadata to TDF.
No description provided by the author
WithNanoDataAttributes appends the given data attributes to the bound policy.
WithNoKIDInKAO disables storing the KID in the KAO.
WithNoKIDInNano disables storing the KID in the KAS ResourceLocator.
WithOAuthAccessTokenSource directs the SDK to use a standard OAuth2 token source for authentication.
WithPlatformConfiguration allows you to override the remote platform configuration Use this option with caution, as it may lead to unexpected behavior.
WithSegmentSize returns an Option that set the default segment size within the TDF.
The session key pair is used to encrypt responses from KAS for a given session and can be reused across an entire session.
The DPoP key pair is used to implement sender constrained tokens from the identity provider, and should be associated with the lifetime of a session for a given identity.
WithStoreCollectionHeaders Experimental: returns an Option that sets up storing dataset keys for nTDFs.
No description provided by the author
WithTokenEndpoint When we implement service discovery using a .well-known endpoint this option may become deprecated Deprecated: SDK will discover the token endpoint from the platform configuration.
WithTokenExchange specifies that the SDK should obtain its access token by exchanging the given token for a new one.

# Constants

No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
Failure while connecting to a service.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author

# Variables

No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
Exposed tamper detection errors, Catch all possible tamper errors with errors.Is(ErrTampered).
No description provided by the author
No description provided by the author

# Structs

No description provided by the author
AssertionConfig is a shadow of Assertion with the addition of the signing key.
AssertionKey represents a key for assertions.
AssertionVerificationKeys represents the verification keys for assertions.
AttributeNameFQN is a utility type to represent an FQN for an attribute.
AttributeValueFQN is a utility type to represent an FQN for an attribute value.
Binding enforces cryptographic integrity of the assertion.
No description provided by the author
No description provided by the author
No description provided by the author
Custom error struct for Assertion errors.
IDPAccessTokenSource credentials that allow us to connect to an IDP and obtain an access token that is bound to a DPoP key.
No description provided by the author
No description provided by the author
No description provided by the author
KASInfo contains Key Access Server information.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
OAuthAccessTokenSource allow connecting to an IDP and obtain a DPoP bound access token.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
Loads and reads ZTDF files.
No description provided by the author
ResourceLocator - structure to contain a protocol + body comprising an URL.
No description provided by the author
No description provided by the author
No description provided by the author
Statement includes information applying to the scope of the assertion.
TDFConfig Internal config struct for building TDF options.
No description provided by the author
No description provided by the author

# Type aliases

AppliesToState indicates whether the assertion applies to encrypted or unencrypted data.
AssertionKeyAlg represents the algorithm of an assertion key.
AssertionType represents the type of the assertion.
BindingMethod represents the method used to bind the assertion.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
Scope represents the object which the assertion applies to.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author