AesGcmDecrypt decrypt given ciphertext with given key using aes256-gcm.

AesGcmEncrypt encrypt given plaintext with given key using aes256-gcm.

CheckEncryptionMethodSupported check whether the encryption method is currently supported.

DecryptRegion decrypt the region start key and end key, if the region object was encrypted.

EncryptRegion encrypt the region start key and end key, using the current key return from the key manager.

KeyLength return the encryption key length for supported encryption methods.

NewCustomMasterKeyForTest construct a master key instance from raw key and ciphertext key bytes.

NewDataKey randomly generate a new data key.

NewIvCTR randomly generate an IV for CTR mode.

NewIvGCM randomly generate an IV for GCM mode.

NewManager creates a new key manager.

NewMasterKey obtains a master key from backend specified by given config.

EncryptionKeysPath is the path to store keys in etcd.

Config define the encryption config structure.

Manager maintains the list to encryption keys.

MasterKey is used to encrypt and decrypt encryption metadata (i.e.

MasterKeyConfig defines master key config structure.

MasterKeyFileConfig defines a file-based master key config structure.

MasterKeyKMSConfig defines a KMS master key config structure.

KeyManager maintains the list to encryption keys.

IvCTR represent IV bytes for CTR mode.

IvGCM represent IV bytes for GCM mode.