Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

AWS Encryption SDK for Go

License

NotificationsYou must be signed in to change notification settings

chainifynet/aws-encryption-sdk-go

Mentioned in Awesome GoGo UnitGo E2EGo Report CardcodecovCode style: gofmtGo Reference

This project is an implementation of theAWS Encryption SDK for the Go programming language, providing a set of libraries for developers to easily add encryption and decryption functionality to their Go applications. This implementation is inspired by theaws-encryption-sdk-python and follows theAWS Encryption SDK specification closely.

Motivation

The motivation behind this project was the absence of a Go implementation of the AWS Encryption SDK.This SDK aims to fill that gap, offering Go developers the tools to implement encryption according to AWS standards.

Features

  • Support for Message Format Version 1 and 2 and relatedalgorithms.
  • AWS KMS Master Key Provider with a discovery filter.
  • AWS KMS Multi-Region Keys usingMRK-aware provider in Discovery or Strict mode.
  • Raw Master Key provider using static keys.
  • Comprehensiveend-to-end tests ensuring compatibility withaws-encryption-sdk-cli.
  • 100% code coverage with tests.

Current Limitations

  • Does not support KMS aliases at this stage.
  • Raw Master Key provider does not support RSA encryption.
  • Only framed content type is supported.

Requirements

  • Go v1.21 or later.
  • AWS SDK for Go v2

Installation

To install the AWS Encryption SDK for Go, use the following command:

$ go get github.com/chainifynet/aws-encryption-sdk-go@latest

Usage

This SDK provides a straightforward interface for encrypting and decrypting data.

For advanced use cases, checkexamples.

Setting Up the Client

First, set up the client with the necessary configuration.

Default Client Configuration

import ("github.com/chainifynet/aws-encryption-sdk-go/client""github.com/chainifynet/aws-encryption-sdk-go/clientconfig""github.com/chainifynet/aws-encryption-sdk-go/materials""github.com/chainifynet/aws-encryption-sdk-go/providers/kmsprovider""github.com/chainifynet/aws-encryption-sdk-go/providers/rawprovider""github.com/chainifynet/aws-encryption-sdk-go/suite")// setup Encryption SDK client with default configsdkClient:=client.NewClient()

Custom Client Configuration (advanced)

You can specify the commitment policy and the limit of maximum encrypted data keys.

// setup Encryption SDK client with custom client configcfg,err:=clientconfig.NewConfigWithOpts(clientconfig.WithCommitmentPolicy(suite.CommitmentPolicyRequireEncryptRequireDecrypt),clientconfig.WithMaxEncryptedDataKeys(3),)iferr!=nil {panic(err)// handle error}// setup Encryption SDK client with a custom configsdkClient:=client.NewClientWithConfig(cfg)

Prepare the Key Provider

Raw Key Provider using static keys

rawKeyProvider,err:=rawprovider.NewWithOpts("raw",providers.WithStaticKey("static1", []byte("superSecureKeySecureKey32bytes32")),)iferr!=nil {panic("raw key provider setup failed")// handle error}

KMS Key Provider using KMS CMKs

You can optionally enablediscovery or specify adiscovery filter.

// KMS key ARN to be used for encryption and decryptionkmsKeyArn:="arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012"// setup KMS key providerkmsKeyProvider,err:=kmsprovider.New(kmsKeyArn)iferr!=nil {panic("kms key provider setup failed")// handle error}

Create the Crypto Materials Manager

You can use either the KMS Key Provider, Raw Key Provider, orboth combining them.

Crypto Materials Manager with the Raw Key Provider

cmm,err:=materials.NewDefault(rawKeyProvider)iferr!=nil {panic("materials manager setup failed")// handle error}

Crypto Materials Manager with KMS Key Provider

cmm,err:=materials.NewDefault(kmsKeyProvider)iferr!=nil {panic("materials manager setup failed")// handle error}

Crypto Materials Manager using both KMS and Raw Key Providers

cmm,err:=materials.NewDefault(kmsKeyProvider,rawKeyProvider)iferr!=nil {panic("materials manager setup failed")// handle error}

Encrypting Data

To encrypt data, call theEncrypt method on the client.

// define the encryption context, which is a set of key-value pairs that represent additional authenticated dataencryptionContext:=map[string]string{"purpose":"test",}// data to encryptsecretData:= []byte("secret data to encrypt")// encrypt dataciphertext,header,err:=sdkClient.Encrypt(context.TODO(),secretData,encryptionContext,cmm,)iferr!=nil {panic("encryption failed")// handle error}

Decrypting Data

To decrypt data, use theDecrypt method on the client.

// decrypt dataplaintext,header,err:=sdkClient.Decrypt(context.TODO(),ciphertext,cmm)iferr!=nil {panic("decryption failed")// handle error}

TODO

  • Add support for Caching Materials Manager#559.
  • Add support for Message Format Version 1#170.
  • Add support for AWS KMS Multi-Region Keys#46.
  • Add support for KMS aliases.
  • Coverproviders package with tests.
  • Coverkeys package with tests.
  • Covermaterials package with tests.
  • GoDoc documentation#294.
  • Streamlined encryption and decryption.

Support and Contributions

If you encounter any issues or would like to contribute to the project, please submit an issue or pull request on GitHub.

License

This SDK is licensed under the Apache License 2.0. See theLICENSE file for details.

For more information on how to use this SDK, please refer to theexample directory and the detailed API reference in the documentation.

Stay tuned for further updates and features. Contributions and feedback are welcome!

FOSSA Status

About

AWS Encryption SDK for Go

Topics

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Contributors4

  •  
  •  
  •  
  •  
[8]ページ先頭
©2009-2025 Movatter.jp