github.com/Schaudge/grailbase@v0.0.0-20240223061707-44c758a471c0/crypto/encryption/doc.go (about)

     1  // Copyright 2017 GRAIL, Inc. All rights reserved.
     2  // Use of this source code is governed by the Apache-2.0
     3  // license that can be found in the LICENSE file.
     4  
     5  // Package encryption provides support for encrypting and decrypting data
     6  // and files with granular key management.
     7  //
     8  // It is assumed that the data being encrypted is archival and long lived.
     9  //
    10  // The key management scheme supports arbitrary ciphers and many keys,
    11  // the intent being to easily support using different keys per file.
    12  // The encryption algorithm, blocksize, HMAC are determined by the choice
    13  // of key management scheme.
    14  //
    15  // The encryption interface supports both traditional block-based and AEAD
    16  // APIs.
    17  //
    18  // Encrypted files are layered on top of the encoding/recordio format
    19  // whereby the first record in the file is used to store a header containing
    20  // the necessary metadata to decrypt the remaining records in the file. For
    21  // such files a single key is used to encrypt all of the data within the file.
    22  // The recordio format encrypts each record as an independent block with its
    23  // own encryption metadata (eg. IV, HMAC) and hence is not suitable for use
    24  // with lots of small records due to the space overhead of this metadata.
    25  //
    26  // The format of the header record is:
    27  // crc32 of the marshalled Key Descriptor JSON record.
    28  // JSON encoding of KeyDescriptor
    29  //
    30  // The format of each encrypted record is:
    31  // Initialization Vector (IV)
    32  // encrypted(HMAC(plaintext) + plaintext)
    33  package encryption