github.com/hyperledger/aries-framework-go@v0.3.2/pkg/crypto/tinkcrypto/primitive/composite/ecdh/ecdh.go (about) 1 /* 2 Copyright SecureKey Technologies Inc. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 // Package ecdh provides implementations of payload encryption using ECDH-ES/1PU KW key wrapping with AEAD primitives. 8 // 9 // The functionality of ecdh Encryption is represented as a pair of 10 // primitives (interfaces): 11 // 12 // - ECDHEncrypt for encryption of data and aad for a given cek 13 // (recipients cek wrapping is not done in this primitive) 14 // 15 // - ECDHDecrypt for decryption of data for a given cek and returning decrypted plaintext 16 // 17 // Example: 18 // 19 // package main 20 // 21 // import ( 22 // "bytes" 23 // 24 // "github.com/google/tink/go/keyset" 25 // 26 // "github.com/hyperledger/aries-framework-go/pkg/crypto/tinkcrypto/primitive/composite" 27 // "github.com/hyperledger/aries-framework-go/pkg/crypto/tinkcrypto/primitive/composite/ecdh" 28 // ) 29 // 30 // func main() { 31 // // create recipient side keyset handle 32 // recKH, err := keyset.NewHandle(ecdh.NISTP256ECDHKWKeyTemplate()) 33 // if err != nil { 34 // //handle error 35 // } 36 // 37 // // extract recipient public keyset handle and key 38 // recPubKH, err := recKH.Public() 39 // if err != nil { 40 // //handle error 41 // } 42 // 43 // buf := new(bytes.Buffer) 44 // pubKeyWriter := ecdh.NewWriter(buf) 45 // err = recPubKH.WriteWithNoSecrets(pubKeyWriter) 46 // if err != nil { 47 // //handle error 48 // } 49 // // ecPubKey represents a recipient public key that can be used to wrap cek 50 // ecPubKey := new(composite.VerificationMethod) 51 // err := json.Unmarshal(buf.Bytes(), ecPubKey) 52 // 53 // // see pkg/crypto/tinkcrypto to see how you can wrap a shared secret (cek) 54 // 55 // // once a cek is created create an ECDH KH that can be used to encrypt plaintext as follows 56 // // for AES256GCM content encryption using a NIST P key for cek wrapping as an example 57 // kt := ecdh.KeyTemplateForECDHPrimitiveWithCEK(cek, true, ecdh.AES256GCM) 58 // 59 // kh, err := keyset.NewHandle(kt) 60 // if err != nil { 61 // // handle error 62 // } 63 // 64 // pubKH, err := kh.Public() 65 // if err != nil { 66 // // handle error 67 // } 68 // 69 // // finally get the encryption primitive from the public key handle created above 70 // e:= ecdh.NewECDHEncrypt(pubKH) 71 // 72 // // and now encrypt using e 73 // ct, err = e.Encrypt([]byte("secret message"), []byte("some aad")) 74 // if err != nil { 75 // // handle error 76 // } 77 // 78 // // to decrypt, recreate kh for the cek (once unwrapped from pkg/crypto) 79 // // for AES256GCM content encryption using a NIST P key for cek wrapping to match the encryption template above 80 // kt = ecdh.KeyTemplateForECDHPrimitiveWithCEK(cek, true, ecdh.AES256GCM) 81 // 82 // kh, err = keyset.NewHandle(kt) 83 // if err != nil { 84 // // handle error 85 // } 86 // 87 // // get the decryption primtive for kh 88 // d := ecdh.NewECDHDecrypt(kh) 89 // 90 // // and decrypt 91 // pt, err := d.Decrypt(ct) 92 // if err != nil { 93 // // handle error 94 // } 95 // } 96 package ecdh 97 98 import ( 99 // import to initialize. 100 _ "github.com/hyperledger/aries-framework-go/component/kmscrypto/crypto/tinkcrypto/primitive/composite" 101 )