forked from hashicorp/go-kms-wrapping
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathgithub.com.hashicorp.go.kms.wrapping.types.proto
78 lines (61 loc) · 2.43 KB
/
github.com.hashicorp.go.kms.wrapping.types.proto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
syntax = "proto3";
option go_package = "github.com/hashicorp/go-kms-wrapping;wrapping";
package github.com.hashicorp.go.kms.wrapping.types;
// Envelope performs encryption or decryption, wrapping sensitive data. It
// creates a random key. This is usable on its own but since many KMS systems
// or key types cannot support large values, this is used by implementations in
// this package to encrypt large values with a DEK and use the actual KMS to
// encrypt the DEK.
message Envelope {
}
// EnvelopeOptions is a placeholder for future options, such as the ability to
// switch which algorithm is used
message EnvelopeOptions {
}
// EnvelopeInfo contains the information necessary to perfom encryption or
// decryption in an envelope fashion
message EnvelopeInfo {
// Ciphertext is the ciphertext from the envelope
bytes ciphertext = 1;
// Key is the key used in the envelope
bytes key = 2;
// IV is the initialization value used during encryption in the envelope
bytes iv = 3;
}
// EncryptedBlobInfo contains information about the encrypted value along with
// information about the key used to encrypt it
message EncryptedBlobInfo {
// Ciphertext is the encrypted bytes
bytes ciphertext = 1;
// IV is the initialization value used during encryption
bytes iv = 2;
// HMAC is the bytes of the HMAC, if any
bytes hmac = 3;
// Wrapped can be used by the client to indicate whether Ciphertext
// actually contains wrapped data or not. This can be useful if you want to
// reuse the same struct to pass data along before and after wrapping.
bool wrapped = 4;
// KeyInfo contains information about the key that was used to create this value
KeyInfo key_info = 5;
// ValuePath can be used by the client to store information about where the
// value came from
string ValuePath = 6;
}
// KeyInfo contains information regarding which Wrapper key was used to
// encrypt the entry
message KeyInfo {
// Mechanism is the method used by the wrapper to encrypt and sign the
// data as defined by the wrapper.
uint64 Mechanism = 1;
uint64 HMACMechanism = 2;
// This is an opaque ID used by the wrapper to identify the specific key to
// use as defined by the wrapper. This could be a version, key label, or
// something else.
string KeyID = 3;
string HMACKeyID = 4;
// These value are used when generating our own data encryption keys
// and encrypting them using the wrapper
bytes WrappedKey = 5;
// Mechanism specific flags
uint64 Flags = 6;
}