From 037e7dcfc2b625f28bc687f1498f114596d12c2c Mon Sep 17 00:00:00 2001 From: Aaron Bedra Date: Wed, 15 Apr 2015 18:24:23 -0500 Subject: [PATCH] Clarify Barrier encryption defaults. Declare the defaults in the comments to be what they are now (256 bit key and default golang NONCE value). Make the key error message more precise since. It isn't between 16 and 32, it is 16 OR 32. --- vault/barrier_aes_gcm.go | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/vault/barrier_aes_gcm.go b/vault/barrier_aes_gcm.go index d1b418e1c863..e3ed15e2d4d3 100644 --- a/vault/barrier_aes_gcm.go +++ b/vault/barrier_aes_gcm.go @@ -26,9 +26,10 @@ type barrierInit struct { Key []byte // Key is the primary encryption key } -// AESGCMBarrier is a SecurityBarrier implementation that -// uses a 128bit AES encryption cipher with the Galois Counter Mode. -// AES-GCM is high performance, and provides both confidentiality +// AESGCMBarrier is a SecurityBarrier implementation that uses the AES +// cipher core and the Galois Counter Mode block mode. It defaults to +// the golang NONCE default value of 12 and a key size of 256 +// bit. AES-GCM is high performance, and provides both confidentiality // and integrity. type AESGCMBarrier struct { backend physical.Backend @@ -70,7 +71,7 @@ func (b *AESGCMBarrier) Initialize(key []byte) error { // Verify the key size min, max := b.KeyLength() if len(key) < min || len(key) > max { - return fmt.Errorf("Key size must be between [%d, %d]", min, max) + return fmt.Errorf("Key size must be %d or %d", min, max) } // Check if already initialized