160ad9b64f
The `Encrypt` method generates an appropriately-sized nonce and uses that buffer as the prefix for the ciphertext. This keeps the ciphertext and nonce together for decryption, and reuses the buffer as much as possible without presenting the temptation to reuse the cleartext buffer owned by the caller. We include the key ID as the "additional data" field that's used as an extra input to the authentication signature, to provide additional protection that a ciphertext originated with that key. Refactors the locking for the keyring so that the public methods are generally (with one commented exception) responsible for taking the lock and then inner methods are assumed locked. |
||
|---|---|---|
| .. | ||
| config | ||
| alloc.go | ||
| alloc_test.go | ||
| batch_future.go | ||
| batch_future_test.go | ||
| bitmap.go | ||
| bitmap_test.go | ||
| connect.go | ||
| connect_test.go | ||
| consul.go | ||
| consul_oss.go | ||
| consul_oss_test.go | ||
| consul_test.go | ||
| csi.go | ||
| csi_test.go | ||
| devices.go | ||
| devices_test.go | ||
| diff.go | ||
| diff_test.go | ||
| encoding.go | ||
| errors.go | ||
| errors_test.go | ||
| eval.go | ||
| event.go | ||
| extensions.go | ||
| funcs.go | ||
| funcs_test.go | ||
| generate.sh | ||
| handlers.go | ||
| job.go | ||
| job_test.go | ||
| network.go | ||
| network_test.go | ||
| node.go | ||
| node_class.go | ||
| node_class_test.go | ||
| node_test.go | ||
| operator.go | ||
| search.go | ||
| secure_variables.go | ||
| secure_variables_test.go | ||
| service_identities.go | ||
| service_registration.go | ||
| service_registration_test.go | ||
| services.go | ||
| services_test.go | ||
| streaming_rpc.go | ||
| structs.go | ||
| structs_codegen.go | ||
| structs_oss.go | ||
| structs_periodic_test.go | ||
| structs_test.go | ||
| testing.go | ||
| uuid.go | ||
| vault.go | ||
| volume_test.go | ||
| volumes.go | ||