1// Copyright 2023 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14// 15//////////////////////////////////////////////////////////////////////////////// 16 17package insecurecleartextkeyset_test 18 19// [START cleartext-keyset-example] 20 21import ( 22 "bytes" 23 "fmt" 24 "log" 25 26 "github.com/google/tink/go/aead" 27 "github.com/google/tink/go/insecurecleartextkeyset" 28 "github.com/google/tink/go/keyset" 29) 30 31func Example_cleartextKeysetInBinary() { 32 // Generate a new keyset handle for the primitive we want to use. 33 handle, err := keyset.NewHandle(aead.AES256GCMKeyTemplate()) 34 if err != nil { 35 log.Fatal(err) 36 } 37 38 // Serialize the keyset. 39 buff := &bytes.Buffer{} 40 err = insecurecleartextkeyset.Write(handle, keyset.NewBinaryWriter(buff)) 41 if err != nil { 42 log.Fatal(err) 43 } 44 serializedKeyset := buff.Bytes() 45 46 // serializedKeyset can now be stored at a secure location. 47 // WARNING: Storing the keyset in cleartext to disk is not recommended! 48 49 // Parse the keyset. 50 parsedHandle, err := insecurecleartextkeyset.Read( 51 keyset.NewBinaryReader(bytes.NewBuffer(serializedKeyset))) 52 if err != nil { 53 log.Fatal(err) 54 } 55 56 // Get the primitive. 57 primitive, err := aead.New(parsedHandle) 58 if err != nil { 59 log.Fatal(err) 60 } 61 62 // Use the primitive. 63 plaintext := []byte("message") 64 associatedData := []byte("example encryption") 65 ciphertext, err := primitive.Encrypt(plaintext, associatedData) 66 if err != nil { 67 log.Fatal(err) 68 } 69 decrypted, err := primitive.Decrypt(ciphertext, associatedData) 70 if err != nil { 71 log.Fatal(err) 72 } 73 fmt.Println(string(decrypted)) 74 // Output: message 75} 76 77// [END cleartext-keyset-example] 78 79func Example_cleartextKeysetInJSON() { 80 // Generate a new keyset handle for the primitive we want to use. 81 handle, err := keyset.NewHandle(aead.AES256GCMKeyTemplate()) 82 if err != nil { 83 log.Fatal(err) 84 } 85 86 // Serialize the keyset. 87 buff := &bytes.Buffer{} 88 err = insecurecleartextkeyset.Write(handle, keyset.NewJSONWriter(buff)) 89 if err != nil { 90 log.Fatal(err) 91 } 92 serializedKeyset := buff.Bytes() 93 94 // serializedKeyset can now be stored at a secure location. 95 // WARNING: Storing the keyset in cleartext to disk is not recommended! 96 97 // Parse the keyset. 98 parsedHandle, err := insecurecleartextkeyset.Read(keyset.NewJSONReader(bytes.NewBuffer(serializedKeyset))) 99 if err != nil { 100 log.Fatal(err) 101 } 102 103 // Get the primitive. 104 primitive, err := aead.New(parsedHandle) 105 if err != nil { 106 log.Fatal(err) 107 } 108 109 // Use the primitive. 110 plaintext := []byte("message") 111 associatedData := []byte("example encryption") 112 ciphertext, err := primitive.Encrypt(plaintext, associatedData) 113 if err != nil { 114 log.Fatal(err) 115 } 116 decrypted, err := primitive.Decrypt(ciphertext, associatedData) 117 if err != nil { 118 log.Fatal(err) 119 } 120 fmt.Println(string(decrypted)) 121 // Output: message 122} 123