1*e7b1675dSTing-Kang Chang// Copyright 2023 Google LLC 2*e7b1675dSTing-Kang Chang// 3*e7b1675dSTing-Kang Chang// Licensed under the Apache License, Version 2.0 (the "License"); 4*e7b1675dSTing-Kang Chang// you may not use this file except in compliance with the License. 5*e7b1675dSTing-Kang Chang// You may obtain a copy of the License at 6*e7b1675dSTing-Kang Chang// 7*e7b1675dSTing-Kang Chang// http://www.apache.org/licenses/LICENSE-2.0 8*e7b1675dSTing-Kang Chang// 9*e7b1675dSTing-Kang Chang// Unless required by applicable law or agreed to in writing, software 10*e7b1675dSTing-Kang Chang// distributed under the License is distributed on an "AS IS" BASIS, 11*e7b1675dSTing-Kang Chang// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*e7b1675dSTing-Kang Chang// See the License for the specific language governing permissions and 13*e7b1675dSTing-Kang Chang// limitations under the License. 14*e7b1675dSTing-Kang Chang// 15*e7b1675dSTing-Kang Chang//////////////////////////////////////////////////////////////////////////////// 16*e7b1675dSTing-Kang Chang 17*e7b1675dSTing-Kang Changpackage insecurecleartextkeyset_test 18*e7b1675dSTing-Kang Chang 19*e7b1675dSTing-Kang Chang// [START cleartext-keyset-example] 20*e7b1675dSTing-Kang Chang 21*e7b1675dSTing-Kang Changimport ( 22*e7b1675dSTing-Kang Chang "bytes" 23*e7b1675dSTing-Kang Chang "fmt" 24*e7b1675dSTing-Kang Chang "log" 25*e7b1675dSTing-Kang Chang 26*e7b1675dSTing-Kang Chang "github.com/google/tink/go/aead" 27*e7b1675dSTing-Kang Chang "github.com/google/tink/go/insecurecleartextkeyset" 28*e7b1675dSTing-Kang Chang "github.com/google/tink/go/keyset" 29*e7b1675dSTing-Kang Chang) 30*e7b1675dSTing-Kang Chang 31*e7b1675dSTing-Kang Changfunc Example_cleartextKeysetInBinary() { 32*e7b1675dSTing-Kang Chang // Generate a new keyset handle for the primitive we want to use. 33*e7b1675dSTing-Kang Chang handle, err := keyset.NewHandle(aead.AES256GCMKeyTemplate()) 34*e7b1675dSTing-Kang Chang if err != nil { 35*e7b1675dSTing-Kang Chang log.Fatal(err) 36*e7b1675dSTing-Kang Chang } 37*e7b1675dSTing-Kang Chang 38*e7b1675dSTing-Kang Chang // Serialize the keyset. 39*e7b1675dSTing-Kang Chang buff := &bytes.Buffer{} 40*e7b1675dSTing-Kang Chang err = insecurecleartextkeyset.Write(handle, keyset.NewBinaryWriter(buff)) 41*e7b1675dSTing-Kang Chang if err != nil { 42*e7b1675dSTing-Kang Chang log.Fatal(err) 43*e7b1675dSTing-Kang Chang } 44*e7b1675dSTing-Kang Chang serializedKeyset := buff.Bytes() 45*e7b1675dSTing-Kang Chang 46*e7b1675dSTing-Kang Chang // serializedKeyset can now be stored at a secure location. 47*e7b1675dSTing-Kang Chang // WARNING: Storing the keyset in cleartext to disk is not recommended! 48*e7b1675dSTing-Kang Chang 49*e7b1675dSTing-Kang Chang // Parse the keyset. 50*e7b1675dSTing-Kang Chang parsedHandle, err := insecurecleartextkeyset.Read( 51*e7b1675dSTing-Kang Chang keyset.NewBinaryReader(bytes.NewBuffer(serializedKeyset))) 52*e7b1675dSTing-Kang Chang if err != nil { 53*e7b1675dSTing-Kang Chang log.Fatal(err) 54*e7b1675dSTing-Kang Chang } 55*e7b1675dSTing-Kang Chang 56*e7b1675dSTing-Kang Chang // Get the primitive. 57*e7b1675dSTing-Kang Chang primitive, err := aead.New(parsedHandle) 58*e7b1675dSTing-Kang Chang if err != nil { 59*e7b1675dSTing-Kang Chang log.Fatal(err) 60*e7b1675dSTing-Kang Chang } 61*e7b1675dSTing-Kang Chang 62*e7b1675dSTing-Kang Chang // Use the primitive. 63*e7b1675dSTing-Kang Chang plaintext := []byte("message") 64*e7b1675dSTing-Kang Chang associatedData := []byte("example encryption") 65*e7b1675dSTing-Kang Chang ciphertext, err := primitive.Encrypt(plaintext, associatedData) 66*e7b1675dSTing-Kang Chang if err != nil { 67*e7b1675dSTing-Kang Chang log.Fatal(err) 68*e7b1675dSTing-Kang Chang } 69*e7b1675dSTing-Kang Chang decrypted, err := primitive.Decrypt(ciphertext, associatedData) 70*e7b1675dSTing-Kang Chang if err != nil { 71*e7b1675dSTing-Kang Chang log.Fatal(err) 72*e7b1675dSTing-Kang Chang } 73*e7b1675dSTing-Kang Chang fmt.Println(string(decrypted)) 74*e7b1675dSTing-Kang Chang // Output: message 75*e7b1675dSTing-Kang Chang} 76*e7b1675dSTing-Kang Chang 77*e7b1675dSTing-Kang Chang// [END cleartext-keyset-example] 78*e7b1675dSTing-Kang Chang 79*e7b1675dSTing-Kang Changfunc Example_cleartextKeysetInJSON() { 80*e7b1675dSTing-Kang Chang // Generate a new keyset handle for the primitive we want to use. 81*e7b1675dSTing-Kang Chang handle, err := keyset.NewHandle(aead.AES256GCMKeyTemplate()) 82*e7b1675dSTing-Kang Chang if err != nil { 83*e7b1675dSTing-Kang Chang log.Fatal(err) 84*e7b1675dSTing-Kang Chang } 85*e7b1675dSTing-Kang Chang 86*e7b1675dSTing-Kang Chang // Serialize the keyset. 87*e7b1675dSTing-Kang Chang buff := &bytes.Buffer{} 88*e7b1675dSTing-Kang Chang err = insecurecleartextkeyset.Write(handle, keyset.NewJSONWriter(buff)) 89*e7b1675dSTing-Kang Chang if err != nil { 90*e7b1675dSTing-Kang Chang log.Fatal(err) 91*e7b1675dSTing-Kang Chang } 92*e7b1675dSTing-Kang Chang serializedKeyset := buff.Bytes() 93*e7b1675dSTing-Kang Chang 94*e7b1675dSTing-Kang Chang // serializedKeyset can now be stored at a secure location. 95*e7b1675dSTing-Kang Chang // WARNING: Storing the keyset in cleartext to disk is not recommended! 96*e7b1675dSTing-Kang Chang 97*e7b1675dSTing-Kang Chang // Parse the keyset. 98*e7b1675dSTing-Kang Chang parsedHandle, err := insecurecleartextkeyset.Read(keyset.NewJSONReader(bytes.NewBuffer(serializedKeyset))) 99*e7b1675dSTing-Kang Chang if err != nil { 100*e7b1675dSTing-Kang Chang log.Fatal(err) 101*e7b1675dSTing-Kang Chang } 102*e7b1675dSTing-Kang Chang 103*e7b1675dSTing-Kang Chang // Get the primitive. 104*e7b1675dSTing-Kang Chang primitive, err := aead.New(parsedHandle) 105*e7b1675dSTing-Kang Chang if err != nil { 106*e7b1675dSTing-Kang Chang log.Fatal(err) 107*e7b1675dSTing-Kang Chang } 108*e7b1675dSTing-Kang Chang 109*e7b1675dSTing-Kang Chang // Use the primitive. 110*e7b1675dSTing-Kang Chang plaintext := []byte("message") 111*e7b1675dSTing-Kang Chang associatedData := []byte("example encryption") 112*e7b1675dSTing-Kang Chang ciphertext, err := primitive.Encrypt(plaintext, associatedData) 113*e7b1675dSTing-Kang Chang if err != nil { 114*e7b1675dSTing-Kang Chang log.Fatal(err) 115*e7b1675dSTing-Kang Chang } 116*e7b1675dSTing-Kang Chang decrypted, err := primitive.Decrypt(ciphertext, associatedData) 117*e7b1675dSTing-Kang Chang if err != nil { 118*e7b1675dSTing-Kang Chang log.Fatal(err) 119*e7b1675dSTing-Kang Chang } 120*e7b1675dSTing-Kang Chang fmt.Println(string(decrypted)) 121*e7b1675dSTing-Kang Chang // Output: message 122*e7b1675dSTing-Kang Chang} 123