ipcrypt

package
v0.0.0-...-991afdd Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 2, 2025 License: AGPL-3.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ValidateKey 

func ValidateKey(keyHex string) error

ValidateKey validates that a key is properly formatted for IP encryption Returns true if key is valid 32-character hex string (AES-128) or 64-character (AES-256)

Types

type IPEncryptor 

type IPEncryptor struct {
	// contains filtered or unexported fields
}

IPEncryptor provides secure IP address encryption for GDPR compliance Uses AES-GCM (Galois/Counter Mode) for authenticated encryption Encrypts IP addresses before storage and provides expiration checking

func NewIPEncryptor 

func NewIPEncryptor(keyHex string, logger *zap.Logger) (*IPEncryptor, error)

NewIPEncryptor creates a new IP encryptor with the given encryption key keyHex should be a 32-character hex string (16 bytes for AES-128) or 64-character hex string (32 bytes for AES-256) Example: "0123456789abcdef0123456789abcdef" (AES-128) Recommended: Use AES-256 with 64-character hex key

func ProvideIPEncryptor 

func ProvideIPEncryptor(cfg *config.Config, logger *zap.Logger) (*IPEncryptor, error)

ProvideIPEncryptor provides an IP encryptor instance CWE-359: GDPR compliance for IP address storage

func (*IPEncryptor) Decrypt 

func (e *IPEncryptor) Decrypt(encryptedBase64 string) (string, error)

Decrypt decrypts an encrypted IP address Takes base64-encoded encrypted IP and returns original IP address string Verifies authentication tag to detect tampering

func (*IPEncryptor) Encrypt 

func (e *IPEncryptor) Encrypt(ipAddress string) (string, error)

Encrypt encrypts an IP address for secure storage using AES-GCM Returns base64-encoded encrypted IP address with embedded nonce Format: base64(nonce + ciphertext + auth_tag) Supports both IPv4 and IPv6 addresses

Security Properties: - Semantic security: same IP address produces different ciphertext each time - Authentication: tampering with ciphertext is detected - Unique nonce per encryption prevents pattern analysis

func (*IPEncryptor) IsExpired 

func (e *IPEncryptor) IsExpired(timestamp time.Time) bool

IsExpired checks if an IP address timestamp has expired (> 90 days old) GDPR compliance: IP addresses must be deleted after 90 days

func (*IPEncryptor) ShouldCleanup 

func (e *IPEncryptor) ShouldCleanup(timestamp time.Time) bool

ShouldCleanup checks if an IP address should be cleaned up based on timestamp Returns true if timestamp is older than 90 days OR if timestamp is zero (unset)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.