This package provides functions for encrypting and decrypting fields of entities persisted with GORM using the AES algorithm. It uses the GCM mode of operation for encryption, which provides authentication and integrity protection for the encrypted data. It can be used to encrypt and decrypt sensitive data using gorm hooks.
Here is an example of how to use the dbcrypt package:
package main
import (
"log"
"github.com/greenbone/opensight-golang-libraries/pkg/dbcrypt"
)
type Person struct {
gorm.Model
PasswordField *dbcrypt.EncryptedString `encrypt:"true"`
}
func main() {
db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
if err != nil {
log.Fatalf("Error %v", err)
}
cipher, err := dbcrypt.NewDBCipher(dbcrypt.Config{
Password: "password",
PasswordSalt: "password-salt-0123456789-0123456",
})
if err != nil {
log.Fatalf("Error %v", err)
}
dbcrypt.Register(db, cipher)
personWrite := &Person{PasswordField: dbcrypt.NewEncryptedString("secret")}
if err := db.Create(personWrite).Error; err != nil {
log.Fatalf("Error %v", err)
}
personRead := &Person{}
if err := db.First(personRead).Error; err != nil {
log.Fatalf("Error %v", err)
}
}In this example, a Person struct is created and PasswordField is automatically encrypted before storing in the database using the DBCipher. Then, when the data is retrieved from the database PasswordField is automatically decrypted.
Alternatively while creating the model you can use a tags instead of dedicated types:
type Person struct {
gorm.Model
PasswordField string `encrypt:"true"`
}Copyright (C) 2022-2023 [Greenbone AG][Greenbone AG]
Licensed under the GNU General Public License v3.0 or later.