8 kms "github.com/aliyun/alibaba-cloud-sdk-go/services/kms"
11 // CreateMasterAliKms Create master key interface implemented by ali kms
12 // matDesc will be converted to json string
13 func CreateMasterAliKms(matDesc map[string]string, kmsID string, kmsClient *kms.Client) (MasterCipher, error) {
14 var masterCipher MasterAliKmsCipher
15 if kmsID == "" || kmsClient == nil {
16 return masterCipher, fmt.Errorf("kmsID is empty or kmsClient is nil")
21 b, err := json.Marshal(matDesc)
23 return masterCipher, err
28 masterCipher.MatDesc = jsonDesc
29 masterCipher.KmsID = kmsID
30 masterCipher.KmsClient = kmsClient
31 return masterCipher, nil
34 // MasterAliKmsCipher ali kms master key interface
35 type MasterAliKmsCipher struct {
41 // GetWrapAlgorithm get master key wrap algorithm
42 func (mrc MasterAliKmsCipher) GetWrapAlgorithm() string {
43 return KmsAliCryptoWrap
46 // GetMatDesc get master key describe
47 func (mkms MasterAliKmsCipher) GetMatDesc() string {
51 // Encrypt encrypt data by ali kms
52 // Mainly used to encrypt object's symmetric secret key and iv
53 func (mkms MasterAliKmsCipher) Encrypt(plainData []byte) ([]byte, error) {
54 // kms Plaintext must be base64 encoded
55 base64Plain := base64.StdEncoding.EncodeToString(plainData)
56 request := kms.CreateEncryptRequest()
57 request.RpcRequest.Scheme = "https"
58 request.RpcRequest.Method = "POST"
59 request.RpcRequest.AcceptFormat = "json"
61 request.KeyId = mkms.KmsID
62 request.Plaintext = base64Plain
64 response, err := mkms.KmsClient.Encrypt(request)
68 return base64.StdEncoding.DecodeString(response.CiphertextBlob)
71 // Decrypt decrypt data by ali kms
72 // Mainly used to decrypt object's symmetric secret key and iv
73 func (mkms MasterAliKmsCipher) Decrypt(cryptoData []byte) ([]byte, error) {
74 base64Crypto := base64.StdEncoding.EncodeToString(cryptoData)
75 request := kms.CreateDecryptRequest()
76 request.RpcRequest.Scheme = "https"
77 request.RpcRequest.Method = "POST"
78 request.RpcRequest.AcceptFormat = "json"
79 request.CiphertextBlob = string(base64Crypto)
80 response, err := mkms.KmsClient.Decrypt(request)
84 return base64.StdEncoding.DecodeString(response.Plaintext)