keithball.net

Some blatherings by Keith Ball

View my projects on GitHub

Blog Posts

  • 01 Mar 2016 » Go Gotcha

    Go is lexically scoped…

    What is wrong with the following code?

    // Item
    var item *Item
    
    itemID := u.Query().Get("itemID")
    
    if itemID != "" {
    item, err := repository.GetItem(itemID)
    }
    
    log.Printf("The item %v", item)

    The code shows how Item is being redeclared in the scope of the if.

    Further reading here: Declarations and scope

  • 28 Feb 2016 » Meditations

    “Be like a rocky promontory against which the restless surf continually pounds; it stands fast while the churning sea is lulled to sleep at its feet. I hear you say, “How unlucky that this should happen to me!” Not at all! Say instead, “How lucky that I am not broken by what has happened and am not afraid of what is about to happen. The same blow might have struck anyone, but not many would have absorbed it without capitulation or complaint.” - Marcus Aurelius

  • 28 Feb 2016 » Dream Job

    I like this…

    Image of Dream Job

  • 27 Feb 2016 » Go-KMS

    What is GO-KMS?

    GO-KMS is a encryption Key Management Service in GO. Modelled extensively on AWS KMS behaviour, the API is used for symmetrical key management. It offers Cryptography as a Service (CaaS) functionality such as encryption/decryption/reencryption without exposing keys.

    The crypto provider is based on AES and a key size of 256bits using the GCM cipher to provide confidentiality as well as authentication.

    Keys are encrypted and stored on disk, using a master key which is derived using PBKDF2 from a passphrase when run in pure software mode. It is also possible to combine GO-KMS with a Hardware Security Module (HSM) which can be leveraged to create and encrypt a master key using the HSM for generation and protection. HSM support is done using the PKCS#11 standard.

    GO-KMS authentication is done using HMAC-SHA256 over HTTPS.

    // AesGCMEncrypt Encrypt data using AES with the GCM cipher mode (Gives Confidentiality and Authenticity)
    func AesGCMEncrypt(plaintext []byte, key []byte) ([]byte, error) {
    	block, err := aes.NewCipher(key)
    	if err != nil {
    		return nil, err
    	}
    
    	gcm, err := cipher.NewGCM(block)
    	if err != nil {
    		return nil, err
    	}
    
    	nonce := make([]byte, gcm.NonceSize())
    	if _, err := rand.Read(nonce); err != nil {
    		return nil, err
    	}
    
    	ciphertext := gcm.Seal(nil, nonce, plaintext, nil)
    
    	return append(nonce, ciphertext...), nil
    }

    Checkout go-kms on github for more info.