mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-12-12 21:11:27 +01:00
Code Issues Projects Releases Wiki Activity

Clarify Barrier encryption defaults.

Browse Source 
Declare the defaults in the comments to be what they are now (256 bit
key and default golang NONCE value). Make the key error message more
precise since. It isn't between 16 and 32, it is 16 OR 32.
This commit is contained in:
Aaron Bedra 2015-04-15 18:24:23 -05:00
parent 59073cf775
commit 037e7dcfc2
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
vault/barrier_aes_gcm.go
View File

@ -26,9 +26,10 @@ type barrierInit struct {
Key []byte // Key is the primary encryption key Key []byte // Key is the primary encryption key
} }
// AESGCMBarrier is a SecurityBarrier implementation that // AESGCMBarrier is a SecurityBarrier implementation that uses the AES
// uses a 128bit AES encryption cipher with the Galois Counter Mode. // cipher core and the Galois Counter Mode block mode. It defaults to
// AES-GCM is high performance, and provides both confidentiality // the golang NONCE default value of 12 and a key size of 256
// bit. AES-GCM is high performance, and provides both confidentiality
// and integrity. // and integrity.
type AESGCMBarrier struct { type AESGCMBarrier struct {
backend physical.Backend backend physical.Backend
@ -70,7 +71,7 @@ func (b *AESGCMBarrier) Initialize(key []byte) error {
// Verify the key size // Verify the key size
min, max := b.KeyLength() min, max := b.KeyLength()
if len(key) < min || len(key) > max { if len(key) < min || len(key) > max {
return fmt.Errorf("Key size must be between [%d, %d]", min, max) return fmt.Errorf("Key size must be %d or %d", min, max)
} }
// Check if already initialized // Check if already initialized