Opaque Key Encrypter/Decrypter

[garrickb]

Are there any plans to add an opaque key encrypter/decrypter to support use of AWS KMS/GCP KMS?

I can work on a PR for this, but I want to make sure that this is even warranted in the first place.

[csstaub]

I don't think anyone is working on that at the momemt.

[csstaub]

To be clear: there is an opaque crypter interface, just not an implementation of that interface for KMS services. So it's possible to use KMS services already you just have to write the code yourself to hook it up.

[garrickb]

To be clear: there is an opaque crypter interface, just not an implementation of that interface for KMS services. So it's possible to use KMS services already you just have to write the code yourself to hook it up.

Can you link me to the source/documentation for this? I don't see anything like that in the source code. I want to be able to implement my own decrypter that will make an RPC to GCP KMS for a JWE.

[garrickb]

Oh, I see what you mean now. Using the Decrypter interface with my own implementation. I didn't know that this would work. Will give it a shot, thanks!

[csstaub]

Hmm, actually, I may have been mistaken, sorry. That will not work out of the box. I was thinking of the opaque wrappers we have but I just realized that's only for signing/verifying. But you want encryption/decryption, so you'd have to duplicate what's in opaque.go for encryption/decryption and update crypter.go to understand those.

[garrickb]

This was merged into v2 via #261, thanks for the help!