Add urfave cli

author: Levi Durfee <levi.durfee@gmail.com> 2026-01-06 18:33:28 -0500
committer: Levi Durfee <levi.durfee@gmail.com> 2026-01-06 18:55:09 -0500
commit: 452911586df6115a7c8deadee87fe5d97a7fe36f (patch)
tree: 6e0979813a7106a36b46e4ca1e289fa35049c969 /internal
parent: 7a3184afc17a267a2a140e6ab95d7fe57f91cb69 (diff)
2 files changed, 36 insertions, 0 deletions
diff --git a/internal/goaes.go b/internal/goaes.go
new file mode 100644
index 0000000..668ef17
--- /dev/null
+++ b/internal/goaes.go
@@ -0,0 +1,15 @@
+package internal
+
+import (
+	"crypto/rand"
+	"fmt"
+	"io"
+)
+
+func NewDEK() (DEK, error) {
+	key := make([]byte, 32) // AES-256
+	if _, err := io.ReadFull(rand.Reader, key); err != nil {
+		return nil, fmt.Errorf("random DEK gen: %w", err)
+	}
+	return DEK(key), nil
+}
diff --git a/internal/internal.go b/internal/internal.go
new file mode 100644
index 0000000..970232c
--- /dev/null
+++ b/internal/internal.go
@@ -0,0 +1,21 @@
+package internal
+
+import "errors"
+
+type (
+	KEK        []byte
+	DEK        []byte
+	WrappedDEK []byte
+	Ciphertext []byte
+)
+
+type EncryptedDataPayload struct {
+	DEK     WrappedDEK
+	Payload Ciphertext
+}
+
+var (
+	aadWrapDEK  = []byte("wrap:dek:v1")
+	aadDataMsg  = []byte("data:msg:v1")
+	errBadKeyLn = errors.New("invalid key length: must be 16, 24, or 32 bytes")
+)
author	Levi Durfee <levi.durfee@gmail.com>	2026-01-06 18:33:28 -0500
committer	Levi Durfee <levi.durfee@gmail.com>	2026-01-06 18:55:09 -0500
commit	452911586df6115a7c8deadee87fe5d97a7fe36f (patch)
tree	6e0979813a7106a36b46e4ca1e289fa35049c969 /internal
parent	7a3184afc17a267a2a140e6ab95d7fe57f91cb69 (diff)