From 452911586df6115a7c8deadee87fe5d97a7fe36f Mon Sep 17 00:00:00 2001
From: Levi Durfee <levi.durfee@gmail.com>
Date: Tue, 6 Jan 2026 18:33:28 -0500
Subject: Add urfave cli

---
 internal/goaes.go    | 15 +++++++++++++++
 internal/internal.go | 21 +++++++++++++++++++++
 2 files changed, 36 insertions(+)
 create mode 100644 internal/goaes.go
 create mode 100644 internal/internal.go

(limited to 'internal')

diff --git a/internal/goaes.go b/internal/goaes.go
new file mode 100644
index 0000000..668ef17
--- /dev/null
+++ b/internal/goaes.go
@@ -0,0 +1,15 @@
+package internal
+
+import (
+	"crypto/rand"
+	"fmt"
+	"io"
+)
+
+func NewDEK() (DEK, error) {
+	key := make([]byte, 32) // AES-256
+	if _, err := io.ReadFull(rand.Reader, key); err != nil {
+		return nil, fmt.Errorf("random DEK gen: %w", err)
+	}
+	return DEK(key), nil
+}
diff --git a/internal/internal.go b/internal/internal.go
new file mode 100644
index 0000000..970232c
--- /dev/null
+++ b/internal/internal.go
@@ -0,0 +1,21 @@
+package internal
+
+import "errors"
+
+type (
+	KEK        []byte
+	DEK        []byte
+	WrappedDEK []byte
+	Ciphertext []byte
+)
+
+type EncryptedDataPayload struct {
+	DEK     WrappedDEK
+	Payload Ciphertext
+}
+
+var (
+	aadWrapDEK  = []byte("wrap:dek:v1")
+	aadDataMsg  = []byte("data:msg:v1")
+	errBadKeyLn = errors.New("invalid key length: must be 16, 24, or 32 bytes")
+)
-- 
cgit v1.2.3