Encryption

Encryption

Strongdoc offers an encryption service. No data is stored on Strongdoc.

We also do provide a store-and-encrypt service with UploadDocument and UploadDocumentStream.

Encrypt Document

The non-streaming version sends the entire plain text to the service, and receives the entire cipher text back. This assumes there is enough memory to store the entire contents of the file in memory.

var filename string // set your filename here
var fileBytes []byte
var err error
var ciphertext string
// Read the entire file into a byte slice
fileBytes, err = ioutil.ReadFile(filename)
docID, ciphertext, err := api.EncryptDocument(filename, fileBytes)
if err != nil {
log.Printf("Can not encrypt document: %s", err)
os.Exit(1)
}
fmt.Printf("Encrypted file, docID: [%s]", docID)

Storage of your (encrypted) documents is also available with UploadDocument.

Encrypt Document (Streaming)

The encryption API is also offered as a streaming service, which you may want to do if your file is too big or if you want to stream the bytes on the fly.

You must provide an io.Reader object (for instance, an os.File).

EncryptDocumentStream returns an io.Reader stream.

When Read() is called on the stream, your document is 'lazily' encrypted via Strongsalt encrytion, and the encrypted data filling the buffer provided.

var plaintextFileName string // set your filename here
var ciphertextFileName string // set your filename here
plainTextFile, err := os.Open(plaintextFileName)
if err != nil {
log.Printf("Can not open file: %s", err)
os.Exit(1)
}
defer plainTextFile.Close()
cipherTextStream, docID, err := api.EncryptDocumentStream(plaintextFileName, plainTextFile)
if err != nil {
log.Printf("Can not encrypt document: %s", err)
os.Exit(1)
}
cipherTextFile, err := os.Create(ciphertextFileName)
if err != nil {
log.Printf("Can not open file: %s", err)
os.Exit(1)
}
defer cipherTextFile.Close()
_, err := io.Copy(cipherTextFile, cipherTextStream)
if err != nil {
log.Printf("Can not copy stream: %s", err)
os.Exit(1)
}

We are also able to encrypt and store the documents for you with UploadDocumentStream.

Decryption

After encryption, you may now decrypt the document.

Decrypt Document

To decrypt a document, simply call it together with the filename and the payload.

import "github.com/strongdoc/client/go/api"
var docID string // set docID of your file here
var err error
var ciphertext []byte // load ciphertext of your document here
var plaintext []byte
plaintext, err = DecryptDocument(docID, ciphertext)
if err != nil {
log.Printf("Can not decrypt document: %s", err)
os.Exit(1)
}
fmt.Printf("Received file, bytes: [%v]", plaintext)

Decrypt Document (Streaming)

The decryption API is also offered as a streaming service, which you may want to do if your file is too big or if you want to stream the bytes on the fly.

You must provide an io.Reader object yielding the ciphertext returned by one of the encryption methods, EncryptDocument or EncryptDocumentStream.

DecryptDocumentStream returns an io.Reader stream.

When Read() is called on the stream, the ciphertext is 'lazily' decrypted via Strongsalt encrytion, and the plaintext filling the buffer provided.

const blockSize = 1000
var docID string // set docID of your file here
var cipherStream io.Reader // set ciphertext of your document here
var err error
var plaintext []byte
plainStream, err := api.DecryptDocumentStream(docID, cipherStream)
if err != nil {
log.Printf("Can not decrypt document: %s", err)
os.Exit(1)
}
buf := make([]byte, blockSize)
plaintext := make([]byte, 0)
for err != io.EOF {
n, readErr := plainStream.Read(buf)
if err != nil && err != io.EOF {
log.Printf("Can not download document: %v", err)
os.Exit(1)
}
err = readErr
plaintext = append(plaintext, buf[:n]...)
}
fmt.Printf("Received file, bytes: [%v]", plaintext)