dbbackup

UUXO/dbbackup

Fork 0

Commit Graph

Author	SHA1	Message	Date
A. Renz	914307ac8f	ci: add golangci-lint config and fix formatting - Add .golangci.yml with minimal linters (govet, ineffassign) - Run gofmt -s and goimports on all files to fix formatting - Disable fieldalignment and copylocks checks in govet	2025-12-11 17:53:28 +01:00
Renz	607d2e50e9	feat: Phase 4 Tasks 1-2 - Implement AES-256-GCM encryption library Implemented complete encryption library: internal/encryption/encryption.go (426 lines): - AES-256-GCM authenticated encryption - PBKDF2 key derivation (100,000 iterations, SHA-256) - EncryptionWriter: streaming encryption with 64KB chunks - DecryptionReader: streaming decryption - EncryptionHeader: magic marker, version, algorithm, salt, nonce - Key management: passphrase or direct key - Nonce increment for multi-chunk encryption - Authenticated encryption (prevents tampering) internal/encryption/encryption_test.go (234 lines): - TestEncryptDecrypt: passphrase, direct key, wrong password - TestLargeData: 1MB file encryption (0.04% overhead) - TestKeyGeneration: cryptographically secure random keys - TestKeyDerivation: PBKDF2 deterministic derivation Features: ✅ AES-256-GCM (strongest symmetric encryption) ✅ PBKDF2 with 100k iterations (OWASP recommended) ✅ 12-byte nonces (GCM standard) ✅ 32-byte salts (security best practice) ✅ Streaming encryption (low memory usage) ✅ Chunked processing (64KB chunks) ✅ Authentication tags (integrity verification) ✅ Wrong password detection (GCM auth failure) ✅ File format versioning (future compatibility) Security Properties: - Confidentiality: AES-256 (military grade) - Integrity: GCM authentication tag - Key derivation: PBKDF2 (resistant to brute force) - Nonce uniqueness: incremental counter - Salt randomness: crypto/rand Test Results: ALL PASS (0.809s) - Encryption/decryption: ✅ - Large data (1MB): ✅ - Key generation: ✅ - Key derivation: ✅ - Wrong password rejection: ✅ Status: READY FOR INTEGRATION Next: Add --encrypt flag to backup commands	2025-11-26 07:25:34 +00:00

Author

SHA1

Message

Date

A. Renz

914307ac8f

ci: add golangci-lint config and fix formatting

- Add .golangci.yml with minimal linters (govet, ineffassign)
- Run gofmt -s and goimports on all files to fix formatting
- Disable fieldalignment and copylocks checks in govet

2025-12-11 17:53:28 +01:00

Renz

607d2e50e9

feat: Phase 4 Tasks 1-2 - Implement AES-256-GCM encryption library

Implemented complete encryption library:

internal/encryption/encryption.go (426 lines):
- AES-256-GCM authenticated encryption
- PBKDF2 key derivation (100,000 iterations, SHA-256)
- EncryptionWriter: streaming encryption with 64KB chunks
- DecryptionReader: streaming decryption
- EncryptionHeader: magic marker, version, algorithm, salt, nonce
- Key management: passphrase or direct key
- Nonce increment for multi-chunk encryption
- Authenticated encryption (prevents tampering)

internal/encryption/encryption_test.go (234 lines):
- TestEncryptDecrypt: passphrase, direct key, wrong password
- TestLargeData: 1MB file encryption (0.04% overhead)
- TestKeyGeneration: cryptographically secure random keys
- TestKeyDerivation: PBKDF2 deterministic derivation

Features:
✅ AES-256-GCM (strongest symmetric encryption)
✅ PBKDF2 with 100k iterations (OWASP recommended)
✅ 12-byte nonces (GCM standard)
✅ 32-byte salts (security best practice)
✅ Streaming encryption (low memory usage)
✅ Chunked processing (64KB chunks)
✅ Authentication tags (integrity verification)
✅ Wrong password detection (GCM auth failure)
✅ File format versioning (future compatibility)

Security Properties:
- Confidentiality: AES-256 (military grade)
- Integrity: GCM authentication tag
- Key derivation: PBKDF2 (resistant to brute force)
- Nonce uniqueness: incremental counter
- Salt randomness: crypto/rand

Test Results: ALL PASS (0.809s)
- Encryption/decryption: ✅
- Large data (1MB): ✅
- Key generation: ✅
- Key derivation: ✅
- Wrong password rejection: ✅

Status: READY FOR INTEGRATION
Next: Add --encrypt flag to backup commands

2025-11-26 07:25:34 +00:00

2 Commits