https://github.com/smitajit/fsblob
File System blob store with metadata, encryption, integrity check support
https://github.com/smitajit/fsblob
blob blob-storage encyrption filesystem golang golang-library integrity integrity-checker metadata
Last synced: 5 months ago
JSON representation
File System blob store with metadata, encryption, integrity check support
- Host: GitHub
- URL: https://github.com/smitajit/fsblob
- Owner: smitajit
- License: mit
- Created: 2021-09-24T09:25:37.000Z (over 4 years ago)
- Default Branch: main
- Last Pushed: 2021-09-24T09:39:05.000Z (over 4 years ago)
- Last Synced: 2024-06-20T13:29:48.510Z (almost 2 years ago)
- Topics: blob, blob-storage, encyrption, filesystem, golang, golang-library, integrity, integrity-checker, metadata
- Language: Go
- Homepage:
- Size: 7.81 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# fsblob [](https://goreportcard.com/report/github.com/smitajit/fsblob)[](https://pkg.go.dev/github.com/smitajit/fsblob)
File System based blob store with encryption,metadata and integrity check support
## Features
### Reader and Writer
Blob provides io.Reader and io.Writer interfaces to read and write binary data
```go
w, err := blob.Writer()
if err != nil {
log.Fatal(err)
}
r, err := blob.Reader()
if err != nil {
log.Fatal(err)
}
```
### Metadata
Blob provides APIs to store and retrieve metadata of the blob
``` go
if err := blob.Put("key", "value"); err != nil {
log.Fatal(err)
}
if v, err := blob.Get("key"); err != nil || v != "value" {
log.Fatal("value not found")
}
if err := blob.PutAll(map[string]string{
"key-1": "value-1",
"key-2": "value-2",
}); err != nil {
log.Fatal(err)
}
m, err := blob.GetAll()
if err != nil {
log.Fatal(err)
}
```
### Encryption (dual key encryption)
Blob content along with metadata can be encrypted by providing a primary encryption key.
For each blob a random secondary encryption (aes256 bit) key is created to encrypt the blob content.
Secondary encryption key along with the metadata is encrypted with the primary cipher.
```go
key := make([]byte, 32)
if _, err := crand.Read(key); err != nil {
log.Fatal(err)
}
aead, err := chacha20poly1305.New(key)
if err != nil {
log.Fatal(err)
}
bucket, err := fsblob.NewBucket(path, aead)
if err != nil {
log.Fatal(err)
}
```
### Integrity
Blobs can be sealed and verified. Once sealed, a HMAC sum of the blob content is calculated and stored in the metadata.
Upon verification, the sum is verified against the blob content.
``` go
// seal the blob
if err := blob.Seal(); err != nil {
log.Fatal(err)
}
// verify the glob
if err := blob.Verify(); err != nil {
log.Fatal("blob integrity compromised. error: %v", err)
}
```