1*e7b1675dSTing-Kang Chang// Copyright 2020 Google LLC 2*e7b1675dSTing-Kang Chang// 3*e7b1675dSTing-Kang Chang// Licensed under the Apache License, Version 2.0 (the "License"); 4*e7b1675dSTing-Kang Chang// you may not use this file except in compliance with the License. 5*e7b1675dSTing-Kang Chang// You may obtain a copy of the License at 6*e7b1675dSTing-Kang Chang// 7*e7b1675dSTing-Kang Chang// http://www.apache.org/licenses/LICENSE-2.0 8*e7b1675dSTing-Kang Chang// 9*e7b1675dSTing-Kang Chang// Unless required by applicable law or agreed to in writing, software 10*e7b1675dSTing-Kang Chang// distributed under the License is distributed on an "AS IS" BASIS, 11*e7b1675dSTing-Kang Chang// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*e7b1675dSTing-Kang Chang// See the License for the specific language governing permissions and 13*e7b1675dSTing-Kang Chang// limitations under the License. 14*e7b1675dSTing-Kang Chang// 15*e7b1675dSTing-Kang Chang//////////////////////////////////////////////////////////////////////////////// 16*e7b1675dSTing-Kang Chang 17*e7b1675dSTing-Kang Changpackage prf_test 18*e7b1675dSTing-Kang Chang 19*e7b1675dSTing-Kang Changimport ( 20*e7b1675dSTing-Kang Chang "encoding/base64" 21*e7b1675dSTing-Kang Chang "fmt" 22*e7b1675dSTing-Kang Chang "log" 23*e7b1675dSTing-Kang Chang 24*e7b1675dSTing-Kang Chang "github.com/google/tink/go/keyset" 25*e7b1675dSTing-Kang Chang "github.com/google/tink/go/prf" 26*e7b1675dSTing-Kang Chang) 27*e7b1675dSTing-Kang Chang 28*e7b1675dSTing-Kang Changfunc Example() { 29*e7b1675dSTing-Kang Chang kh, err := keyset.NewHandle(prf.HMACSHA256PRFKeyTemplate()) 30*e7b1675dSTing-Kang Chang if err != nil { 31*e7b1675dSTing-Kang Chang log.Fatal(err) 32*e7b1675dSTing-Kang Chang } 33*e7b1675dSTing-Kang Chang 34*e7b1675dSTing-Kang Chang // TODO: save the keyset to a safe location. DO NOT hardcode it in source code. 35*e7b1675dSTing-Kang Chang // Consider encrypting it with a remote key in Cloud KMS, AWS KMS or HashiCorp Vault. 36*e7b1675dSTing-Kang Chang // See https://github.com/google/tink/blob/master/docs/GOLANG-HOWTO.md#storing-and-loading-existing-keysets. 37*e7b1675dSTing-Kang Chang 38*e7b1675dSTing-Kang Chang ps, err := prf.NewPRFSet(kh) 39*e7b1675dSTing-Kang Chang if err != nil { 40*e7b1675dSTing-Kang Chang log.Fatal(err) 41*e7b1675dSTing-Kang Chang } 42*e7b1675dSTing-Kang Chang 43*e7b1675dSTing-Kang Chang msg := []byte("This is an ID needs to be redacted") 44*e7b1675dSTing-Kang Chang output, err := ps.ComputePrimaryPRF(msg, 16) 45*e7b1675dSTing-Kang Chang 46*e7b1675dSTing-Kang Chang fmt.Printf("Message: %s\n", msg) 47*e7b1675dSTing-Kang Chang fmt.Printf("Redacted: %s\n", base64.StdEncoding.EncodeToString(output)) 48*e7b1675dSTing-Kang Chang} 49