Signet Forge 0.1.0
C++20 Parquet library with AI-native extensions
 DEMO
Loading...
Searching...
No Matches
Classes | Public Member Functions | List of all members
signet::forge::crypto::FileDecryptor Class Reference

Decrypts Parquet modules using the keys from an EncryptionConfig. More...

#include <pme.hpp>

Public Member Functions

 FileDecryptor (const EncryptionConfig &config)
 Construct a decryptor from an encryption configuration.
 
expected< std::vector< uint8_t > > decrypt_footer (const uint8_t *encrypted_footer, size_t size) const
 Decrypt the encrypted FileMetaData (footer).
 
expected< std::vector< uint8_t > > decrypt_column_page (const uint8_t *encrypted_page, size_t size, const std::string &column_name, int32_t row_group_ordinal, int32_t page_ordinal) const
 Decrypt a column data page (AES-GCM or AES-CTR depending on algorithm).
 
expected< std::vector< uint8_t > > decrypt_column_metadata (const uint8_t *encrypted_metadata, size_t size, const std::string &column_name) const
 Decrypt serialized ColumnMetaData (always AES-GCM authenticated).
 
expected< std::vector< uint8_t > > decrypt_dict_page (const uint8_t *encrypted_page, size_t size, const std::string &column_name, int32_t row_group_ordinal) const
 Decrypt a dictionary page.
 
expected< std::vector< uint8_t > > decrypt_data_page_header (const uint8_t *encrypted_header, size_t size, const std::string &column_name, int32_t row_group_ordinal, int32_t page_ordinal) const
 Decrypt a data page header (always AES-GCM authenticated).
 
expected< std::vector< uint8_t > > decrypt_column_meta_header (const uint8_t *encrypted_header, size_t size, const std::string &column_name) const
 Decrypt a column metadata header (always AES-GCM authenticated).
 
expected< void > unwrap_keys (const std::vector< std::pair< std::string, std::vector< uint8_t > > > &wrapped_keys)
 Unwrap DEKs from wrapped blobs using the configured KMS client.
 
expected< std::vector< uint8_t > > verify_footer_signature (const uint8_t *signed_footer, size_t size) const
 Verify a signed plaintext footer and return the original footer data.
 
const EncryptionConfigconfig () const
 Access the underlying EncryptionConfig.
 

Detailed Description

Decrypts Parquet modules using the keys from an EncryptionConfig.

The config must contain the same keys that were used for encryption. For EXTERNAL mode, the caller is responsible for resolving KMS key IDs to actual key bytes before constructing the config.

Usage: FileDecryptor dec(cfg); auto footer = dec.decrypt_footer(encrypted_footer, footer_size); auto page = dec.decrypt_column_page(encrypted_page, page_size, "price", 0, 0);

Definition at line 769 of file pme.hpp.

Constructor & Destructor Documentation

◆ FileDecryptor()

signet::forge::crypto::FileDecryptor::FileDecryptor ( const EncryptionConfig config)
inlineexplicit

Construct a decryptor from an encryption configuration.

Parameters
configConfiguration with the same keys used during encryption.

Definition at line 773 of file pme.hpp.

Member Function Documentation

◆ config()

const EncryptionConfig & signet::forge::crypto::FileDecryptor::config ( ) const
inline

Access the underlying EncryptionConfig.

Returns
Const reference to the configuration.

Definition at line 1155 of file pme.hpp.

◆ decrypt_column_meta_header()

expected< std::vector< uint8_t > > signet::forge::crypto::FileDecryptor::decrypt_column_meta_header ( const uint8_t *  encrypted_header,
size_t  size,
const std::string &  column_name 
) const
inline

Decrypt a column metadata header (always AES-GCM authenticated).

Parameters
encrypted_headerPointer to encrypted column metadata header.
sizeTotal encrypted size.
column_nameColumn path for key resolution and AAD.
Returns
Decrypted header, or passthrough if column has no key.

Definition at line 1001 of file pme.hpp.

◆ decrypt_column_metadata()

expected< std::vector< uint8_t > > signet::forge::crypto::FileDecryptor::decrypt_column_metadata ( const uint8_t *  encrypted_metadata,
size_t  size,
const std::string &  column_name 
) const
inline

Decrypt serialized ColumnMetaData (always AES-GCM authenticated).

Parameters
encrypted_metadataPointer to encrypted metadata bytes.
sizeTotal encrypted size.
column_nameColumn path for key resolution and AAD.
Returns
Decrypted metadata bytes, or passthrough if column has no key.

Definition at line 876 of file pme.hpp.

◆ decrypt_column_page()

expected< std::vector< uint8_t > > signet::forge::crypto::FileDecryptor::decrypt_column_page ( const uint8_t *  encrypted_page,
size_t  size,
const std::string &  column_name,
int32_t  row_group_ordinal,
int32_t  page_ordinal 
) const
inline

Decrypt a column data page (AES-GCM or AES-CTR depending on algorithm).

Parameters
encrypted_pagePointer to encrypted page bytes.
sizeTotal encrypted size.
column_nameColumn path for key resolution and AAD.
row_group_ordinalRow group index (for AAD reconstruction).
page_ordinalPage index (for AAD reconstruction).
Returns
Decrypted page bytes, or passthrough if column has no key.

Definition at line 830 of file pme.hpp.

◆ decrypt_data_page_header()

expected< std::vector< uint8_t > > signet::forge::crypto::FileDecryptor::decrypt_data_page_header ( const uint8_t *  encrypted_header,
size_t  size,
const std::string &  column_name,
int32_t  row_group_ordinal,
int32_t  page_ordinal 
) const
inline

Decrypt a data page header (always AES-GCM authenticated).

Parameters
encrypted_headerPointer to encrypted page header bytes.
sizeTotal encrypted size.
column_nameColumn path for key resolution and AAD.
row_group_ordinalRow group index (for AAD reconstruction).
page_ordinalPage index (for AAD reconstruction).
Returns
Decrypted page header, or passthrough if column has no key.

Definition at line 960 of file pme.hpp.

◆ decrypt_dict_page()

expected< std::vector< uint8_t > > signet::forge::crypto::FileDecryptor::decrypt_dict_page ( const uint8_t *  encrypted_page,
size_t  size,
const std::string &  column_name,
int32_t  row_group_ordinal 
) const
inline

Decrypt a dictionary page.

Parameters
encrypted_pagePointer to encrypted dictionary page bytes.
sizeTotal encrypted size.
column_nameColumn path for key resolution and AAD.
row_group_ordinalRow group index (for AAD reconstruction).
Returns
Decrypted dictionary page, or passthrough if column has no key.

Definition at line 914 of file pme.hpp.

◆ decrypt_footer()

expected< std::vector< uint8_t > > signet::forge::crypto::FileDecryptor::decrypt_footer ( const uint8_t *  encrypted_footer,
size_t  size 
) const
inline

Decrypt the encrypted FileMetaData (footer).

Reads the IV from the header, then decrypts with AES-GCM.

Parameters
encrypted_footerPointer to encrypted footer bytes.
sizeTotal size including IV header and GCM tag.
Returns
Decrypted footer bytes, or ENCRYPTION_ERROR on tag mismatch.

Definition at line 795 of file pme.hpp.

◆ unwrap_keys()

expected< void > signet::forge::crypto::FileDecryptor::unwrap_keys ( const std::vector< std::pair< std::string, std::vector< uint8_t > > > &  wrapped_keys)
inline

Unwrap DEKs from wrapped blobs using the configured KMS client.

Call this before decrypt_footer / decrypt_column_page when using EXTERNAL key mode. Populates the internal config with unwrapped keys.

Parameters
wrapped_keysList of (key_id, wrapped_dek) pairs from file metadata.
Returns
void on success, or error if KMS unwrap fails.

Definition at line 1044 of file pme.hpp.

◆ verify_footer_signature()

expected< std::vector< uint8_t > > signet::forge::crypto::FileDecryptor::verify_footer_signature ( const uint8_t *  signed_footer,
size_t  size 
) const
inline

Verify a signed plaintext footer and return the original footer data.

Parameters
signed_footerPointer to footer bytes with appended 32-byte HMAC.
sizeTotal size including the 32-byte signature.
Returns
Original footer data (without signature), or ENCRYPTION_ERROR on mismatch.

Definition at line 1104 of file pme.hpp.

The documentation for this class was generated from the following file: