in tink-envelope-encryption-sample/encrypted_keyset_cli.go [72:97]
func generateKeyset(outputPath string, masterKey tink.AEAD) error {
var err error
// create output file
_, err = os.Stat(outputPath)
if err == nil {
log.Fatal(errors.New("output file must not exist"))
}
f, err := os.Create(outputPath)
if err != nil {
log.Fatal(err)
}
defer f.Close()
// generate a new key
keyTemplate := aead.AES256GCMKeyTemplate()
handle, err := keyset.NewHandle(keyTemplate)
// write the new key
keyWriter := keyset.NewJSONWriter(f)
if err := handle.Write(keyWriter, masterKey); err != nil {
log.Fatal(err)
}
return nil
}