Documentation ¶
Overview ¶
Package saltpack is an implementation of the saltpack message format. Saltpack is a light wrapper around Dan Berstein's famous NaCl library. It adds support for longer messages, streaming input and output of data, multiple recipients for encrypted messages, and a reasonable armoring format. We intend Saltpack as a replacement for the PGP messaging format, as it can be used in many of the same circumstances. However, it is designed to be: (1) simpler; (2) easier to implement; (3) judicious (perhaps judgmental) in its crypto usage; (4) fully modern (no CFB mode here); (5) high performance; (6) less bug- prone; (7) generally unwilling to output unauthenticated data; and (8) easier to compose with other software in any manner of languages or platforms.
Key Management ¶
Saltpack makes no attempt to manage keys. We assume the wrapping application has a story for key management.
Modes of Operation ¶
Saltpack supports three modes of operation: encrypted messages, attached signatures, and detached signatures. Encrypted messages use NaCl's authenticated public-key encryption; we add repudiable authentication. An attached signature contains a message and a signature that authenticates it. A detached signature contains just the signature, and assumes an independent delievery mechanism for the file (this might come up when distributing an ISO and separate signature of the file).
Encoding ¶
Saltpack has two encoding modes: binary and armored. In armored mode, saltpack outputs in Base62-encoding, suitable for publication into any manner of Web settings without fear of markup-caused mangling.
API ¶
This saltpack library implementation supports two API patterns: streaming and all-at-once. The former is useful for large files that can't fit into memory; the latter is more convenient. Both produce the same output.
More Info ¶
Index ¶
- Constants
- Variables
- func Armor62Open(msg string) (body []byte, header string, footer string, err error)
- func Armor62Seal(plaintext []byte, typ MessageType, brand string) (string, error)
- func CheckArmor62(hdr string, ftr string, typ MessageType) (brand string, err error)
- func CheckArmor62Frame(frame Frame, typ MessageType) (brand string, err error)
- func EncryptArmor62Seal(plaintext []byte, sender BoxSecretKey, receivers []BoxPublicKey, brand string) (string, error)
- func MakeArmorFooter(typ MessageType, brand string) string
- func MakeArmorHeader(typ MessageType, brand string) string
- func NewArmor62EncoderStream(encoded io.Writer, typ MessageType, brand string) (io.WriteCloser, error)
- func NewDearmor62DecryptStream(ciphertext io.Reader, kr Keyring) (*MessageKeyInfo, io.Reader, Frame, error)
- func NewDearmor62VerifyStream(r io.Reader, keyring SigKeyring) (skey SigningPublicKey, vs io.Reader, frame Frame, err error)
- func NewEncryptArmor62Stream(ciphertext io.Writer, sender BoxSecretKey, receivers []BoxPublicKey, ...) (plaintext io.WriteCloser, err error)
- func NewEncryptStream(ciphertext io.Writer, sender BoxSecretKey, receivers []BoxPublicKey) (io.WriteCloser, error)
- func NewSignArmor62Stream(signedtext io.Writer, signer SigningSecretKey, brand string) (stream io.WriteCloser, err error)
- func NewSignDetachedArmor62Stream(detachedsig io.Writer, signer SigningSecretKey, brand string) (stream io.WriteCloser, err error)
- func NewSignDetachedStream(detachedsig io.Writer, signer SigningSecretKey) (stream io.WriteCloser, err error)
- func NewSignStream(signedtext io.Writer, signer SigningSecretKey) (stream io.WriteCloser, err error)
- func PublicKeyEqual(k1, k2 BasePublicKey) bool
- func Seal(plaintext []byte, sender BoxSecretKey, receivers []BoxPublicKey) (out []byte, err error)
- func Sign(plaintext []byte, signer SigningSecretKey) ([]byte, error)
- func SignArmor62(plaintext []byte, signer SigningSecretKey, brand string) (string, error)
- func SignDetached(plaintext []byte, signer SigningSecretKey) ([]byte, error)
- func SignDetachedArmor62(plaintext []byte, signer SigningSecretKey, brand string) (string, error)
- type BasePublicKey
- type BoxPrecomputedSharedKey
- type BoxPublicKey
- type BoxSecretKey
- type ErrBadCiphertext
- type ErrBadFrame
- type ErrBadTag
- type ErrBadVersion
- type ErrInvalidParameter
- type ErrRepeatedKey
- type ErrWrongMessageType
- type Frame
- type Keyring
- type MessageKeyInfo
- type MessageType
- type Nonce
- type RawBoxKey
- type SigKeyring
- type SignatureHeader
- type SigningPublicKey
- func Dearmor62Verify(signedMsg string, keyring SigKeyring) (skey SigningPublicKey, verifiedMsg []byte, brand string, err error)
- func Dearmor62VerifyDetached(message []byte, signature string, keyring SigKeyring) (skey SigningPublicKey, brand string, err error)
- func Dearmor62VerifyDetachedReader(r io.Reader, signature string, keyring SigKeyring) (skey SigningPublicKey, brand string, err error)
- func NewVerifyStream(r io.Reader, keyring SigKeyring) (skey SigningPublicKey, vs io.Reader, err error)
- func Verify(signedMsg []byte, keyring SigKeyring) (skey SigningPublicKey, verifiedMsg []byte, err error)
- func VerifyDetached(message, signature []byte, keyring SigKeyring) (skey SigningPublicKey, err error)
- func VerifyDetachedReader(message io.Reader, signature []byte, keyring SigKeyring) (skey SigningPublicKey, err error)
- type SigningSecretKey
- type SymmetricKey
- type Version
Examples ¶
Constants ¶
const DetachedSignatureArmorString = "DETACHED SIGNATURE"
DetachedSignatureArmorString is included in armor headers for detached signatures.
const EncryptionArmorString = "ENCRYPTED MESSAGE"
EncryptionArmorString is included in armor headers for encrypted messages.
const SaltpackFormatName = "saltpack"
SaltpackFormatName is the publicly advertised name of the format, used in the header of the message and also in Nonce creation.
const SignedArmorString = "SIGNED MESSAGE"
SignedArmorString is included in armor headers for signed messages
Variables ¶
var ( // ErrNoDecryptionKey is an error indicating no decryption key was found for the // incoming message. You'll get one of these if you respond to a Keyring.LookupSecretBoxKey // request with a (-1,nil) return value, and no hidden keys are found. ErrNoDecryptionKey = errors.New("no decryption key found for message") // ErrNoSenderKey indicates that on decryption/verification we couldn't find a public key // for the sender. ErrNoSenderKey = errors.New("no sender key found for message") // ErrTrailingGarbage indicates that additional msgpack packets were found after the // end of the encryption stream. ErrTrailingGarbage = errors.New("trailing garbage found at end of message") // ErrFailedToReadHeaderBytes indicates that we failed to read the // doubly-encoded header bytes object from the input stream. ErrFailedToReadHeaderBytes = errors.New("failed to read header bytes") // ErrPacketOverflow indicates that more than (2^64-2) packets were found in an encryption // stream. This would indicate a very big message, and results in an error here. ErrPacketOverflow = errors.New("no more than 2^32 packets in a message are supported") // ErrInsufficientRandomness is generated when the encryption fails to collect // enough randomness to proceed. We're using the standard crypto/rand source // of randomness, so this should never happen ErrInsufficientRandomness = errors.New("could not collect enough randomness") // ErrBadEphemeralKey is for when an ephemeral key fails to be properly // imported. ErrBadEphemeralKey = errors.New("bad ephermal key in header") // ErrBadReceivers shows up when you pass a bad receivers vector ErrBadReceivers = errors.New("bad receivers argument") // ErrBadSenderKeySecretbox is returned if the sender secretbox fails to // open. ErrBadSenderKeySecretbox = errors.New("sender secretbox failed to open") // ErrBadSymmetricKey is returned if a key with the wrong number of bytes // is discovered in the encryption header. ErrBadSymmetricKey = errors.New("bad symmetric key; must be 32 bytes") // ErrBadBoxKey is returned if a key with the wrong number of bytes // is discovered in the encryption header. ErrBadBoxKey = errors.New("bad box key; must be 32 bytes") // ErrBadLookup is when the user-provided key lookup gives a bad value ErrBadLookup = errors.New("bad key lookup") // ErrBadSignature is returned when verification of a block fails. ErrBadSignature = errors.New("invalid signature") // ErrDecryptionFailed is returned when a decryption fails ErrDecryptionFailed = errors.New("decryption failed") )
var Armor62Params = armorParams{ BytesPerWord: 15, WordsPerLine: 200, Punctuation: byte('.'), Encoding: basex.Base62StdEncoding, }
Armor62Params are the armoring parameters we recommend for use with a generic armorer. It specifies the spaces between words, the spacing between lines, some simple punctuation, and an encoding alphabet.
var ErrOverflow = errors.New("buffer was overflowed before we found punctuation")
ErrOverflow is returned if we were looking for punctuation but our quota was overflowed before we found the needed character.
var ErrPunctuated = errors.New("found punctuation in stream")
ErrPunctuated is produced when a punctuation character is found in the stream. It can be returned along with data, unlike usual errors.
var SaltpackCurrentVersion = Version{Major: 1, Minor: 0}
SaltpackCurrentVersion is currently the only supported packet version, 1.0.
Functions ¶
func Armor62Open ¶
Armor62Open runs armor stream decoding, but on a string, and it outputs a string.
func Armor62Seal ¶
func Armor62Seal(plaintext []byte, typ MessageType, brand string) (string, error)
Armor62Seal takes an input plaintext and returns and output armor encoding as a string, or an error if a problem was encountered. Also provide a header and a footer to frame the message. Uses Base62 encoding scheme
func CheckArmor62 ¶
func CheckArmor62(hdr string, ftr string, typ MessageType) (brand string, err error)
CheckArmor62 checks that the frame matches our standard begin/end frame
func CheckArmor62Frame ¶
func CheckArmor62Frame(frame Frame, typ MessageType) (brand string, err error)
CheckArmor62Frame checks that the frame matches our standard begin/end frame
func EncryptArmor62Seal ¶
func EncryptArmor62Seal(plaintext []byte, sender BoxSecretKey, receivers []BoxPublicKey, brand string) (string, error)
EncryptArmor62Seal is the non-streaming version of NewEncryptArmor62Stream, which inputs a plaintext (in bytes) and output a ciphertext (as a string).
Example ¶
package main import ( "fmt" "github.com/keybase/client/go/saltpack" "github.com/keybase/client/go/saltpack/basic" ) func main() { var err error // Make a new Keyring, initialized to be empty keyring := basic.NewKeyring() // The test message msg := []byte("The Magic Words are Squeamish Ossifrage") // Make a secret key for the sender var sender saltpack.BoxSecretKey sender, err = keyring.GenerateBoxKey() if err != nil { return } // And one for the receiver var receiver saltpack.BoxSecretKey receiver, err = keyring.GenerateBoxKey() if err != nil { return } // AllReceivers can contain more receivers (like the sender) // but for now, just the one. var ciphertext string allReceivers := []saltpack.BoxPublicKey{receiver.GetPublicKey()} ciphertext, err = saltpack.EncryptArmor62Seal(msg, sender, allReceivers, "") if err != nil { return } // The decrypted message should match the input mesasge. var msg2 []byte _, msg2, _, err = saltpack.Dearmor62DecryptOpen(ciphertext, keyring) if err != nil { return } fmt.Println(string(msg2)) }
Output: The Magic Words are Squeamish Ossifrage
func MakeArmorFooter ¶
func MakeArmorFooter(typ MessageType, brand string) string
MakeArmorFooter makes the armor footer for the message type for the given "brand"
func MakeArmorHeader ¶
func MakeArmorHeader(typ MessageType, brand string) string
MakeArmorHeader makes the armor header for the message type for the given "brand"
func NewArmor62EncoderStream ¶
func NewArmor62EncoderStream(encoded io.Writer, typ MessageType, brand string) (io.WriteCloser, error)
NewArmor62EncoderStream makes a new Armor 62 encoding stream, using the base62-alphabet and a 32/43 encoding rate strategy. Pass it an `encoded` stream writer to write the encoded stream to. Also pass an optional "brand" . It will return an io.WriteCloser on success, that you can write raw (unencoded) data to. An error will be returned if there is trouble writing the header to encoded.
To make the output look pretty, a space is inserted every 15 characters of output, and a newline is inserted every 200 words.
func NewDearmor62DecryptStream ¶
func NewDearmor62DecryptStream(ciphertext io.Reader, kr Keyring) (*MessageKeyInfo, io.Reader, Frame, error)
NewDearmor62DecryptStream makes a new stream that dearmors and decrypts the given Reader stream. Pass it a keyring so that it can lookup private and public keys as necessary
func NewDearmor62VerifyStream ¶
func NewDearmor62VerifyStream(r io.Reader, keyring SigKeyring) (skey SigningPublicKey, vs io.Reader, frame Frame, err error)
NewDearmor62VerifyStream creates a stream that consumes data from reader r. It returns the signer's public key and a reader that only contains verified data. If the signer's key is not in keyring, it will return an error. It expects the data it reads from r to be armor62-encoded.
func NewEncryptArmor62Stream ¶
func NewEncryptArmor62Stream(ciphertext io.Writer, sender BoxSecretKey, receivers []BoxPublicKey, brand string) (plaintext io.WriteCloser, err error)
NewEncryptArmor62Stream creates a stream that consumes plaintext data. It will write out encrypted data to the io.Writer passed in as ciphertext. The encryption is from the specified sender, and is encrypted for the given receivers.
The "brand" is the optional "brand" string to put into the header and footer.
The ciphertext is additionally armored with the recommended armor62-style format.
Returns an io.WriteCloser that accepts plaintext data to be encrypted; and also returns an error if initialization failed.
Example ¶
package main import ( "bytes" "github.com/keybase/client/go/saltpack" "github.com/keybase/client/go/saltpack/basic" "io" "os" ) func main() { var err error // Make a new Keyring, initialized to be empty keyring := basic.NewKeyring() // The test message plaintext := "The Magic Words are Squeamish Ossifrage" // Make a secret key for the sender var sender saltpack.BoxSecretKey sender, err = keyring.GenerateBoxKey() if err != nil { return } // And one for the receiver var receiver saltpack.BoxSecretKey receiver, err = keyring.GenerateBoxKey() if err != nil { return } // AllReceivers can contain more receivers (like the sender) // but for now, just the one. var output bytes.Buffer allReceivers := []saltpack.BoxPublicKey{receiver.GetPublicKey()} var input io.WriteCloser input, err = saltpack.NewEncryptArmor62Stream(&output, sender, allReceivers, "") if err != nil { return } // Write plaintext into the returned WriteCloser stream input.Write([]byte(plaintext)) // And close when we're done input.Close() // The decrypted message var plaintextOutput io.Reader _, plaintextOutput, _, err = saltpack.NewDearmor62DecryptStream(&output, keyring) if err != nil { return } // Copy all of the data out of the output decrypted stream, and into standard // output, here for testing / comparison purposes. io.Copy(os.Stdout, plaintextOutput) os.Stdout.Write([]byte{'\n'}) }
Output: The Magic Words are Squeamish Ossifrage
func NewEncryptStream ¶
func NewEncryptStream(ciphertext io.Writer, sender BoxSecretKey, receivers []BoxPublicKey) (io.WriteCloser, error)
NewEncryptStream creates a stream that consumes plaintext data. It will write out encrypted data to the io.Writer passed in as ciphertext. The encryption is from the specified sender, and is encrypted for the given receivers.
Returns an io.WriteClose that accepts plaintext data to be encrypted; and also returns an error if initialization failed.
func NewSignArmor62Stream ¶
func NewSignArmor62Stream(signedtext io.Writer, signer SigningSecretKey, brand string) (stream io.WriteCloser, err error)
NewSignArmor62Stream creates a stream that consumes plaintext data. It will write out signed data to the io.Writer passed in as signedtext. The `brand` is optional, and allows you to specify your "white label" brand to this signature. NewSignArmor62Stream only generates attached signatures.
The signed data is armored with the recommended armor62-style format.
Example ¶
package main import ( "bytes" "fmt" "github.com/keybase/client/go/saltpack" "github.com/keybase/client/go/saltpack/basic" "io" "os" ) func main() { var err error // Make a new Keyring, initialized to be empty keyring := basic.NewKeyring() // The test message msg := []byte("The Magic Words are Squeamish Ossifrage") // Make a secret key for the sender var signer saltpack.SigningSecretKey signer, err = keyring.GenerateSigningKey() if err != nil { return } // Make a new signature stream. We write the input data into // the input stream, and we read output out of the output stream. // In this case, the output stream is just a buffer. var input io.WriteCloser var output bytes.Buffer input, err = saltpack.NewSignArmor62Stream(&output, signer, "") if err != nil { return } // Write the message into the input stream, and then close input.Write(msg) input.Close() // The verified message. We pass the signed stream as the first argument // as a stream (here a bytes.Buffer which is output from above), and read the // verified data out of verified stream. var verifiedStream io.Reader var signingPublicKey saltpack.SigningPublicKey signingPublicKey, verifiedStream, _, err = saltpack.NewDearmor62VerifyStream(&output, keyring) if err != nil { return } // Assert we got the right key back. if saltpack.PublicKeyEqual(signingPublicKey, signer.GetPublicKey()) { fmt.Println("The right key") } // Copy all of the data out of the verified stream, and into standard // output, here for testing / comparison purposes. io.Copy(os.Stdout, verifiedStream) os.Stdout.Write([]byte{'\n'}) }
Output: The right key The Magic Words are Squeamish Ossifrage
func NewSignDetachedArmor62Stream ¶
func NewSignDetachedArmor62Stream(detachedsig io.Writer, signer SigningSecretKey, brand string) (stream io.WriteCloser, err error)
NewSignDetachedArmor62Stream creates a stream that consumes plaintext data. It will write out the detached signature to the io.Writer passed in as detachedsig. The `brand` is optional, and allows you to specify your "white label" brand to this signature.
The signed data is armored with the recommended armor62-style NewSignDetachedArmor62Stream only generates detached signatures.
The signature is armored with the recommended armor62-style format.
func NewSignDetachedStream ¶
func NewSignDetachedStream(detachedsig io.Writer, signer SigningSecretKey) (stream io.WriteCloser, err error)
NewSignDetachedStream creates a stream that consumes plaintext data. It will write out a detached signature to the io.Writer passed in as detachedsig.
func NewSignStream ¶
func NewSignStream(signedtext io.Writer, signer SigningSecretKey) (stream io.WriteCloser, err error)
NewSignStream creates a stream that consumes plaintext data. It will write out signed data to the io.Writer passed in as signedtext. NewSignStream only generates attached signatures.
func PublicKeyEqual ¶
func PublicKeyEqual(k1, k2 BasePublicKey) bool
PublicKeyEqual returns true if the two public keys are equal.
func Seal ¶
func Seal(plaintext []byte, sender BoxSecretKey, receivers []BoxPublicKey) (out []byte, err error)
Seal a plaintext from the given sender, for the specified receiver groups. Returns a ciphertext, or an error if something bad happened.
func Sign ¶
func Sign(plaintext []byte, signer SigningSecretKey) ([]byte, error)
Sign creates an attached signature message of plaintext from signer.
func SignArmor62 ¶
func SignArmor62(plaintext []byte, signer SigningSecretKey, brand string) (string, error)
SignArmor62 creates an attached armored signature message of plaintext from signer.
Example ¶
package main import ( "fmt" "github.com/keybase/client/go/saltpack" "github.com/keybase/client/go/saltpack/basic" ) func main() { var err error // Make a new Keyring, initialized to be empty keyring := basic.NewKeyring() // The test message msg := []byte("The Magic Words are Squeamish Ossifrage") // Make a secret key for the sender var signer saltpack.SigningSecretKey signer, err = keyring.GenerateSigningKey() if err != nil { return } var signed string signed, err = saltpack.SignArmor62(msg, signer, "") if err != nil { return } // The verified message should match the input mesasge. var verifiedMsg []byte var signingPublicKey saltpack.SigningPublicKey signingPublicKey, verifiedMsg, _, err = saltpack.Dearmor62Verify(signed, keyring) if err != nil { return } if saltpack.PublicKeyEqual(signingPublicKey, signer.GetPublicKey()) { fmt.Println("The right key") } fmt.Println(string(verifiedMsg)) }
Output: The right key The Magic Words are Squeamish Ossifrage
func SignDetached ¶
func SignDetached(plaintext []byte, signer SigningSecretKey) ([]byte, error)
SignDetached returns a detached signature of plaintext from signer.
func SignDetachedArmor62 ¶
func SignDetachedArmor62(plaintext []byte, signer SigningSecretKey, brand string) (string, error)
SignDetachedArmor62 returns a detached armored signature of plaintext from signer.
Types ¶
type BasePublicKey ¶
type BasePublicKey interface { // ToKID outputs the "key ID" that corresponds to this key. // You can do whatever you'd like here, but probably it makes sense just // to output the public key as is. ToKID() []byte }
BasePublicKey types can output a key ID corresponding to the key.
type BoxPrecomputedSharedKey ¶
type BoxPrecomputedSharedKey interface {}
BoxPrecomputedSharedKey results from a Precomputation below.
type BoxPublicKey ¶
type BoxPublicKey interface { BasePublicKey // ToRawBoxKeyPointer returns this public key as a *[32]byte, // for use with nacl.box.Seal ToRawBoxKeyPointer() *RawBoxKey // CreateEmphemeralKey creates an ephemeral key of the same type, // but totally random. CreateEphemeralKey() (BoxSecretKey, error) // HideIdentity returns true if we should hide the identity of this // key in our output message format. HideIdentity() bool }
BoxPublicKey is an generic interface to NaCl's public key Box function.
type BoxSecretKey ¶
type BoxSecretKey interface { // Box boxes up data, sent from this secret key, and to the receiver // specified. Box(receiver BoxPublicKey, nonce *Nonce, msg []byte) []byte // Unobx opens up the box, using this secret key as the receiver key // abd the give public key as the sender key. Unbox(sender BoxPublicKey, nonce *Nonce, msg []byte) ([]byte, error) // GetPublicKey gets the public key associated with this secret key. GetPublicKey() BoxPublicKey // Precompute computes a DH with the given key Precompute(sender BoxPublicKey) BoxPrecomputedSharedKey }
BoxSecretKey is the secret key corresponding to a BoxPublicKey
type ErrBadCiphertext ¶
type ErrBadCiphertext packetSeqno
ErrBadCiphertext is generated when decryption fails due to improper authentication. It specifies which Packet sequence number the bad packet was in.
func (ErrBadCiphertext) Error ¶
func (e ErrBadCiphertext) Error() string
type ErrBadFrame ¶
type ErrBadFrame struct {
// contains filtered or unexported fields
}
ErrBadFrame shows up when the BEGIN or END frames have issues
func (ErrBadFrame) Error ¶
func (e ErrBadFrame) Error() string
type ErrBadTag ¶
type ErrBadTag packetSeqno
ErrBadTag is generated when a payload hash doesn't match the hash authenticator. It specifies which Packet sequence number the bad packet was in.
type ErrBadVersion ¶
type ErrBadVersion struct {
// contains filtered or unexported fields
}
ErrBadVersion is returned if a packet of an unsupported version is found. Current, only Version1 is supported.
func (ErrBadVersion) Error ¶
func (e ErrBadVersion) Error() string
type ErrInvalidParameter ¶
type ErrInvalidParameter struct {
// contains filtered or unexported fields
}
ErrInvalidParameter signifies that a function was called with an invalid parameter.
func (ErrInvalidParameter) Error ¶
func (e ErrInvalidParameter) Error() string
type ErrRepeatedKey ¶
type ErrRepeatedKey []byte
ErrRepeatedKey is produced during encryption if a key is repeated; keys must be unique.
func (ErrRepeatedKey) Error ¶
func (e ErrRepeatedKey) Error() string
type ErrWrongMessageType ¶
type ErrWrongMessageType struct {
// contains filtered or unexported fields
}
ErrWrongMessageType is produced if one packet tag was expected, but a packet of another tag was found.
func (ErrWrongMessageType) Error ¶
func (e ErrWrongMessageType) Error() string
type Frame ¶
type Frame interface { // GetHeader() returns the frame associated with this stream, or an error GetHeader() (string, error) GetFooter() (string, error) }
Frame is a way to read the frame out of a Decoder stream.
type Keyring ¶
type Keyring interface { // LookupBoxSecretKey looks in the Keyring for the secret key corresponding // to one of the given Key IDs. Returns the index and the key on success, // or -1 and nil on failure. LookupBoxSecretKey(kids [][]byte) (int, BoxSecretKey) // LookupBoxPublicKey returns a public key given the specified key ID. // For most cases, the key ID will be the key itself. LookupBoxPublicKey(kid []byte) BoxPublicKey // GetAllSecretKeys returns all keys, needed if we want to support // "hidden" receivers via trial and error GetAllBoxSecretKeys() []BoxSecretKey // ImportEphemeralKey imports the ephemeral key into // BoxPublicKey format. This key has never been seen before, so // will be ephemeral. ImportBoxEphemeralKey(kid []byte) BoxPublicKey }
Keyring is an interface used with decryption; it is called to recover public or private keys during the decryption process. Calls can block on network action.
type MessageKeyInfo ¶
type MessageKeyInfo struct { // These fields are cryptographically verified SenderKey BoxPublicKey SenderIsAnon bool ReceiverKey BoxSecretKey ReceiverIsAnon bool // These fields are not cryptographically verified, and are just repeated from what // we saw in the incoming message. NamedReceivers [][]byte NumAnonReceivers int }
MessageKeyInfo conveys all of the data about the keys used in this encrypted message.
func Dearmor62DecryptOpen ¶
Dearmor62DecryptOpen takes an armor62'ed, encrypted ciphertext and attempts to dearmor and decrypt it, using the provided keyring. Checks that the frames in the armor are as expected. Returns the MessageKeyInfo recovered during message processing, the plaintext (if decryption succeeded), the armor branding, and maybe an error if there was a failure.
func NewDecryptStream ¶
func NewDecryptStream(r io.Reader, keyring Keyring) (mki *MessageKeyInfo, plaintext io.Reader, err error)
NewDecryptStream starts a streaming decryption. It synchronously ingests and parses the given Reader's encryption header. It consults the passed keyring for the decryption keys needed to decrypt the message. On failure, it returns a null Reader and an error message. On success, it returns a Reader with the plaintext stream, and a nil error. In either case, it will return a `MessageKeyInfo` which tells about who the sender was, and which of the Receiver's keys was used to decrypt the message.
Note that the caller has an opportunity not to ingest the plaintext if he doesn't trust the sender revealed in the MessageKeyInfo.
type MessageType ¶
type MessageType int
MessageType is an int used to describe what "type" of message it is.
const MessageTypeAttachedSignature MessageType = 1
MessageTypeAttachedSignature is a packet type to describe an attached signature.
const MessageTypeDetachedSignature MessageType = 2
MessageTypeDetachedSignature is a packet type to describe a detached signature.
const MessageTypeEncryption MessageType = 0
MessageTypeEncryption is a packet type to describe an encryption message.
func (MessageType) String ¶
func (m MessageType) String() string
type Nonce ¶
type Nonce [nonceBytes]byte
Nonce is a NaCl-style nonce, with 24 bytes of data, some of which can be counter values, and some of which can be random-ish values.
type RawBoxKey ¶
type RawBoxKey [32]byte
RawBoxKey is the raw byte-representation of what a box key should look like, a static 32-byte buffer. Used for NaCl Box.
type SigKeyring ¶
type SigKeyring interface { // LookupSigningPublicKey returns a public signing key for the specified key ID. LookupSigningPublicKey(kid []byte) SigningPublicKey }
SigKeyring is an interface used during verification to find the public key for the signer of a message.
type SignatureHeader ¶
type SignatureHeader struct { FormatName string `codec:"format_name"` Version Version `codec:"vers"` Type MessageType `codec:"type"` SenderPublic []byte `codec:"sender_public"` Nonce []byte `codec:"nonce"` // contains filtered or unexported fields }
SignatureHeader is the first packet in a signed message.
type SigningPublicKey ¶
type SigningPublicKey interface { BasePublicKey // Verify verifies that signature is a valid signature of message for // this public key. Verify(message []byte, signature []byte) error }
SigningPublicKey is a public NaCl key that can verify signatures.
func Dearmor62Verify ¶
func Dearmor62Verify(signedMsg string, keyring SigKeyring) (skey SigningPublicKey, verifiedMsg []byte, brand string, err error)
Dearmor62Verify checks the signature in signedMsg. It returns the signer's public key and a verified message. It expects signedMsg to be armor62-encoded.
func Dearmor62VerifyDetached ¶
func Dearmor62VerifyDetached(message []byte, signature string, keyring SigKeyring) (skey SigningPublicKey, brand string, err error)
Dearmor62VerifyDetached verifies that signature is a valid armor62-encoded signature for message, and that the public key for the signer is in keyring. It returns the signer's public key.
func Dearmor62VerifyDetachedReader ¶
func Dearmor62VerifyDetachedReader(r io.Reader, signature string, keyring SigKeyring) (skey SigningPublicKey, brand string, err error)
Dearmor62VerifyDetachedReader verifies that signature is a valid armor62-encoded signature for entire message read from Reader, and that the public key for the signer is in keyring. It returns the signer's public key.
func NewVerifyStream ¶
func NewVerifyStream(r io.Reader, keyring SigKeyring) (skey SigningPublicKey, vs io.Reader, err error)
NewVerifyStream creates a stream that consumes data from reader r. It returns the signer's public key and a reader that only contains verified data. If the signer's key is not in keyring, it will return an error.
func Verify ¶
func Verify(signedMsg []byte, keyring SigKeyring) (skey SigningPublicKey, verifiedMsg []byte, err error)
Verify checks the signature in signedMsg. It returns the signer's public key and a verified message.
func VerifyDetached ¶
func VerifyDetached(message, signature []byte, keyring SigKeyring) (skey SigningPublicKey, err error)
VerifyDetached verifies that signature is a valid signature for message, and that the public key for the signer is in keyring. It returns the signer's public key.
func VerifyDetachedReader ¶
func VerifyDetachedReader(message io.Reader, signature []byte, keyring SigKeyring) (skey SigningPublicKey, err error)
VerifyDetachedReader verifies that signature is a valid signature for entire message read from message Reader, and that the public key for the signer is in keyring. It returns the signer's public key.
type SigningSecretKey ¶
type SigningSecretKey interface { // Sign signs message with this secret key. Sign(message []byte) ([]byte, error) // GetPublicKey gets the public key associated with this secret key. GetPublicKey() SigningPublicKey }
SigningSecretKey is a secret NaCl key that can sign messages.
type SymmetricKey ¶
type SymmetricKey [32]byte
SymmetricKey is a template for a symmetric key, a 32-byte static buffer. Used for NaCl SecretBox.