saltpack

package
v1.0.9-0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 21, 2016 License: BSD-3-Clause, BSD-3-Clause Imports: 16 Imported by: 0

Documentation

Index

Constants

View Source
const CryptoAuthBytes = 32

We truncate HMAC512 to the same link that NaCl's crypto_auth function does.

View Source
const CryptoAuthKeyBytes = 32
View Source
const EncryptionBlockSize int = 1048576

EncryptionBlockSize is by default 1MB and can't currently be tweaked.

View Source
const NonceBytes = 24
View Source
const NoncePrefixEncryption = "encryption nonce prefix"

NoncePrefixEncryption is the prefix used to create the nonce when using the nonce for encryption.

View Source
const SaltpackFormatName = "saltpack"

SaltpackFormatName is the publicly advertised name of the format, used in the header of the message and also in Nonce creation.

View Source
const SignatureAttachedString = "saltpack attached signature\x00"

SignatureAttachedString is part of the data that is signed in each payload packet.

View Source
const SignatureBlockSize int = 1048576

SignatureBlockSize is by default 1MB and can't currently be tweaked.

View Source
const SignatureDetachedString = "saltpack detached signature\x00"

SignatureDetachedString is part of the data that is signed in a detached signature.

Variables

View Source
var (
	// ErrNoDecryptionKey is an error indicating no decryption key was found for the
	// incoming message. You'll get one of these if you respond to a Keyring.LookupSecretBoxKey
	// request with a (-1,nil) return value, and no hidden keys are found.
	ErrNoDecryptionKey = errors.New("no decryption key found for message")

	// ErrNoSenderKey indicates that on decryption/verification we couldn't find a public key
	// for the sender.
	ErrNoSenderKey = errors.New("no sender key found for message")

	// ErrTrailingGarbage indicates that additional msgpack packets were found after the
	// end of the encryption stream.
	ErrTrailingGarbage = errors.New("trailing garbage found at end of message")

	// ErrFailedToReadHeaderBytes indicates that we failed to read the
	// doubly-encoded header bytes object from the input stream.
	ErrFailedToReadHeaderBytes = errors.New("failed to read header bytes")

	// ErrPacketOverflow indicates that more than (2^64-2) packets were found in an encryption
	// stream.  This would indicate a very big message, and results in an error here.
	ErrPacketOverflow = errors.New("no more than 2^32 packets in a message are supported")

	// ErrInsufficientRandomness is generated when the encryption fails to collect
	// enough randomness to proceed.  We're using the standard crypto/rand source
	// of randomness, so this should never happen
	ErrInsufficientRandomness = errors.New("could not collect enough randomness")

	// ErrBadEphemeralKey is for when an ephemeral key fails to be properly
	// imported.
	ErrBadEphemeralKey = errors.New("bad ephermal key in header")

	// ErrBadReceivers shows up when you pass a bad receivers vector
	ErrBadReceivers = errors.New("bad receivers argument")

	// ErrBadSenderKeySecretbox is returned if the sender secretbox fails to
	// open.
	ErrBadSenderKeySecretbox = errors.New("sender secretbox failed to open")

	// ErrBadSymmetricKey is returned if a key with the wrong number of bytes
	// is discovered in the encryption header.
	ErrBadSymmetricKey = errors.New("bad symmetric key; must be 32 bytes")

	// ErrBadBoxKey is returned if a key with the wrong number of bytes
	// is discovered in the encryption header.
	ErrBadBoxKey = errors.New("bad box key; must be 32 bytes")

	// ErrBadLookup is when the user-provided key lookup gives a bad value
	ErrBadLookup = errors.New("bad key lookup")

	// ErrBadSignature is returned when verification of a block fails.
	ErrBadSignature = errors.New("invalid signature")
)
View Source
var Armor62Params = ArmorParams{
	BytesPerWord: 15,
	WordsPerLine: 200,
	Punctuation:  byte('.'),
	Encoding:     basex.Base62StdEncoding,
}

Armor62Params are the armoring parameters we recommend for use with a generic armorer. It specifies the spaces between words, the spacing between lines, some simple punctuation, and an encoding alphabet.

View Source
var ErrOverflow = errors.New("buffer was overflowed before we found punctuation")

ErrOverflow is returned if we were looking for punctuation but our quota was overflowed before we found the needed character.

View Source
var ErrPunctuated = errors.New("found punctuation in stream")

ErrPunctuated is produced when a punctuation character is found in the stream. It can be returned along with data, unlike usual errors.

View Source
var SaltpackCurrentVersion = Version{Major: 1, Minor: 0}

SaltpackCurrentVersion is currently the only supported packet version, 1.0.

Functions

func Armor62Open

func Armor62Open(msg string) (body []byte, header string, footer string, err error)

Armor62Open runs armor stream decoding, but on a string, and it outputs a string.

func Armor62Seal

func Armor62Seal(plaintext []byte, typ MessageType, brand string) (string, error)

Armor62Seal takes an input plaintext and returns and output armor encoding as a string, or an error if a problem was encountered. Also provide a header and a footer to frame the message. Uses Base62 encoding scheme

func ArmorOpen

func ArmorOpen(msg string, params ArmorParams) (body []byte, header string, footer string, err error)

ArmorOpen runs armor stream decoding, but on a string, and it outputs a string.

func ArmorSeal

func ArmorSeal(plaintext []byte, header string, footer string, params ArmorParams) (string, error)

ArmorSeal takes an input plaintext and returns and output armor encoding as a string, or an error if a problem was encountered. Also provide a header and a footer to frame the message.

func CheckArmor62

func CheckArmor62(hdr string, ftr string, typ MessageType) (brand string, err error)

CheckArmor62Frame checks that the frame matches our standard begin/end frame

func CheckArmor62Frame

func CheckArmor62Frame(frame Frame, typ MessageType) (brand string, err error)

CheckArmor62Frame checks that the frame matches our standard begin/end frame

func EncryptArmor62Seal

func EncryptArmor62Seal(plaintext []byte, sender BoxSecretKey, receivers []BoxPublicKey, brand string) (string, error)

EncryptArmor62Seal is the non-streaming version of NewEncryptArmor62Stream, which inputs a plaintext (in bytes) and output a ciphertext (as a string).

func KIDEqual

func KIDEqual(k1, k2 KIDExtractor) bool

KIDEqual return true if the KIDs for two keys are equal.

func MakeArmorFooter

func MakeArmorFooter(typ MessageType, brand string) string

func MakeArmorHeader

func MakeArmorHeader(typ MessageType, brand string) string

func NewArmor62EncoderStream

func NewArmor62EncoderStream(encoded io.Writer, typ MessageType, brand string) (io.WriteCloser, error)

NewArmor62EncoderStream makes a new Armor 62 encoding stream, using the base62-alphabet and a 32/43 encoding rate strategy. Pass it an `encoded` stream writer to write the encoded stream to. Also pass an optional "brand" . It will return an io.WriteCloser on success, that you can write raw (unencoded) data to. An error will be returned if there is trouble writing the header to encoded.

To make the output look pretty, a space is inserted every 15 characters of output, and a newline is inserted every 200 words.

func NewArmorEncoderStream

func NewArmorEncoderStream(encoded io.Writer, header string, footer string, params ArmorParams) (io.WriteCloser, error)

NewArmorEncoderStream makes a new Armor encoding stream, using the given encoding Pass it an `encoded` stream writer to write the encoded stream to. Also pass a header, and a footer string. It will return an io.WriteCloser on success, that you can write raw (unencoded) data to. An error will be returned if there is trouble writing the header to encoded.

To make the output look pretty, a space is inserted every 15 characters of output, and a newline is inserted every 200 words.

func NewDearmor62DecryptStream

func NewDearmor62DecryptStream(ciphertext io.Reader, kr Keyring) (*MessageKeyInfo, io.Reader, Frame, error)

NewDearmor62DecryptStream makes a new stream that dearmors and decrypts the given Reader stream. Pass it a keyring so that it can lookup private and public keys as necessary

func NewDearmor62VerifyStream

func NewDearmor62VerifyStream(r io.Reader, keyring SigKeyring) (skey SigningPublicKey, vs io.Reader, frame Frame, err error)

NewDearmor62VerifyStream creates a stream that consumes data from reader r. It returns the signer's public key and a reader that only contains verified data. If the signer's key is not in keyring, it will return an error. It expects the data it reads from r to be armor62-encoded.

func NewEncryptArmor62Stream

func NewEncryptArmor62Stream(ciphertext io.Writer, sender BoxSecretKey, receivers []BoxPublicKey, brand string) (plaintext io.WriteCloser, err error)

NewEncryptArmor62Stream creates a stream that consumes plaintext data. It will write out encrypted data to the io.Writer passed in as ciphertext. The encryption is from the specified sender, and is encrypted for the given receivers.

The "brand" is the optional "brand" string to put into the header and footer.

The ciphertext is additionally armored with the recommended armor62-style format.

Returns an io.WriteCloser that accepts plaintext data to be encrypted; and also returns an error if initialization failed.

func NewEncryptStream

func NewEncryptStream(ciphertext io.Writer, sender BoxSecretKey, receivers []BoxPublicKey) (io.WriteCloser, error)

NewEncryptStream creates a stream that consumes plaintext data. It will write out encrypted data to the io.Writer passed in as ciphertext. The encryption is from the specified sender, and is encrypted for the given receivers.

Returns an io.WriteClose that accepts plaintext data to be encrypted; and also returns an error if initialization failed.

func NewSignArmor62Stream

func NewSignArmor62Stream(signedtext io.Writer, signer SigningSecretKey, brand string) (stream io.WriteCloser, err error)

NewSignArmor62Stream creates a stream that consumes plaintext data. It will write out signed data to the io.Writer passed in as signedtext. The `brand` is optional, and allows you to specify your "white label" brand to this signature. NewSignArmor62Stream only generates attached signatures.

The signed data is armored with the recommended armor62-style format.

func NewSignDetachedArmor62Stream

func NewSignDetachedArmor62Stream(detachedsig io.Writer, signer SigningSecretKey, brand string) (stream io.WriteCloser, err error)

NewSignDetachedArmor62Stream creates a stream that consumes plaintext data. It will write out the detached signature to the io.Writer passed in as detachedsig. The `brand` is optional, and allows you to specify your "white label" brand to this signature.

The signed data is armored with the recommended armor62-style NewSignDetachedArmor62Stream only generates detached signatures.

The signature is armored with the recommended armor62-style format.

func NewSignDetachedStream

func NewSignDetachedStream(detachedsig io.Writer, signer SigningSecretKey) (stream io.WriteCloser, err error)

NewSignDetachedStream creates a stream that consumes plaintext data. It will write out a detached signature to the io.Writer passed in as detachedsig.

func NewSignStream

func NewSignStream(signedtext io.Writer, signer SigningSecretKey) (stream io.WriteCloser, err error)

NewSignStream creates a stream that consumes plaintext data. It will write out signed data to the io.Writer passed in as signedtext. NewSignStream only generates attached signatures.

func PublicKeyEqual

func PublicKeyEqual(pk1, pk2 BoxPublicKey) bool

PublicKeyEqual returns true if the two public keys are equal.

func Seal

func Seal(plaintext []byte, sender BoxSecretKey, receivers []BoxPublicKey) (out []byte, err error)

Seal a plaintext from the given sender, for the specified receiver groups. Returns a ciphertext, or an error if something bad happened.

func SecretKeyEqual

func SecretKeyEqual(sk1, sk2 BoxSecretKey) bool

SecretKeyEqual returns true if the two secret keys are equal.

func Sign

func Sign(plaintext []byte, signer SigningSecretKey) ([]byte, error)

Sign creates an attached signature message of plaintext from signer.

func SignArmor62

func SignArmor62(plaintext []byte, signer SigningSecretKey, brand string) (string, error)

SignArmor62 creates an attached armored signature message of plaintext from signer.

func SignDetached

func SignDetached(plaintext []byte, signer SigningSecretKey) ([]byte, error)

SignDetached returns a detached signature of plaintext from signer.

func SignDetachedArmor62

func SignDetachedArmor62(plaintext []byte, signer SigningSecretKey, brand string) (string, error)

SignDetachedArmor62 returns a detached armored signature of plaintext from signer.

Types

type ArmorParams

type ArmorParams struct {
	// BytesPerWord is the number of characters in each "word" of output.
	// We'll put spaces between words.
	BytesPerWord int
	// WordsPerLine is the number of words for each line of output. We'll
	// put newlines between two subsequent lines of output.
	WordsPerLine int
	// Punctuation is the byte inserted after the three "sentences" of
	// our encoding -- the header, the body and the footer.
	Punctuation byte
	// Encoding is the basex encoding to use, including strictness parameters
	Encoding *basex.Encoding
}

ArmorParams specify armor formatting, encoding and punctuation.

type BoxPrecomputedSharedKey

type BoxPrecomputedSharedKey interface {
	Unbox(nonce *Nonce, msg []byte) ([]byte, error)
	Box(nonce *Nonce, msg []byte) []byte
}

BoxPrecomputedSharedKey results from a Precomputation below.

type BoxPublicKey

type BoxPublicKey interface {
	KIDExtractor

	// ToRawBoxKeyPointer returns this public key as a *[32]byte,
	// for use with nacl.box.Seal
	ToRawBoxKeyPointer() *RawBoxKey

	// CreateEmphemeralKey creates an ephemeral key of the same type,
	// but totally random.
	CreateEphemeralKey() (BoxSecretKey, error)

	// HideIdentity returns true if we should hide the identity of this
	// key in our output message format.
	HideIdentity() bool
}

BoxPublicKey is an generic interface to NaCl's public key Box function.

type BoxSecretKey

type BoxSecretKey interface {

	// Box boxes up data, sent from this secret key, and to the receiver
	// specified.
	Box(receiver BoxPublicKey, nonce *Nonce, msg []byte) []byte

	// Unobx opens up the box, using this secret key as the receiver key
	// abd the give public key as the sender key.
	Unbox(sender BoxPublicKey, nonce *Nonce, msg []byte) ([]byte, error)

	// GetPublicKey gets the public key associated with this secret key.
	GetPublicKey() BoxPublicKey

	// Precompute computes a DH with the given key
	Precompute(sender BoxPublicKey) BoxPrecomputedSharedKey
}

BoxSecretKey is the secret key corresponding to a BoxPublicKey

type EncryptionBlock

type EncryptionBlock struct {
	HashAuthenticators [][]byte `codec:"authenticators"`
	PayloadCiphertext  []byte   `codec:"ctext"`
	// contains filtered or unexported fields
}

EncryptionBlock contains a block of encrypted data. It contains the ciphertext, and any necessary authentication Tags.

type EncryptionHeader

type EncryptionHeader struct {
	FormatName      string         `codec:"format_name"`
	Version         Version        `codec:"vers"`
	Type            MessageType    `codec:"type"`
	Ephemeral       []byte         `codec:"ephemeral"`
	SenderSecretbox []byte         `codec:"sendersecretbox"`
	Receivers       []receiverKeys `codec:"rcvrs"`
	// contains filtered or unexported fields
}

EncryptionHeader is the first packet in an encrypted message. It contains the encryptions of the session keys, and various message metadata.

type ErrBadCiphertext

type ErrBadCiphertext PacketSeqno

ErrBadCiphertext is generated when decryption fails due to improper authentication. It specifies which Packet sequence number the bad packet was in.

func (ErrBadCiphertext) Error

func (e ErrBadCiphertext) Error() string

type ErrBadFrame

type ErrBadFrame struct {
	// contains filtered or unexported fields
}

ErrBadFrame shows up when the BEGIN or END frames have issues

func (ErrBadFrame) Error

func (e ErrBadFrame) Error() string

type ErrBadTag

type ErrBadTag PacketSeqno

ErrBadTag is generated when a payload hash doesn't match the hash authenticator. It specifies which Packet sequence number the bad packet was in.

func (ErrBadTag) Error

func (e ErrBadTag) Error() string

type ErrBadVersion

type ErrBadVersion struct {
	// contains filtered or unexported fields
}

ErrBadVersion is returned if a packet of an unsupported version is found. Current, only Version1 is supported.

func (ErrBadVersion) Error

func (e ErrBadVersion) Error() string

type ErrInvalidParameter

type ErrInvalidParameter struct {
	// contains filtered or unexported fields
}

ErrInvalidParameter signifies that a function was called with an invalid parameter.

func (ErrInvalidParameter) Error

func (e ErrInvalidParameter) Error() string

type ErrRepeatedKey

type ErrRepeatedKey []byte

ErrRepeatedKey is produced during encryption if a key is repeated; keys must be unique.

func (ErrRepeatedKey) Error

func (e ErrRepeatedKey) Error() string

type ErrWrongMessageType

type ErrWrongMessageType struct {
	// contains filtered or unexported fields
}

ErrWrongMessageType is produced if one packet tag was expected, but a packet of another tag was found.

func (ErrWrongMessageType) Error

func (e ErrWrongMessageType) Error() string

type Frame

type Frame interface {
	// GetHeader() returns the frame associated with this stream, or an error
	GetHeader() (string, error)
	// GetFooter() returns the frame associated with this stream, or an error
	GetFooter() (string, error)
}

Frame is a way to read the frame out of a Decoder stream.

func NewArmor62DecoderStream

func NewArmor62DecoderStream(r io.Reader) (io.Reader, Frame, error)

NewArmor62DecoderStream is used to decode input base62-armoring format. It returns a stream you can read from, and also a Frame you can query to see what the open/close frame markers were.

func NewArmorDecoderStream

func NewArmorDecoderStream(r io.Reader, params ArmorParams) (io.Reader, Frame, error)

NewArmorDecoderStream is used to decode armored encoding. It returns a stream you can read from, and also a Frame you can query to see what the open/close frame markers were.

type KIDExtractor

type KIDExtractor interface {
	// ToKID outputs the "key ID" that corresponds to this key.
	// You can do whatever you'd like here, but probably it makes sense just
	// to output the public key as is.
	ToKID() []byte
}

KIDExtractor key types can output a key ID corresponding to the key.

type Keyring

type Keyring interface {
	// LookupBoxSecretKey looks in the Keyring for the secret key corresponding
	// to one of the given Key IDs.  Returns the index and the key on success,
	// or -1 and nil on failure.
	LookupBoxSecretKey(kids [][]byte) (int, BoxSecretKey)

	// LookupBoxPublicKey returns a public key given the specified key ID.
	// For most cases, the key ID will be the key itself.
	LookupBoxPublicKey(kid []byte) BoxPublicKey

	// GetAllSecretKeys returns all keys, needed if we want to support
	// "hidden" receivers via trial and error
	GetAllSecretKeys() []BoxSecretKey

	// ImportEphemeralKey imports the ephemeral key into
	// BoxPublicKey format. This key has never been seen before, so
	// will be ephemeral.
	ImportEphemeralKey(kid []byte) BoxPublicKey
}

Keyring is an interface used with decryption; it is called to recover public or private keys during the decryption process. Calls can block on network action.

type MessageKeyInfo

type MessageKeyInfo struct {
	// These fields are cryptographically verified
	SenderKey      BoxPublicKey
	SenderIsAnon   bool
	ReceiverKey    BoxSecretKey
	ReceiverIsAnon bool

	// These fields are not cryptographically verified, and are just repeated from what
	// we saw in the incoming message.
	NamedReceivers   [][]byte
	NumAnonReceivers int
}

MessageKeyInfo conveys all of the data about the keys used in this encrypted message.

func Dearmor62DecryptOpen

func Dearmor62DecryptOpen(ciphertext string, kr Keyring) (*MessageKeyInfo, []byte, string, error)

Dearmor62DecryptOpen takes an armor62'ed, encrypted ciphertext and attempts to dearmor and decrypt it, using the provided keyring. Checks that the frames in the armor are as expected.

func NewDecryptStream

func NewDecryptStream(r io.Reader, keyring Keyring) (mki *MessageKeyInfo, plaintext io.Reader, err error)

NewDecryptStream starts a streaming decryption. It synchronously ingests and parses the given Reader's encryption header. It consults the passed keyring for the decryption keys needed to decrypt the message. On failure, it returns a null Reader and an error message. On success, it returns a Reader with the plaintext stream, and a nil error. In either case, it will return a `MessageKeyInfo` which tells about who the sender was, and which of the Receiver's keys was used to decrypt the message.

Note that the caller has an opportunity not to ingest the plaintext if he doesn't trust the sender revealed in the MessageKeyInfo.

func Open

func Open(ciphertext []byte, keyring Keyring) (i *MessageKeyInfo, plaintext []byte, err error)

Open simply opens a ciphertext given the set of keys in the specified keyring. It returns a plaintext on sucess, and an error on failure. It returns the header's MessageKeyInfo in either case.

type MessageType

type MessageType int

MessageType is an int used to describe what "type" of message it is.

const MessageTypeAttachedSignature MessageType = 1

MessageTypeAttachedSignature is a packet type to describe an attached signature.

const MessageTypeDetachedSignature MessageType = 2

MessageTypeDetachedSignature is a packet type to describe a detached signature.

const MessageTypeEncryption MessageType = 0

MessageTypeEncryption is a packet type to describe an encryption message.

func (MessageType) String

func (m MessageType) String() string

type Nonce

type Nonce [NonceBytes]byte

Nonce is a NaCl-style nonce, with 24 bytes of data, some of which can be counter values, and some of which can be random-ish values.

type PacketSeqno

type PacketSeqno uint64

PacketSeqno is a special int type used to describe which packet in the sequence we're dealing with. The header is always at seqno=0. Other packets follow. Note that there is a distinction between PacketSeqno and EncryptionBlockNumber. In general, the former is one more than the latter.

type PunctuatedReader

type PunctuatedReader struct {
	// contains filtered or unexported fields
}

PunctuatedReader is a stream reader that reads until it hits a usual error OR until it hits a punctuation character. In that latter case it returns an `ErrPunctuation` "error" so that way callers can tell the difference between a normal EOF and a "punctuated" EOF.

func NewPunctuatedReader

func NewPunctuatedReader(r io.Reader, p byte) *PunctuatedReader

NewPunctuatedReader returns a new PunctuatedReader given an underlying read stream and a punctuation byte.

func (*PunctuatedReader) Read

func (p *PunctuatedReader) Read(out []byte) (n int, err error)

Read from the PunctuatedReader, potentially returning an `ErrPunctuation` if a punctuation character was found.

func (*PunctuatedReader) ReadUntilPunctuation

func (p *PunctuatedReader) ReadUntilPunctuation(lim int) (res []byte, err error)

ReadUntilPunctuation reads from the stream until it find a desired punctuation byte. If it wasn't found before EOF, it will return io.ErrUnexpectedEOF. If it wasn't found before lim bytes are consumed, then it will return ErrOverflow.

type RawBoxKey

type RawBoxKey [32]byte

RawBoxKey is the raw byte-representation of what a box key should look like, a static 32-byte buffer. Used for NaCl Box.

type SigKeyring

type SigKeyring interface {
	// LookupSigningPublicKey returns a public signing key for the specified key ID.
	LookupSigningPublicKey(kid []byte) SigningPublicKey
}

SigKeyring is an interface used during verification to find the public key for the signer of a message.

type SigNonce

type SigNonce [16]byte

SigNonce is a nonce for signatures.

func NewSigNonce

func NewSigNonce() (SigNonce, error)

NewSigNonce creates a SigNonce with random bytes.

type SignatureBlock

type SignatureBlock struct {
	Signature    []byte `codec:"signature"`
	PayloadChunk []byte `codec:"payload_chunk"`
	// contains filtered or unexported fields
}

SignatureBlock contains a block of signed data.

type SignatureHeader

type SignatureHeader struct {
	FormatName   string      `codec:"format_name"`
	Version      Version     `codec:"vers"`
	Type         MessageType `codec:"type"`
	SenderPublic []byte      `codec:"sender_public"`
	Nonce        []byte      `codec:"nonce"`
	// contains filtered or unexported fields
}

SignatureHeader is the first packet in a signed message.

type SigningPublicKey

type SigningPublicKey interface {
	KIDExtractor

	// Verify verifies that signature is a valid signature of message for
	// this public key.
	Verify(message []byte, signature []byte) error
}

SigningPublicKey is a public NaCl key that can verify signatures.

func Dearmor62Verify

func Dearmor62Verify(signedMsg string, keyring SigKeyring) (skey SigningPublicKey, verifiedMsg []byte, brand string, err error)

Dearmor62Verify checks the signature in signedMsg. It returns the signer's public key and a verified message. It expects signedMsg to be armor62-encoded.

func Dearmor62VerifyDetached

func Dearmor62VerifyDetached(message []byte, signature string, keyring SigKeyring) (skey SigningPublicKey, brand string, err error)

Dearmor62VerifyDetached verifies that signature is a valid armor62-encoded signature for message, and that the public key for the signer is in keyring. It returns the signer's public key.

func Dearmor62VerifyDetachedReader

func Dearmor62VerifyDetachedReader(r io.Reader, signature string, keyring SigKeyring) (skey SigningPublicKey, brand string, err error)

Dearmor62VerifyDetachedReader verifies that signature is a valid armor62-encoded signature for entire message read from Reader, and that the public key for the signer is in keyring. It returns the signer's public key.

func NewVerifyStream

func NewVerifyStream(r io.Reader, keyring SigKeyring) (skey SigningPublicKey, vs io.Reader, err error)

NewVerifyStream creates a stream that consumes data from reader r. It returns the signer's public key and a reader that only contains verified data. If the signer's key is not in keyring, it will return an error.

func Verify

func Verify(signedMsg []byte, keyring SigKeyring) (skey SigningPublicKey, verifiedMsg []byte, err error)

Verify checks the signature in signedMsg. It returns the signer's public key and a verified message.

func VerifyDetached

func VerifyDetached(message, signature []byte, keyring SigKeyring) (skey SigningPublicKey, err error)

VerifyDetached verifies that signature is a valid signature for message, and that the public key for the signer is in keyring. It returns the signer's public key.

func VerifyDetachedReader

func VerifyDetachedReader(message io.Reader, signature []byte, keyring SigKeyring) (skey SigningPublicKey, err error)

VerifyDetachedReader verifies that signature is a valid signature for entire message read from message Reader, and that the public key for the signer is in keyring. It returns the signer's public key.

type SigningSecretKey

type SigningSecretKey interface {
	// Sign signs message with this secret key.
	Sign(message []byte) ([]byte, error)

	// PublicKey gets the public key associated with this secret key.
	PublicKey() SigningPublicKey
}

SigningSecretKey is a secret NaCl key that can sign messages.

type SymmetricKey

type SymmetricKey [32]byte

SymmetricKey is a template for a symmetric key, a 32-byte static buffer. Used for NaCl SecretBox.

type Version

type Version struct {
	Major int `codec:"major"`
	Minor int `codec:"minor"`
	// contains filtered or unexported fields
}

Version is a major.minor pair that shows the version of the whole file

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL