encdec

package module
v1.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 17, 2024 License: CC0-1.0 Imports: 17 Imported by: 1

README

Simple encryption/decryption tool

This is a simple CLI program and library to encrypt and decrypt files.

The AEAD used is ChaCha20-Poly1305 and the KDF used is argon2. Only argon2id is supported.

Limitations

  • This program does not commit to securely wipe sensitive data from memory, such as passwords and cryptography keys.

Documentation

Index

Constants

View Source
const (
	ArgonVersion = 19
	ArgonType    = "argon2id"
	SaltSize     = 16
	ArgonTime    = 1
	ArgonMemory  = 1 << 21
	ArgonThreads = 4
	ChunkSize    = 64 * (1 << 10) // 64 KiB
)

Default values of params fields.

Variables

This section is empty.

Functions

func Decrypt

func Decrypt(key []byte, src io.Reader, dst io.Writer, params *Params) error

Decrypt decrypts src into dst using a 256-bit key and the params.

func Encrypt

func Encrypt(key []byte, src io.Reader, dst io.Writer, params *Params) error

Encrypt encrypts src into dst using a 256-bit key and the params.

func Key

func Key(password []byte, params *Params) ([]byte, error)

Key uses argon2 algorithm to create a cryptographic key based on password and params.

Depending on the parameters passed to argon2, it can take a significant amount of time and memory. Using the zero value of params it will use the first recommended parameters option specified in RFC9106.

func ReadPassword

func ReadPassword(message string) ([]byte, error)

ReadPassword reads the password from stdin without local echo, displaying message before reading the password. It is safe to interrupt the program with SIGINT when blocked by this function as it will restore the previous state of terminal on exit.

Types

type Params

type Params struct {
	// ArgonVersion defines what version number of Argon2
	// will be used to derivate the key.
	ArgonVersion uint8

	// ArgonType is the version of Argon2 that will be used
	// to derivate the key.
	ArgonType string

	// SaltSize is the length, in bytes, of the salt that will be
	// generated.
	SaltSize uint8

	// Salt is the actual salt used.
	Salt []byte

	// ArgonTime is the number of passes used.
	ArgonTime uint32

	// ArgonMemory is the amount of memory used in KiB.
	ArgonMemory uint32

	// ArgonThreads is the number of threads used.
	ArgonThreads uint8

	// ChunkSize is the length, in bytes, that the plaintext
	// will be splitted and encrypted with different nonces.
	ChunkSize int64
}

Params represents the parameters used to generate a symmetric key using Argon2 and the chunk size in bytes for splitting the payload before encrypting they with unique nonces.

func NewParams

func NewParams() *Params

NewParams creates an instance of Params struct with default configuration

func ParseHeader

func ParseHeader(src io.ReadSeeker) (*Params, error)

ParseHeader parses the header of the given src stream. It create a new Params object and load its fields from the provided header.

func (*Params) Check

func (p *Params) Check() error

Check checks if the Params fields are correctly filled. Correcting them when a field with the zero value is detected or returning an error if a field has an invalid value.

func (*Params) MarshalHeader

func (p *Params) MarshalHeader() ([]byte, error)

MarshalHeader returns a string header as a byte slice made from the Params fields. Returns an error if the Params used are not valid.

type Reader

type Reader struct {
	// contains filtered or unexported fields
}

Reader reads encrypted data from the underlying reader.

func NewReader

func NewReader(key []byte, src io.Reader, params *Params) (*Reader, error)

NewReader creates a new Reader using a 256-bit key.

func (*Reader) Read

func (r *Reader) Read(p []byte) (int, error)

Read up to len(p) bytes, decrypting they and storing them in p. It returns the number of bytes read and any error encountered. At the end of file, Read returns 0 and io.EOF.

type Writer

type Writer struct {
	// contains filtered or unexported fields
}

Writer writes to underlying writer encrypting the data

func NewWriter

func NewWriter(key []byte, dst io.Writer, params *Params) (*Writer, error)

NewWriter creates a new Writer using a 256-bit key.

func (*Writer) Close

func (w *Writer) Close() error

Close encrypt and write any remaning data in the buffer plus the AEAD tag, to the underlying writer. Close returns an error if it has already been called.

func (*Writer) Write

func (w *Writer) Write(p []byte) (int, error)

Write writes len(p) bytes from p to the buffer. If the buffer is complete it will encrypt the data and write to the underlying writer with the AEAD tag appended to it. It returns the number of bytes written to the buffer and an error, if any.

Directories

Path Synopsis
cmd

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL