Documentation
¶
Overview ¶
Package crypto implements a few abstractions around the go crypto packages to manage encryption keys, encrypt small data, and streams.
Index ¶
- Constants
- Variables
- func Fastest(opts ...Option) (int, error)
- type AESKey
- func (k AESKey) Decrypt(data []byte) ([]byte, error)
- func (k AESKey) DecryptKey(encryptedKey []byte) (EncryptionKey, error)
- func (k AESKey) Encrypt(data []byte) ([]byte, error)
- func (k AESKey) Hash(b []byte) []byte
- func (k *AESKey) Logger() Logger
- func (k AESKey) NewKey() (EncryptionKey, error)
- func (k AESKey) ReadEncryptedKey(r io.Reader) (EncryptionKey, error)
- func (k AESKey) StartReader(ctx []byte, r io.Reader) (StreamReader, error)
- func (k AESKey) StartWriter(ctx []byte, w io.Writer) (StreamWriter, error)
- func (k *AESKey) Wipe()
- func (k AESKey) WriteEncryptedKey(w io.Writer) error
- type AESMasterKey
- type AESStreamReader
- type AESStreamWriter
- type Chacha20Poly1305Key
- func (k Chacha20Poly1305Key) Decrypt(data []byte) ([]byte, error)
- func (k Chacha20Poly1305Key) DecryptKey(encryptedKey []byte) (EncryptionKey, error)
- func (k Chacha20Poly1305Key) Encrypt(data []byte) ([]byte, error)
- func (k Chacha20Poly1305Key) Hash(b []byte) []byte
- func (k *Chacha20Poly1305Key) Logger() Logger
- func (k Chacha20Poly1305Key) NewKey() (EncryptionKey, error)
- func (k Chacha20Poly1305Key) ReadEncryptedKey(r io.Reader) (EncryptionKey, error)
- func (k Chacha20Poly1305Key) StartReader(ctx []byte, r io.Reader) (StreamReader, error)
- func (k Chacha20Poly1305Key) StartWriter(ctx []byte, w io.Writer) (StreamWriter, error)
- func (k *Chacha20Poly1305Key) Wipe()
- func (k Chacha20Poly1305Key) WriteEncryptedKey(w io.Writer) error
- type Chacha20Poly1305MasterKey
- type Chacha20Poly1305StreamReader
- type Chacha20Poly1305StreamWriter
- type EncryptionKey
- type Logger
- type MasterKey
- func CreateAESMasterKey(opts ...Option) (MasterKey, error)
- func CreateAESMasterKeyForTest() (MasterKey, error)
- func CreateChacha20Poly1305MasterKey(opts ...Option) (MasterKey, error)
- func CreateChacha20Poly1305MasterKeyForTest() (MasterKey, error)
- func CreateMasterKey(opts ...Option) (MasterKey, error)
- func ReadAESMasterKey(passphrase []byte, file string, opts ...Option) (MasterKey, error)
- func ReadChacha20Poly1305MasterKey(passphrase []byte, file string, opts ...Option) (MasterKey, error)
- func ReadMasterKey(passphrase []byte, file string, opts ...Option) (MasterKey, error)
- type Option
- type StreamReader
- type StreamWriter
Constants ¶
const ( AES256 int = iota // AES256-GCM, AES256-CBC+HMAC-SHA256, PBKDF2. Chacha20Poly1305 // Chacha20Poly1305, Argon2. AES256WithTPMRSA2048 // Like AES256, with RSA2048 masterkey on TPM. DefaultAlgo = AES256 PickFastest = -1 )
Variables ¶
var ( // Indicates that the ciphertext could not be decrypted. ErrDecryptFailed = errors.New("decryption failed") // Indicates that the plaintext could not be encrypted. ErrEncryptFailed = errors.New("encryption failed") // Indicates an invalid alg value. ErrUnexpectedAlgo = errors.New("unexpected algorithm") )
Functions ¶
Types ¶
type AESKey ¶
type AESKey struct {
// contains filtered or unexported fields
}
AESKey is an encryption key that can be used to encrypt and decrypt data and streams.
func (AESKey) DecryptKey ¶
func (k AESKey) DecryptKey(encryptedKey []byte) (EncryptionKey, error)
DecryptKey decrypts an encrypted key.
func (AESKey) NewKey ¶
func (k AESKey) NewKey() (EncryptionKey, error)
NewKey creates a new encryption key.
func (AESKey) ReadEncryptedKey ¶
func (k AESKey) ReadEncryptedKey(r io.Reader) (EncryptionKey, error)
ReadEncryptedKey reads an encrypted key and decrypts it.
func (AESKey) StartReader ¶
StartReader opens a reader to decrypt a stream of data.
func (AESKey) StartWriter ¶
StartWriter opens a writer to encrypt a stream of data.
type AESMasterKey ¶
type AESMasterKey struct {
*AESKey
}
type AESStreamReader ¶
type AESStreamReader struct {
// contains filtered or unexported fields
}
AESStreamReader decrypts an input stream.
func (*AESStreamReader) Close ¶
func (r *AESStreamReader) Close() error
type AESStreamWriter ¶
type AESStreamWriter struct {
// contains filtered or unexported fields
}
AESStreamWriter encrypts a stream of data.
func (*AESStreamWriter) Close ¶
func (w *AESStreamWriter) Close() (err error)
type Chacha20Poly1305Key ¶
type Chacha20Poly1305Key struct {
// contains filtered or unexported fields
}
Chacha20Poly1305Key is an encryption key that can be used to encrypt and decrypt data and streams.
func (Chacha20Poly1305Key) Decrypt ¶
func (k Chacha20Poly1305Key) Decrypt(data []byte) ([]byte, error)
Decrypt decrypts data that was encrypted with Encrypt and the same key.
func (Chacha20Poly1305Key) DecryptKey ¶
func (k Chacha20Poly1305Key) DecryptKey(encryptedKey []byte) (EncryptionKey, error)
DecryptKey decrypts an encrypted key.
func (Chacha20Poly1305Key) Encrypt ¶
func (k Chacha20Poly1305Key) Encrypt(data []byte) ([]byte, error)
Encrypt encrypts data using the key.
func (Chacha20Poly1305Key) Hash ¶
func (k Chacha20Poly1305Key) Hash(b []byte) []byte
Hash returns the HMAC-SHA256 hash of b.
func (*Chacha20Poly1305Key) Logger ¶
func (k *Chacha20Poly1305Key) Logger() Logger
func (Chacha20Poly1305Key) NewKey ¶
func (k Chacha20Poly1305Key) NewKey() (EncryptionKey, error)
NewKey creates a new encryption key.
func (Chacha20Poly1305Key) ReadEncryptedKey ¶
func (k Chacha20Poly1305Key) ReadEncryptedKey(r io.Reader) (EncryptionKey, error)
ReadEncryptedKey reads an encrypted key and decrypts it.
func (Chacha20Poly1305Key) StartReader ¶
func (k Chacha20Poly1305Key) StartReader(ctx []byte, r io.Reader) (StreamReader, error)
StartReader opens a reader to decrypt a stream of data.
func (Chacha20Poly1305Key) StartWriter ¶
func (k Chacha20Poly1305Key) StartWriter(ctx []byte, w io.Writer) (StreamWriter, error)
StartWriter opens a writer to encrypt a stream of data.
func (*Chacha20Poly1305Key) Wipe ¶
func (k *Chacha20Poly1305Key) Wipe()
Wipe zeros the key material.
func (Chacha20Poly1305Key) WriteEncryptedKey ¶
func (k Chacha20Poly1305Key) WriteEncryptedKey(w io.Writer) error
WriteEncryptedKey writes the encrypted key to the writer.
type Chacha20Poly1305MasterKey ¶
type Chacha20Poly1305MasterKey struct {
*Chacha20Poly1305Key
}
type Chacha20Poly1305StreamReader ¶
type Chacha20Poly1305StreamReader struct {
// contains filtered or unexported fields
}
Chacha20Poly1305StreamReader decrypts an input stream.
func (*Chacha20Poly1305StreamReader) Close ¶
func (r *Chacha20Poly1305StreamReader) Close() error
type Chacha20Poly1305StreamWriter ¶
type Chacha20Poly1305StreamWriter struct {
// contains filtered or unexported fields
}
Chacha20Poly1305StreamWriter encrypts a stream of data.
func (*Chacha20Poly1305StreamWriter) Close ¶
func (w *Chacha20Poly1305StreamWriter) Close() (err error)
type EncryptionKey ¶
type EncryptionKey interface {
Logger() Logger
// Encrypt encrypts data using the key.
Encrypt(data []byte) ([]byte, error)
// Decrypt decrypts data that was encrypted with Encrypt and the same key.
Decrypt(data []byte) ([]byte, error)
// Hash returns a cryptographially secure hash of b.
Hash(b []byte) []byte
// StartReader opens a reader to decrypt a stream of data.
StartReader(ctx []byte, r io.Reader) (StreamReader, error)
// StartWriter opens a writer to encrypt a stream of data.
StartWriter(ctx []byte, w io.Writer) (StreamWriter, error)
// NewKey creates a new encryption key.
NewKey() (EncryptionKey, error)
// DecryptKey decrypts an encrypted key.
DecryptKey(encryptedKey []byte) (EncryptionKey, error)
// ReadEncryptedKey reads an encrypted key and decrypts it.
ReadEncryptedKey(r io.Reader) (EncryptionKey, error)
// WriteEncryptedKey writes the encrypted key to the writer.
WriteEncryptedKey(w io.Writer) error
// Wipe zeros the key material.
Wipe()
}
EncryptionKey is an encryption key that can be used to encrypt and decrypt data and streams.
type Logger ¶
type Logger interface {
Debug(...any)
Debugf(string, ...any)
Info(...any)
Infof(string, ...any)
Error(...any)
Errorf(string, ...any)
Fatal(...any)
Fatalf(string, ...any)
}
Logger is the interface for writing debug logs.
type MasterKey ¶
type MasterKey interface {
EncryptionKey
// Save encrypts the MasterKey with passphrase and saves it to file.
Save(passphrase []byte, file string) error
}
MasterKey is an encryption key that is normally stored on disk encrypted with a passphrase. It is used to create file keys used to encrypt the content of files.
func CreateAESMasterKey ¶
CreateAESMasterKey creates a new master key.
func CreateAESMasterKeyForTest ¶
CreateAESMasterKeyForTest creates a new master key to tests.
func CreateChacha20Poly1305MasterKey ¶
CreateChacha20Poly1305MasterKey creates a new master key.
func CreateChacha20Poly1305MasterKeyForTest ¶
CreateChacha20Poly1305MasterKeyForTest creates a new master key to tests.
func CreateMasterKey ¶
CreateMasterKey creates a new master key.
func ReadAESMasterKey ¶
ReadAESMasterKey reads an encrypted master key from file and decrypts it.
type Option ¶
type Option func(*option)
Option is used to specify the parameters of MasterKey.
func WithStrictWipe ¶
WithStrictWipe specifies whether strict wipe is required. When enabled, keys must be wiped by calling Wipe() when they are no longer needed. Otherwise, program execution will be stopped with a fatal error.
type StreamReader ¶
StreamReader decrypts a stream.
Source Files