README
¶
keyfile
http://godoc.org/github.com/creachadair/keyfile
The keyfile package provides an interface to read and write encryption keys
and other sensitive secrets in a persistent format protected by a passphrase.
The passphrase is expanded to an encryption key using the scrypt algorithm, and
used to symmetrically encrypt key material with AES-256.
Documentation
¶
Overview ¶
Package keyfile provides an interface to read and write encryption keys and other secrets in a persistent format protected by a passphrase. Each secret is labelled with non-secret slug string that can be used as a handle to identify the secret.
Secrets are stored in a keypb.Keyfile protocol buffer message, inside which each key is encrypted with AES-256 in CTR mode. The storage encryption key is derived from a user passphrase using the scrypt algorithm.
Index ¶
- Variables
- func LoadKey(path, slug, passphrase string) ([]byte, error)
- func LoadKeyJSON(path, slug, passphrase string) ([]byte, error)
- type File
- func (f *File) Get(slug, passphrase string) ([]byte, error)
- func (f *File) Has(slug string) bool
- func (f *File) Proto() *keypb.Keyfile
- func (f *File) Random(slug, passphrase string, nbytes int) ([]byte, error)
- func (f *File) Remove(slug string) bool
- func (f *File) Set(slug, passphrase string, secret []byte) error
- func (f *File) Slugs() []string
- func (f *File) WriteJSON(w io.Writer) error
- func (f *File) WriteTo(w io.Writer) (int64, error)
Constants ¶
This section is empty.
Variables ¶
var ( // ErrNoSuchKey is reported when requesting an unknown key slug. ErrNoSuchKey = xerrors.New("no matching key") // ErrBadPassphrase is reported when a passphrase decrypt a key. ErrBadPassphrase = xerrors.New("invalid passphrase") )
Functions ¶
func LoadKey ¶
LoadKey is a convenience function to load the contents of a single key from a stored binary-format keyfile.
func LoadKeyJSON ¶
LoadKeyJSON is a convenience function to load the contents of a single key from a stored JSON-encoded keyfile.
Types ¶
type File ¶
type File struct {
// contains filtered or unexported fields
}
A File represents a collection of keys.
func Clone ¶
Clone creates a file that encapsulates a deep copy of m. Changes to m do not affect the file and vice versa.
func Load ¶
Load loads a file encrypted with the given passphrase from r. The input must be a wire-format keypb.Keyfile message.
func LoadJSON ¶
LoadJSON loads a file encrypted with the given passphrase from r. The input must be a JSON-encoded keypb.Keyfile message.
func (*File) Get ¶
Get locates the key with the specified slug and decrypts it with the passphrase. It reports ErrNoSuchKey if no such key exists in f. It reports ErrBadPassphrase if they key cannot be decrypted.
func (*File) Proto ¶
Proto returns a keypb.Keyfile message representing the current state of f. Subsequent changes to f do not affect the message, nor vice versa.
func (*File) Random ¶
Random generates a random secret with the given length, encrypts it with the passphrase, and stores it under the given slug. Any existing value for that slug is replaced. The generated secret is returned.
func (*File) Remove ¶
Remove removes the key associated with the given slug if it is present, and reports whether anything was removed.
func (*File) Set ¶
Set encrypts the secret with the passphrase and stores it under the given slug. If the slug already exists, its contents are replaced; otherwise, a new key is added.
Source Files
Directories