keyfile

package module
v0.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 10, 2020 License: MIT Imports: 13 Imported by: 1

README

keyfile

GoDoc Go Report Card

The keyfile package provides an interface to read and write encryption keys and other sensitive secrets in a persistent format protected by a passphrase. The passphrase is expanded to an encryption key using the scrypt algorithm, and used to symmetrically encrypt key material with AES-256.

Documentation

Overview

Package keyfile provides an interface to read and write secret keys in a persistent format protected by a passphrase.

Each secret is stored in a keypb.Keyfile protocol buffer message, inside which the secret is encrypted with AES-256 in CTR mode. The encryption key is derived from a user passphrase using the scrypt algorithm.

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrBadPassphrase is reported when a passphrase decrypt a key.
	ErrBadPassphrase = errors.New("invalid passphrase")

	// ErrNoKey is reported by Get when the keyfile has no key.
	ErrNoKey = errors.New("no key is present")
)

Functions

func LoadKey 

func LoadKey(path, passphrase string) ([]byte, error)

LoadKey is a convenience function to load the contents of a single key from a stored binary-format keyfile.

Types

type File 

type File struct {
	*keypb.Keyfile
}

A File represents a keyfile.

func Load 

func Load(r io.Reader) (*File, error)

Load loads a wire-format Keyfile protobuf message from r

func New 

func New() *File

New creates a new empty keyfile.

func (*File) Get 

func (f *File) Get(passphrase string) ([]byte, error)

Get decrypts and returns the key from f using the given passphrase. It returns ErrBadPassphrase if the key cannot be decrypted. It returns ErrNoKey if f is empty.

func (*File) Random 

func (f *File) Random(passphrase string, nbytes int) ([]byte, error)

Random generates a random secret with the given length, encrypts it with the passphrase, and stores it in f, replacing any previous data. The generated secret is returned. It is an error if nbytes <= 0.

func (*File) Set 

func (f *File) Set(passphrase string, secret []byte) error

Set encrypts the secret with the passphrase and stores it in f, replacing any previous data.

func (*File) WriteTo 

func (f *File) WriteTo(w io.Writer) (int64, error)

WriteTo encodes f to the specified w in protobuf wire format.

Source Files

View all Source files

Directories

Path Synopsis
Package keypb defines a storage format for an encrypted key file.
 Package keypb defines a storage format for an encrypted key file.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.