README
¶
keyfile
The keyfile package provides an interface to read and write encryption keys
and other sensitive secrets in a persistent format protected by a passphrase.
The passphrase is expanded to an encryption key using the scrypt algorithm, and
used to symmetrically encrypt key material with AES-256.
Documentation
¶
Overview ¶
Package keyfile provides an interface to read and write secret keys in a persistent format protected by a passphrase.
Each secret is stored in a keypb.Keyfile protocol buffer message, inside which the secret is encrypted with AES-256 in CTR mode. The encryption key is derived from a user passphrase using the scrypt algorithm.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrBadPassphrase is reported when a passphrase decrypt a key. ErrBadPassphrase = errors.New("invalid passphrase") // ErrNoKey is reported by Get when the keyfile has no key. ErrNoKey = errors.New("no key is present") // ErrBadPacket is reported when parsing an invalid keyfile packet. ErrBadPacket = errors.New("parse: invalid packet format") )
Functions ¶
Types ¶
type File ¶
type File struct {
Init []byte // initialization vector
Salt []byte // key-generation salt
// contains filtered or unexported fields
}
A File represents a keyfile.
func (*File) Encode ¶ added in v0.4.1
Encode encodes f in binary format for storage, such that keyfile.Parse(f.Encode()) is equivalent to f.
func (*File) Get ¶
Get decrypts and returns the key from f using the given passphrase. It returns ErrBadPassphrase if the key cannot be decrypted. It returns ErrNoKey if f is empty.
func (*File) Random ¶
Random generates a random secret with the given length, encrypts it with the passphrase, and stores it in f, replacing any previous data. The generated secret is returned. It is an error if nbytes <= 0.
Source Files
Directories