goeznacl

package module
v0.0.0-...-6aa3336 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 17, 2022 License: MIT Imports: 15 Imported by: 9

README

goeznacl

goeznacl is an MIT-licensed Go library for making work with cryptography easier by providing an easy-to-use wrapper around the NaCl implementation provided in the Go main libraries.

Description

Cryptography is really hard. Any code which implements it is equally hard. Anything which touches the implementation code isn't much easier. This library came from a need to work with crypto keys over a text-based protocol. It had the added benefit of easing debugging code which interacts with cryptography. The library as a whole should be considered beta, but is progressing toward maturity fairly quickly.

A new data type, CryptoString, is used heavily when interacting with this library. In short, CryptoStrings are Base85-encoded hashes or crypto keys with an algorithm name prepended and a colon separating the two. Debugging is much easier using this library. Work with the other classes, such as SecretKey, PublicKey, and so on is fairly straightforward and should be obvious from reading the sources.

Please don't use this code to place important crypto keys in your code or embed backdoors. No one needs that kind of drama.

Usage

The code is heavily commented, the file is short, and usage should be pretty obvious. Nevertheless, here is an example:

import "crypto/rand"
import "github.com/darkwyrm/goeznacl"


func GenerateSecretKey() goeznacl.CryptoString {
	
	keyBytes := make([]byte, 32)
	rand.Read(keyBytes)

	return goeznacl.NewCSFromBytes("XSALSA20", keyBytes)
}

To interact with the actual key generated in the above example, the RawData() method is called. Although the internal representation of the object is accessible from the outside to permit special cases, direct interaction with the Prefix and Data properties is not recommended.

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ErrDecryptionFailure = errors.New("decryption failure")
View Source 
var ErrInvalidCS = errors.New("invalid cryptostring")
View Source 
var ErrUnsupportedAlgorithm = errors.New("unsupported algorithm")
View Source 
var ErrVerificationFailure = errors.New("verification failure")

Functions

func CheckHash 

func CheckHash(hash CryptoString, data []byte) (bool, error)

CheckHash generates a CryptoString hash of the supplied data

func HashPassword 

func HashPassword(password string, extra_strong bool) string

HashPassword turns a string into an Argon2 password hash. Set extra_strong to true if you're feeling particularly paranoid.

func IsArgonHash 

func IsArgonHash(hashstr string) (bool, error)

IsArgonHash checks to see if the string passed is an Argon2id password hash

func VerifyPasswordHash 

func VerifyPasswordHash(password string, hashPass string) (bool, error)

VerifyPasswordHash takes a password and the Argon2 hash to verify against, gets the parameters from the hash, applies them to the supplied password, and returns whether or not they match and if something went wrong

Types

type CryptoKey 

type CryptoKey interface {
	GetEncryptionType() string
	GetType() string
}

CryptoKey is a baseline interface to the different kinds of keys defined in this module

type CryptoString 

type CryptoString struct {
	Prefix string
	Data   string
}

func GetHash 

func GetHash(algorithm string, data []byte) (CryptoString, error)

GetHash generates a CryptoString hash of the supplied data

func NewCS 

func NewCS(str string) CryptoString

New is just syntactic sugar for generating a quickie CryptoString from a string

func NewCSFromBytes 

func NewCSFromBytes(algorithm string, buffer []byte) CryptoString

NewFromBytes creates a CryptoString object from an algorithm and buffer of data. The new instance makes a copy of the data buffer passed to it

func (*CryptoString) AsBytes 

func (cs *CryptoString) AsBytes() []byte

AsBytes returns the CryptoString as a byte array

func (*CryptoString) AsString 

func (cs *CryptoString) AsString() string

AsString returns the state of the object as a CryptoString-formatted string

func (*CryptoString) IsValid 

func (cs *CryptoString) IsValid() bool

IsValid checks the internal data and returns True if it is valid

func (*CryptoString) MakeEmpty 

func (cs *CryptoString) MakeEmpty()

MakeEmpty returns the object to an uninitialized state

func (*CryptoString) RawData 

func (cs *CryptoString) RawData() []byte

RawData returns the data of the object as a series of bytes. In the event of an error, nil is returned

func (*CryptoString) Set 

func (cs *CryptoString) Set(str string) error

Set takes a CryptoString-formatted string and sets the object to it.

func (*CryptoString) SetFromBytes 

func (cs *CryptoString) SetFromBytes(algorithm string, buffer []byte) error

SetFromBytes assigns an algorithm and the associated data to the object. The caller retains ownership of the underlying data passed to it.

type DecryptorKey 

type DecryptorKey interface {
	Decrypt(data string) ([]byte, error)
}

type EncryptionKey 

type EncryptionKey struct {
	PublicHash CryptoString
	PublicKey  CryptoString
}

EncryptionKey is like EncryptionPair, but is just used for encryption and is equivalent to just the public key

func NewEncryptionKey 

func NewEncryptionKey(pubkey CryptoString) *EncryptionKey

NewEncryptionKey creates a new EncryptionKey object from a CryptoString of the public key

func (EncryptionKey) Encrypt 

func (ekey EncryptionKey) Encrypt(data []byte) (string, error)

Encrypt encrypts a byte slice using the internal public key. It returns the resulting encrypted data as a Base85-encoded string that amounts to a CryptoString without the prefix.

func (EncryptionKey) GetEncryptionType 

func (ekey EncryptionKey) GetEncryptionType() string

GetEncryptionType returns the algorithm used by the key

func (EncryptionKey) GetType 

func (ekey EncryptionKey) GetType() string

GetType returns the type of key -- asymmetric or symmetric

func (*EncryptionKey) Set 

func (ekey *EncryptionKey) Set(pubkey CryptoString) error

Set assigns a CryptoString to the instance

type EncryptionPair 

type EncryptionPair struct {
	PublicHash  CryptoString
	PrivateHash CryptoString
	PublicKey   CryptoString
	PrivateKey  CryptoString
}

EncryptionPair defines a pair of asymmetric encryption keys

func GenerateEncryptionPair 

func GenerateEncryptionPair() (*EncryptionPair, error)

Generate creates a new EncryptionPair instance with a brand new set of keys

func NewEncryptionPair 

func NewEncryptionPair(pubkey CryptoString, privkey CryptoString) *EncryptionPair

NewEncryptionPair creates a new EncryptionPair object from two CryptoString objects

func (EncryptionPair) Decrypt 

func (kpair EncryptionPair) Decrypt(data string) ([]byte, error)

Decrypt decrypts a string of encrypted data which is Base85 encoded using the internal private key.

func (EncryptionPair) Encrypt 

func (kpair EncryptionPair) Encrypt(data []byte) (string, error)

Encrypt encrypts a byte slice using the internal public key. It returns the resulting encrypted data as a Base85-encoded string that amounts to a CryptoString without the prefix.

func (EncryptionPair) GetEncryptionType 

func (kpair EncryptionPair) GetEncryptionType() string

GetEncryptionType returns the algorithm used by the key

func (EncryptionPair) GetType 

func (kpair EncryptionPair) GetType() string

GetType returns the type of key -- asymmetric or symmetric

func (*EncryptionPair) Set 

func (kpair *EncryptionPair) Set(pubkey CryptoString,
	privkey CryptoString) error

Set assigns a pair of CryptoString values to the EncryptionPair

type EncryptorKey 

type EncryptorKey interface {
	Encrypt(data []byte) (string, error)
}

type SecretKey 

type SecretKey struct {
	Hash CryptoString
	Key  CryptoString
}

SecretKey defines a symmetric encryption key

func GenerateSecretKey 

func GenerateSecretKey() *SecretKey

GenerateSecretKey creates a new SecretKey object with a randomly-generated key using a cryptographically safe method

func NewSecretKey 

func NewSecretKey(keyString CryptoString) *SecretKey

NewSecretKey creates a new NewSecretKey object from a CryptoString of the key

func (SecretKey) Decrypt 

func (key SecretKey) Decrypt(data string) ([]byte, error)

Decrypt decrypts a string of encrypted data which is Base85 encoded using the internal key.

func (SecretKey) Encrypt 

func (key SecretKey) Encrypt(data []byte) (string, error)

Encrypt encrypts a byte slice using the internal key. It returns the resulting encrypted data as a Base85-encoded string that amounts to a CryptoString without the prefix.

func (SecretKey) GetEncryptionType 

func (key SecretKey) GetEncryptionType() string

GetEncryptionType returns the algorithm used by the key

func (SecretKey) GetType 

func (key SecretKey) GetType() string

GetType returns the type of key -- asymmetric or symmetric

func (*SecretKey) Set 

func (key *SecretKey) Set(keyString CryptoString) error

Set assigns a CryptoString value to the SecretKey

type SigningPair 

type SigningPair struct {
	PublicHash  CryptoString
	PrivateHash CryptoString
	PublicKey   CryptoString
	PrivateKey  CryptoString
}

SigningPair defines an asymmetric signing key pair

func GenerateSigningPair 

func GenerateSigningPair() (*SigningPair, error)

GenerateSigningPair creates a new instance with a randomly-generated key pair

func NewSigningPair 

func NewSigningPair(pubkey CryptoString,
	privkey CryptoString) *SigningPair

NewSigningPair creates a new SigningPair object from two CryptoString objects

func (SigningPair) GetEncryptionType 

func (spair SigningPair) GetEncryptionType() string

GetEncryptionType returns the algorithm used by the key

func (SigningPair) GetType 

func (spair SigningPair) GetType() string

GetType returns the type of key -- asymmetric or symmetric

func (*SigningPair) Set 

func (spair *SigningPair) Set(pubkey CryptoString,
	privkey CryptoString) error

Set assigns a pair of CryptoString values to the SigningPair

func (SigningPair) Sign 

func (spair SigningPair) Sign(data []byte) (CryptoString, error)

Sign cryptographically signs a byte slice.

func (SigningPair) Verify 

func (spair SigningPair) Verify(data []byte, signature CryptoString) (bool, error)

Verify uses the internal verification key with the passed data and signature and returns true if the signature has verified the data with that key.

type VerificationKey 

type VerificationKey struct {
	PublicHash CryptoString
	// contains filtered or unexported fields
}

VerificationKey is an object to represent just a verification key, not a key pair

func NewVerificationKey 

func NewVerificationKey(key CryptoString) *VerificationKey

NewVerificationKey creates a new verification key from a CryptoString

func (VerificationKey) GetEncryptionType 

func (vkey VerificationKey) GetEncryptionType() string

GetEncryptionType returns the algorithm used by the key

func (VerificationKey) GetType 

func (vkey VerificationKey) GetType() string

GetType returns the type of key -- asymmetric or symmetric

func (*VerificationKey) Set 

func (vkey *VerificationKey) Set(key CryptoString) error

Set assigns a CryptoString value to the key

func (VerificationKey) Verify 

func (vkey VerificationKey) Verify(data []byte, signature CryptoString) (bool, error)

Verify uses the internal verification key with the passed data and signature and returns true if the signature has verified the data with that key.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.