arcsek

package module
v0.0.0-...-01ac420 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 2, 2019 License: MIT Imports: 10 Imported by: 0

README

Arcsek. Archive Secretly

A package for creating anecrypted archives using gzip compression. I thought it look cooler with a k at the end

The purpose of this package/library is to allow the creation of encrypted archives composed of many, probably large, files (like images or video). It takes care of not loading the whole files in memory since they can be very large and we might run out of memory.

Testing and large files

You can test this package as any other Go package/module by using go test. The tests are configured to use every file in the testing-files/in directory. You can add large files there and they will be taken into account.

Testing with limited memory

What I did to test if the package works with limited memory was to open 10 chrome tabs in a variety of sites and then place a pair of 4k videos in testing-files/in which together are around 2 GB long, and I edited the project on GoLand (based in IntelliJ) which itself uses some amount of memory. This way I made sure the files are not been held in memory and it works for large amounts of data.

Known issues

The packages relies on temporal files instead of memory in order to not consume the whole ram when encrypting large folders. The files are eventually deleted whe calling the Close() function. This might open the library to side channel attacks when the archive is being created. Whoever, that does not affect the resulting archive if it is transfered to another locatin (like a USB drive for instance)

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DecryptVault

func DecryptVault(er io.Reader, key []byte) (*sio.DecReader, error)

DecryptVault receives an io.Reader that contains an encrypted content and it's nonce at the start of it.

If the key is not 128, 192 or 256 bits long it will cause an error. If the data cannot be authenticated it will also return an error

func NewTarReaderNonce

func NewTarReaderNonce(enc io.Reader, key []byte) (*tar.Reader, error)

NewTarReaderNonce receives an encrypted stream of data that starts with a nonce and a key to decrypt and authenticate it. Then it uses it to create a tar.gz reader from which you can exract files

Types

type VaultReader

type VaultReader struct {
	*sio.EncReader

	Nonce []byte
	// contains filtered or unexported fields
}

VaultReader is amazing :D

but also implements io.Closer by deleting the underlying temporal clean file. It also stores the nonce if you need to use it later

It is important to close the vault in order to prevent the retrieval of the plain data from the temporal dir.

func NewVaultReader

func NewVaultReader(files []string, key []byte) (*VaultReader, error)

NewVaultReader creates a new Vault reader by packaging the specified files and encrypted the archive with the specified key.

It will use AES 128, 192 or 256 depending on the length of the key. If a key of different length is provided, it will return an error.

It is important that you close this reader after you are done with it to delete any plain data that might be left

func (*VaultReader) Close

func (v *VaultReader) Close() error

Close errases the underlying tempora file to prevent it's retrieval by an attacker and save disk space

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL