Documentation ¶
Index ¶
- Variables
- type EncryptedFile
- func (ef *EncryptedFile) Decrypt(ciphertext []byte) ([]byte, error)deprecated
- func (ef *EncryptedFile) DecryptInPlace(data []byte) error
- func (ef *EncryptedFile) DecryptStream(reader io.Reader) io.ReadCloser
- func (ef *EncryptedFile) Encrypt(plaintext []byte) []bytedeprecated
- func (ef *EncryptedFile) EncryptInPlace(data []byte)
- func (ef *EncryptedFile) EncryptStream(reader io.Reader) io.ReadCloser
- func (ef *EncryptedFile) PrepareForDecryption() error
- type EncryptedFileHashes
- type JSONWebKey
Constants ¶
This section is empty.
Variables ¶
var ( HashMismatch = errors.New("mismatching SHA-256 digest") UnsupportedVersion = errors.New("unsupported Matrix file encryption version") UnsupportedAlgorithm = errors.New("unsupported JWK encryption algorithm") InvalidKey = errors.New("failed to decode key") InvalidInitVector = errors.New("failed to decode initialization vector") InvalidHash = errors.New("failed to decode SHA-256 hash") ReaderClosed = errors.New("encrypting reader was already closed") )
Functions ¶
This section is empty.
Types ¶
type EncryptedFile ¶
type EncryptedFile struct { Key JSONWebKey `json:"key"` InitVector string `json:"iv"` Hashes EncryptedFileHashes `json:"hashes"` Version string `json:"v"` // contains filtered or unexported fields }
func NewEncryptedFile ¶
func NewEncryptedFile() *EncryptedFile
func (*EncryptedFile) Decrypt
deprecated
func (ef *EncryptedFile) Decrypt(ciphertext []byte) ([]byte, error)
Decrypt decrypts the given data and returns the plaintext.
Deprecated: this makes a copy for the plaintext data, which means 2x memory usage. DecryptInPlace is recommended.
func (*EncryptedFile) DecryptInPlace ¶
func (ef *EncryptedFile) DecryptInPlace(data []byte) error
DecryptInPlace decrypts the given data in-place (i.e. the provided data is overridden with the plaintext).
func (*EncryptedFile) DecryptStream ¶
func (ef *EncryptedFile) DecryptStream(reader io.Reader) io.ReadCloser
DecryptStream wraps the given io.Reader in order to decrypt the data.
The first Read call will check the algorithm and decode keys, so it might return an error before actually reading anything. If you want to validate the file before opening the stream, call PrepareForDecryption manually and check for errors.
The Close call will validate the hash and return an error if it doesn't match. In this case, the written data should be considered compromised and should not be used further.
func (*EncryptedFile) Encrypt
deprecated
func (ef *EncryptedFile) Encrypt(plaintext []byte) []byte
Encrypt encrypts the given data, updates the SHA256 hash in the EncryptedFile struct and returns the ciphertext.
Deprecated: this makes a copy for the ciphertext, which means 2x memory usage. EncryptInPlace is recommended.
func (*EncryptedFile) EncryptInPlace ¶
func (ef *EncryptedFile) EncryptInPlace(data []byte)
EncryptInPlace encrypts the given data in-place (i.e. the provided data is overridden with the ciphertext) and updates the SHA256 hash in the EncryptedFile struct.
func (*EncryptedFile) EncryptStream ¶
func (ef *EncryptedFile) EncryptStream(reader io.Reader) io.ReadCloser
EncryptStream wraps the given io.Reader in order to encrypt the data.
The Close() method of the returned io.ReadCloser must be called for the SHA256 hash in the EncryptedFile struct to be updated. The metadata is not valid before the hash is filled.
func (*EncryptedFile) PrepareForDecryption ¶
func (ef *EncryptedFile) PrepareForDecryption() error
PrepareForDecryption checks that the version and algorithm are supported and decodes the base64 keys
DecryptStream will call this with the first Read() call if this hasn't been called manually.
DecryptInPlace will always call this automatically, so calling this manually is not necessary when using that function.
type EncryptedFileHashes ¶
type EncryptedFileHashes struct {
SHA256 string `json:"sha256"`
}