saltpack

package
v0.0.48-fix Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 27, 2020 License: MIT Imports: 13 Imported by: 5

README

Saltpack

This package allows you to encrypt/decrypt and sign/verify using Saltpack and EdX25519 keys.

For more details visit keys.pub.

Encrypt

The following example describes how to:

  • Generate an EdX25519 key
  • Encrypt to recipients (Alice and Bob) using Saltpack
import (
    "github.com/keys-pub/keys"
    "github.com/keys-pub/keys/saltpack"
)

...
// Alice
alice := keys.GenerateEdX25519Key()

// Bob
bobID := keys.ID("kex1yy7amjzd5ld3k0uphvyetlz2vd8yy3fky64dut9jdf9qh852f0nsxjgv0m")

message := []byte("hi bob")

// Encrypt using Saltpack from alice to bob (include alice as a recipient too).
sp := saltpack.New(nil)
encrypted, err := sp.EncryptArmored(message, alice.X25519Key(), bobID, alice.ID())
if err != nil {
    log.Fatal(err)
}

fmt.Printf("Encrypted: %s\n", string(encrypted))

Decrypt

The following example decrypts the message from the Encrypt example:

  • Initialize and setup/unlock a Keyring
  • Create a Store
  • Import a EdX25519 key
  • Decrypt and verify a Saltpack message
import (
    "github.com/keys-pub/keys"
    "github.com/keys-pub/keys/keyring"
    "github.com/keys-pub/keys/saltpack"
)

...

// Message from Alice
aliceID := keys.ID("kex1vrpxw9rqmf49kygc7ujjrdlx8lkzaarjc3s24j73xlqxhwvsyx2sw06r82")
encrypted := `BEGIN SALTPACK ENCRYPTED MESSAGE.
kcJn5brvybfNjz6 D5ll2Nk0YusOJBf 9x1CB6V3o7cdMOV ZPenXvEVhLpMBj0 8rJiM2GJTyXbhDn
cGIoczvWtRoxL5r 3EIPrfVqpwhLDke LfCV6YykdYdGwY1 lUfrzkOIUGdeURb HDSwgrTSrcexwj3
ix9Mw1FVXQGBwBV yil8lLyD1q0VFGv KmgJYyARppqQEIF HgAsZq0BJL6Dosz WGrFalmG90QA6PO
avDlwRXMDbjKFvE wQtaBDKXVSBaM9k 0Xu0CfdGUkEICbN vZNV67cGqEz2IiH kr8.
END SALTPACK ENCRYPTED MESSAGE.`

// Bob creates a Keyring and Store
kr, err := keyring.New("BobKeyring")
if err != nil {
    log.Fatal(err)
}
if err := kr.UnlockWithPassword("bobpassword", true); err != nil {
    log.Fatal(err)
}
ks := keys.NewStore(kr)

// Import edx25519 key to bob's Store
kmsg := `BEGIN EDX25519 KEY MESSAGE.
E9zL57KzBY1CIdJ d5tlpnyCIX8R5DB oLswy2g17kbfK4s CwryRUoII3ZNk3l
scLQrPmgNuKi9OK 7ugGoVWBY2n5xbK 7w500Vp2iXo6LAe XZiB06UjUdCoYJv
YjKbul2B61uxTZc waeBgRV91RZoKCn xLQnRhLXE2KC.
END EDX25519 KEY MESSAGE.`
bob, err := keys.DecodeKeyFromSaltpack(kmsg, "password", false)
if err != nil {
    log.Fatal(err)
}
if err := ks.SaveKey(bob); err != nil {
    log.Fatal(err)
}

// Bob decrypts the saltpack message.
sp := saltpack.New(ks)
out, sender, err := sp.DecryptArmored(encrypted)
if err != nil {
    log.Fatal(err)
}

// The sender from Saltpack Decrypt is a X25519 public key, so find the
// corresponding EdX25519 public key.
if sender != nil {
    pk, err := ks.FindEdX25519PublicKey(sender.ID())
    if err != nil {
        log.Fatal(err)
    }
    if pk != nil && pk.ID() == aliceID {
        fmt.Printf("signer is alice\n")
    }
}

fmt.Printf("%s\n", string(out))

Sign

Sign bytes to an armored saltpack message.

import (
    "github.com/keys-pub/keys"
    "github.com/keys-pub/keys/saltpack"
)
...

sp := saltpack.New(nil)

alice := keys.GenerateEdX25519Key()

message := []byte("hi from alice")

sig, err := sp.SignArmored(message, alice)
if err != nil {
    log.Fatal(err)
}
fmt.Printf("%s\n", alice.ID())
fmt.Printf("%s\n", sig)

Verify

Verify a signed saltpack message.

import (
    "github.com/keys-pub/keys"
    "github.com/keys-pub/keys/saltpack"
)
...

sp := saltpack.New(nil)

aliceID := keys.ID("kex1w2jep8dkr2s0g9kx5g6xe3387jslnlj08yactvn8xdtrx4cnypjq9rpnux")
signed := `BEGIN SALTPACK SIGNED MESSAGE.
kXR7VktZdyH7rvq v5wcIkHbs7mPCSd NhKLR9E0K47y29T QkuYinHym6EfZwL
1TwgxI3RQ52fHg5 1FzmLOMghcYLcV7 i0l0ovabGhxGrEl z7WuI4O3xMU5saq
U28RqUnKNroATPO 5rn2YyQcut2SeMn lXJBlDqRv9WyxjG M0PcKvsAsvmid1m
cqA4TCjz5V9VpuO zuIQ55lRQLeP5kU aWFxq5Nl8WsPqlR RdX86OuTbaKUvKI
wdNd6ISacrT0I82 qZ71sc7sTxiMxoI P43uCGaAZZ3Ab62 vR8N6WQPE8.
END SALTPACK SIGNED MESSAGE.`

out, signer, err := sp.VerifyArmored(signed)
if err != nil {
    log.Fatal(err)
}
if signer == aliceID {
    fmt.Printf("signer is alice\n")
}
fmt.Printf("%s\n", string(out))
// Output:
// signer is alice
// hi from alice

Documentation

Overview

Package saltpack integrates keys with Saltpack (saltpack.org).

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

func Decrypt 

func Decrypt(b []byte, ks KeyStore) ([]byte, *keys.X25519PublicKey, error)

Decrypt bytes (using the specified keys). If there was a sender, will return a X25519 key ID.

func DecryptArmored 

func DecryptArmored(str string, ks KeyStore) ([]byte, *keys.X25519PublicKey, error)

DecryptArmored text (using the specified keys). If there was a sender, will return a X25519 key ID.

func Encrypt 

func Encrypt(b []byte, sender *keys.X25519Key, recipients ...keys.ID) ([]byte, error)

Encrypt to recipients. Sender can be nil, if you want it to be anonymous. https://saltpack.org/encryption-format-v2

func EncryptArmored 

func EncryptArmored(b []byte, sender *keys.X25519Key, recipients ...keys.ID) (string, error)

EncryptArmored to recipients. Sender can be nil, if you want it to be anonymous. https://saltpack.org/encryption-format-v2

func NewDecryptArmoredStream 

func NewDecryptArmoredStream(r io.Reader, ks KeyStore) (io.Reader, *keys.X25519PublicKey, error)

NewDecryptArmoredStream creates a decryption stream (using the specified keys). If there was a sender, will return a X25519 key ID.

func NewDecryptStream 

func NewDecryptStream(r io.Reader, ks KeyStore) (io.Reader, *keys.X25519PublicKey, error)

NewDecryptStream creates a decryption stream (using the specified keys). If there was a sender, will return a X25519 key ID.

func NewEncryptArmoredStream 

func NewEncryptArmoredStream(w io.Writer, sender *keys.X25519Key, recipients ...keys.ID) (io.WriteCloser, error)

NewEncryptArmoredStream creates an encrypted armored io.WriteCloser. Sender can be nil, if you want it to be anonymous.

func NewEncryptStream 

func NewEncryptStream(w io.Writer, sender *keys.X25519Key, recipients ...keys.ID) (io.WriteCloser, error)

NewEncryptStream creates an encrypted io.WriteCloser. Sender can be nil, if you want it to be anonymous.

func NewSignArmoredDetachedStream 

func NewSignArmoredDetachedStream(w io.Writer, key *keys.EdX25519Key) (io.WriteCloser, error)

NewSignArmoredDetachedStream ...

func NewSignArmoredStream 

func NewSignArmoredStream(w io.Writer, key *keys.EdX25519Key) (io.WriteCloser, error)

NewSignArmoredStream ...

func NewSignDetachedStream 

func NewSignDetachedStream(w io.Writer, key *keys.EdX25519Key) (io.WriteCloser, error)

NewSignDetachedStream ...

func NewSignStream 

func NewSignStream(w io.Writer, key *keys.EdX25519Key) (io.WriteCloser, error)

NewSignStream ...

func NewSigncryptArmoredOpenStream 

func NewSigncryptArmoredOpenStream(r io.Reader, ks KeyStore) (io.Reader, *keys.EdX25519PublicKey, error)

NewSigncryptArmoredOpenStream ...

func NewSigncryptArmoredStream 

func NewSigncryptArmoredStream(w io.Writer, sender *keys.EdX25519Key, recipients ...keys.ID) (io.WriteCloser, error)

NewSigncryptArmoredStream creates a signcrypt stream.

func NewSigncryptOpenStream 

func NewSigncryptOpenStream(r io.Reader, ks KeyStore) (io.Reader, *keys.EdX25519PublicKey, error)

NewSigncryptOpenStream creates a signcrypt open stream.

func NewSigncryptStream 

func NewSigncryptStream(w io.Writer, sender *keys.EdX25519Key, recipients ...keys.ID) (io.WriteCloser, error)

NewSigncryptStream creates a signcrypt stream.

func NewVerifyArmoredStream 

func NewVerifyArmoredStream(r io.Reader) (io.Reader, keys.ID, error)

NewVerifyArmoredStream ...

func NewVerifyStream 

func NewVerifyStream(r io.Reader) (io.Reader, keys.ID, error)

NewVerifyStream ...

func SetLogger 

func SetLogger(l Logger)

SetLogger sets logger for the package.

func Sign 

func Sign(b []byte, key *keys.EdX25519Key) ([]byte, error)

Sign ...

Example 
package main

import (
	"fmt"
	"log"

	"github.com/keys-pub/keys"
	"github.com/keys-pub/keys/saltpack"
)

func main() {
	alice := keys.GenerateEdX25519Key()

	message := []byte("hi from alice")

	sig, err := saltpack.SignArmored(message, alice)
	if err != nil {
		log.Fatal(err)
	}
	fmt.Printf("%s\n", alice.ID())
	fmt.Printf("%s\n", sig)
}

Output:

func SignArmored 

func SignArmored(b []byte, key *keys.EdX25519Key) (string, error)

SignArmored ...

func SignArmoredDetached 

func SignArmoredDetached(b []byte, key *keys.EdX25519Key) (string, error)

SignArmoredDetached ...

func SignDetached 

func SignDetached(b []byte, key *keys.EdX25519Key) ([]byte, error)

SignDetached ...

Example 
package main

import (
	"fmt"
	"log"

	"github.com/keys-pub/keys"
	"github.com/keys-pub/keys/saltpack"
)

func main() {
	alice := keys.GenerateEdX25519Key()

	message := []byte("hi from alice")

	sig, err := saltpack.SignArmoredDetached(message, alice)
	if err != nil {
		log.Fatal(err)
	}
	fmt.Printf("%s", sig)
}

Output:

func Signcrypt 

func Signcrypt(b []byte, sender *keys.EdX25519Key, recipients ...keys.ID) ([]byte, error)

Signcrypt to recipients. https://saltpack.org/signcryption-format

func SigncryptArmored 

func SigncryptArmored(b []byte, sender *keys.EdX25519Key, recipients ...keys.ID) (string, error)

SigncryptArmored to recipients.

func SigncryptArmoredOpen 

func SigncryptArmoredOpen(str string, ks KeyStore) ([]byte, *keys.EdX25519PublicKey, error)

SigncryptArmoredOpen ...

func SigncryptOpen 

func SigncryptOpen(b []byte, ks KeyStore) ([]byte, *keys.EdX25519PublicKey, error)

SigncryptOpen ...

func StripBefore 

func StripBefore(message string) string

StripBefore removes text before BEGIN.

func Verify 

func Verify(b []byte) ([]byte, keys.ID, error)

Verify ...

Example 
package main

import (
	"fmt"
	"log"

	"github.com/keys-pub/keys"
	"github.com/keys-pub/keys/saltpack"
)

func main() {
	aliceID := keys.ID("kex1w2jep8dkr2s0g9kx5g6xe3387jslnlj08yactvn8xdtrx4cnypjq9rpnux")
	signed := `BEGIN SALTPACK SIGNED MESSAGE. 
	kXR7VktZdyH7rvq v5wcIkHbs7mPCSd NhKLR9E0K47y29T QkuYinHym6EfZwL 
	1TwgxI3RQ52fHg5 1FzmLOMghcYLcV7 i0l0ovabGhxGrEl z7WuI4O3xMU5saq 
	U28RqUnKNroATPO 5rn2YyQcut2SeMn lXJBlDqRv9WyxjG M0PcKvsAsvmid1m 
	cqA4TCjz5V9VpuO zuIQ55lRQLeP5kU aWFxq5Nl8WsPqlR RdX86OuTbaKUvKI 
	wdNd6ISacrT0I82 qZ71sc7sTxiMxoI P43uCGaAZZ3Ab62 vR8N6WQPE8. 
	END SALTPACK SIGNED MESSAGE.`

	out, signer, err := saltpack.VerifyArmored(signed)
	if err != nil {
		log.Fatal(err)
	}
	if signer == aliceID {
		fmt.Printf("signer is alice\n")
	}
	fmt.Printf("%s\n", string(out))
}

Output:

signer is alice
hi from alice

func VerifyArmored 

func VerifyArmored(msg string) ([]byte, keys.ID, error)

VerifyArmored ...

func VerifyArmoredDetached 

func VerifyArmoredDetached(sig string, b []byte) (keys.ID, error)

VerifyArmoredDetached ...

func VerifyArmoredDetachedReader 

func VerifyArmoredDetachedReader(sig string, r io.Reader) (keys.ID, error)

VerifyArmoredDetachedReader ...

func VerifyDetached 

func VerifyDetached(sig []byte, b []byte) (keys.ID, error)

VerifyDetached ...

func VerifyDetachedReader 

func VerifyDetachedReader(sig []byte, r io.Reader) (keys.ID, error)

VerifyDetachedReader ...

Types

type ContextLogger 

type ContextLogger interface {
	Debugf(ctx context.Context, format string, args ...interface{})
	Infof(ctx context.Context, format string, args ...interface{})
	Warningf(ctx context.Context, format string, args ...interface{})
	Errorf(ctx context.Context, format string, args ...interface{})
}

ContextLogger interface used in this package with request context.

func NewContextLogger 

func NewContextLogger(lev LogLevel) ContextLogger

NewContextLogger ...

type KeyStore 

type KeyStore interface {
	X25519Keys() ([]*keys.X25519Key, error)
}

KeyStore for Saltpack keys.

func NewKeyStore 

func NewKeyStore(keys ...keys.Key) KeyStore

NewKeyStore creates store for keys.

type LogLevel 

type LogLevel int

LogLevel ... 

const (
	// DebugLevel ...
	DebugLevel LogLevel = 3
	// InfoLevel ...
	InfoLevel LogLevel = 2
	// WarnLevel ...
	WarnLevel LogLevel = 1
	// ErrLevel ...
	ErrLevel LogLevel = 0
)

type Logger 

type Logger interface {
	Debugf(format string, args ...interface{})
	Infof(format string, args ...interface{})
	Warningf(format string, args ...interface{})
	Errorf(format string, args ...interface{})
}

Logger interface used in this package.

func NewLogger 

func NewLogger(lev LogLevel) Logger

NewLogger ...

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.