secret

package

v0.0.0-...-63fc286 Latest Latest Go to latest Published: Aug 29, 2024 License: BSD-3-Clause, ISC Imports: 5 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/kisom/cryptutils

Links

Open Source Insights

Documentation ¶

Overview ¶

Package secret contains utilities for encrypting and decrypting data with secret keys; it is aimed primarily at password-based encryption. Encryption keys are typically derived from Scrypt (using 32768, 8, and 4 as the parameters) to obtain a key suitable for use with NaCl's secretbox (XSalsa20 and Poly1305).

Index ¶

Constants
func Decrypt(key *[KeySize]byte, in []byte) ([]byte, bool)
func DecryptFile(filename string, passphrase []byte) (data []byte, err error)
func DeriveKey(passphrase []byte, salt []byte) *[KeySize]byte
func DeriveKeyStrength(passphrase []byte, salt []byte, m ScryptMode) *[KeySize]byte
func Encrypt(key *[KeySize]byte, in []byte) ([]byte, bool)
func EncryptFile(filename string, passphrase, encoded []byte) (err error)
func GenerateKey() *[KeySize]byte
type ScryptMode

Constants ¶

View Source

const (
	KeySize  = 32
	SaltSize = 32
)

KeySize contains the size (in bytes) of a NaCl secretbox key.

Variables ¶

This section is empty.

Functions ¶

func Decrypt ¶

func Decrypt(key *[KeySize]byte, in []byte) ([]byte, bool)

Decrypt extracts the nonce from the ciphertext, and attempts to decrypt with NaCl's secretbox.

func DecryptFile ¶

func DecryptFile(filename string, passphrase []byte) (data []byte, err error)

DecryptFile recovers a secured blob from a file, returning a byte slice for parsing by the caller.

func DeriveKey ¶

func DeriveKey(passphrase []byte, salt []byte) *[KeySize]byte

DeriveKey applies Scrypt with very strong parameters to generate an encryption key from a passphrase and salt.

func DeriveKeyStrength ¶

func DeriveKeyStrength(passphrase []byte, salt []byte, m ScryptMode) *[KeySize]byte

DeriveKeyStrength applies Scrypt using the given work parameters to generate an encryption key from a passphrase and salt.

func Encrypt ¶

func Encrypt(key *[KeySize]byte, in []byte) ([]byte, bool)

Encrypt generates a random nonce and encrypts the input using NaCl's secretbox package. The nonce is prepended to the ciphertext.

func EncryptFile ¶

func EncryptFile(filename string, passphrase, encoded []byte) (err error)

EncryptFile securely stores the encoded blob under the filename.

func GenerateKey ¶

func GenerateKey() *[KeySize]byte

GenerateKey returns a randomly generated secretbox key. Typically, you should use DeriveKey to get a key from a passphrase instead. Returns nil on failure.

Types ¶

type ScryptMode ¶

type ScryptMode int

ScryptMode represents the work factor to be used for passphrases.

const (
	// ScryptStandard mode uses N=2^20, r=8, p=2
	ScryptStandard ScryptMode = iota
	// ScryptInteractive mode uses N=2^14, r=8, p=1
	ScryptInteractive
)

Source Files ¶

View all Source files

crypto.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL