Documentation
¶
Overview ¶
Package public contains utilities for public key encryption with Curve25519 and digital signatures with Ed25519.
Index ¶
- Constants
- Variables
- func Decrypt(priv *PrivateKey, enc []byte) (message []byte, ok bool)
- func DecryptAndVerify(priv *PrivateKey, pub *PublicKey, enc []byte) ([]byte, bool)
- func Encrypt(pub *PublicKey, message []byte) (out []byte, ok bool)
- func EncryptAndSign(priv *PrivateKey, pub *PublicKey, message []byte) ([]byte, bool)
- func ExportPrivate(priv *PrivateKey, passphrase []byte) ([]byte, error)
- func KeyExchange(priv *PrivateKey, peer *PublicKey) []byte
- func LockKey(priv *PrivateKey, passphrase []byte) ([]byte, bool)
- func MarshalPrivate(priv *PrivateKey) ([]byte, error)
- func MarshalPublic(pub *PublicKey) ([]byte, error)
- func Sign(priv *PrivateKey, message []byte) ([]byte, bool)
- func Verify(pub *PublicKey, message []byte, sig []byte) bool
- type PrivateKey
- type PublicKey
Constants ¶
const ( PrivateType = "CRYPTUTIL PRIVATE KEY" PublicType = "CRYPTUTIL PUBLIC KEY" EncryptedType = "CRYPTUTIL ENCRYPTED MESSAGE" SignatureType = "CRYPTUTIL SIGNATURE" SignedAndEncryptedType = "CRYPTUTIL SIGNED AND ENCRYPTED MESSAGE" )
These types are used in PEM-encoded keys.
Variables ¶
var ( ErrCorruptPrivateKey = errors.New("public: private key is corrupt") ErrCorruptPublicKey = errors.New("public: public key is corrupt") )
These errors are used to signal invalid public and private keys.
Functions ¶
func Decrypt ¶
func Decrypt(priv *PrivateKey, enc []byte) (message []byte, ok bool)
Decrypt opens the secured message using the private key.
func DecryptAndVerify ¶
func DecryptAndVerify(priv *PrivateKey, pub *PublicKey, enc []byte) ([]byte, bool)
DecryptAndVerify decrypts the message and verifies its signature.
func Encrypt ¶
Encrypt generates an ephemeral curve25519 key pair and encrypts a new message to the peer's public key.
func EncryptAndSign ¶
func EncryptAndSign(priv *PrivateKey, pub *PublicKey, message []byte) ([]byte, bool)
EncryptAndSign signs the message with the private key, then encrypts it to the peer's public key.
func ExportPrivate ¶
func ExportPrivate(priv *PrivateKey, passphrase []byte) ([]byte, error)
ExportPrivate PEM-encodes the locked private key. The private key is secured with the passphrase using LockKey.
func KeyExchange ¶
func KeyExchange(priv *PrivateKey, peer *PublicKey) []byte
KeyExchange performs an ECDH key exchange with the private and public key pairs.
func LockKey ¶
func LockKey(priv *PrivateKey, passphrase []byte) ([]byte, bool)
LockKey secures the private key with the passphrase, using Scrypt and NaCl's secretbox.
func MarshalPrivate ¶
func MarshalPrivate(priv *PrivateKey) ([]byte, error)
MarshalPrivate serialises a private key into a byte slice. If the key is invalid, a corrupt key error is returned.
func MarshalPublic ¶
MarshalPublic serialises a public key into a byte slice.
Types ¶
type PrivateKey ¶
type PrivateKey struct {
D *[32]byte // Decryption key (encryption private key).
S *[64]byte // Signature key (signing private key).
*PublicKey
}
A PrivateKey contains both encryption and signing keys.
func GenerateKey ¶
func GenerateKey() (*PrivateKey, error)
GenerateKey creates a new set of encryption and signature keys using the operating system's random number generator.
func ImportPrivate ¶
func ImportPrivate(enc, passphrase []byte) (*PrivateKey, error)
ImportPrivate parses a PEM-encoded private key. UnlockKey is called on the contents of the PEM-encoded file.
func UnlockKey ¶
func UnlockKey(locked, passphrase []byte) (*PrivateKey, bool)
UnlockKey recovers the secured private key with the passphrase.
func UnmarshalPrivate ¶
func UnmarshalPrivate(in []byte) (*PrivateKey, error)
UnmarshalPrivate parses a byte slice into a private key.
func (*PrivateKey) Valid ¶
func (priv *PrivateKey) Valid() bool
Valid runs checks to make sure the private key is valid.
func (*PrivateKey) Zero ¶
func (priv *PrivateKey) Zero()
Zero clears out the private key. The public key components will remain intact.
Source Files