secure

package
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 4, 2022 License: GPL-3.0 Imports: 10 Imported by: 0

Documentation

Overview

Package secure provides encryption and decryption functions.

Encryption implementation

"Salt" is a fixed 256 byte array of pseudo-random values, taken from /dev/urandom.

Encryption key is a 256-bit value (32 bytes).

Encryption key is derived in the following manner:

  1. Repeat bytes of the passphrase to form 32 bytes of the Key
  2. Take the first byte of the passphrase and use it for the value of Offset in the Salt array.
  3. For each byte of the key, and `i` being the counter: - `Key[i] ^= Salt[(Offset+i)%Key_length]

Then the plain text is encrypted with the Key using AES-256 in GCM and signed together with additional data.

Then additional data, nonce and ciphertext are packed into the following sequence of bytes: 

|_|__...__|_________|__...__|
 ^    ^        ^        ^
 |    |        |        +- ciphertext, n bytes.
 |    |        +---------- nonce, (nonceSz bytes)
 |    +------------------- additinal data, m bytes, (maxDataSz bytes),
 +------------------------ additional data length value (adlSz bytes).

After this, packed byte sequence is armoured with base64 and the signature prefix added to it to distinct it from the plain text.

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrNotEncrypted    = errors.New("string not encrypted")
	ErrNoEncryptionKey = errors.New("no encryption gKey")
	ErrDataOverflow    = errors.New("additional data overflow")
	ErrInvalidKeySz    = errors.New("invalid Key size")
)

Functions

func Decrypt 

func Decrypt(s string) (string, error)

Decrypt attempts to decrypt the string and return the password. In case s is not an encrypted string, ErrNotEncrypted returned along with original string.

func DecryptWithPassphrase 

func DecryptWithPassphrase(s string, passphrase []byte) (string, error)

DecryptWithPassphrase attempts to descrypt string with the provided MAC address.

func Encrypt 

func Encrypt(plaintext string) (string, error)

Encrypt encrypts the plain text password to use in the configuration file with the gKey generated by KeyFn.

func EncryptWithPassphrase 

func EncryptWithPassphrase(plaintext string, passphrase []byte) (string, error)

EncryptWithPassphrase encrypts plaintext with the provided passphrase

func IsDecryptError 

func IsDecryptError(err error) bool

IsDecryptError returns true if there was a decryption error or corrupt data error and false if it's a different kind of error.

func SetPassphrase 

func SetPassphrase(b []byte) error

Types

type CipherError 

type CipherError struct {
	Err error
}

CipherError indicates that there was an error during decrypting of ciphertext.

func (*CipherError) Error 

func (e *CipherError) Error() string

func (*CipherError) Is 

func (e *CipherError) Is(target error) bool

func (*CipherError) Unwrap 

func (e *CipherError) Unwrap() error

type CorruptError 

type CorruptError struct {
	Value []byte
}

func (*CorruptError) Error 

func (e *CorruptError) Error() string

func (*CorruptError) Is 

func (e *CorruptError) Is(target error) bool

type Int 

type Int int

func (Int) MarshalJSON 

func (ei Int) MarshalJSON() ([]byte, error)

func (Int) String 

func (ei Int) String() string

func (*Int) UnmarshalJSON 

func (ei *Int) UnmarshalJSON(b []byte) error

type String 

type String string

String is a type of encrypted string. Surprise.

func (String) MarshalJSON 

func (es String) MarshalJSON() ([]byte, error)

func (String) String 

func (es String) String() string

func (*String) UnmarshalJSON 

func (es *String) UnmarshalJSON(b []byte) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.