snacl

Documentation

Index

• Constants
• Variables
• type CryptoKey
  • func GenerateCryptoKey() (*CryptoKey, error)
  • func (ck *CryptoKey) Decrypt(in []byte) ([]byte, error)
  • func (ck *CryptoKey) Encrypt(in []byte) ([]byte, error)
  • func (ck *CryptoKey) Zero()
• type Parameters
• type SecretKey
  • func NewSecretKey(password *[]byte, N, r, p int) (*SecretKey, error)
  • func (sk *SecretKey) Decrypt(in []byte) ([]byte, error)
  • func (sk *SecretKey) DeriveKey(password *[]byte) error
  • func (sk *SecretKey) Encrypt(in []byte) ([]byte, error)
  • func (sk *SecretKey) Marshal() []byte
  • func (sk *SecretKey) Unmarshal(marshalled []byte) error
  • func (sk *SecretKey) Zero()

Constants

const (
	// Expose secretbox's Overhead const here for convenience.
	Overhead  = secretbox.Overhead
	KeySize   = 32
	NonceSize = 24
	DefaultN  = 16384 // 2^14
	DefaultR  = 8
	DefaultP  = 1
)

Various constants needed for encryption scheme.

Variables

var (
	ErrInvalidPassword = errors.New("invalid password")
	ErrMalformed       = errors.New("malformed data")
	ErrDecryptFailed   = errors.New("unable to decrypt")
)

Error types and messages.

Types

type CryptoKey

type CryptoKey [KeySize]byte

CryptoKey represents a secret key which can be used to encrypt and decrypt data.

func GenerateCryptoKey

func GenerateCryptoKey() (*CryptoKey, error)

GenerateCryptoKey generates a new crypotgraphically random key.

func (*CryptoKey) Decrypt

func (ck *CryptoKey) Decrypt(in []byte) ([]byte, error)

Decrypt decrypts the passed data. The must be the output of the Encrypt function.

func (*CryptoKey) Encrypt

func (ck *CryptoKey) Encrypt(in []byte) ([]byte, error)

Encrypt encrypts the passed data.

func (*CryptoKey) Zero

func (ck *CryptoKey) Zero()

Zero clears the key by manually zeroing all memory. This is for security conscience application which wish to zero the memory after they've used it rather than waiting until it's reclaimed by the garbage collector. The key is no longer usable after this call.

type Parameters

type Parameters struct {
	Salt   [KeySize]byte
	Digest [sha256.Size]byte
	N      int
	R      int
	P      int
}

Parameters are not secret and can be stored in plain text.

type SecretKey

type SecretKey struct {
	Key        *CryptoKey
	Parameters Parameters
}

SecretKey houses a crypto key and the parameters needed to derive it from a passphrase. It should only be used in memory.

func NewSecretKey

func NewSecretKey(password *[]byte, N, r, p int) (*SecretKey, error)

NewSecretKey returns a SecretKey structure based on the passed parameters.

func (*SecretKey) Decrypt

func (sk *SecretKey) Decrypt(in []byte) ([]byte, error)

Decrypt takes in a JSON blob and returns it's decrypted form.

func (*SecretKey) DeriveKey

func (sk *SecretKey) DeriveKey(password *[]byte) error

DeriveKey derives the underlying secret key and ensures it matches the expected digest. This should only be called after previously calling the Zero function or on an initial Unmarshal.

func (*SecretKey) Encrypt

func (sk *SecretKey) Encrypt(in []byte) ([]byte, error)

Encrypt encrypts in bytes and returns a JSON blob.

func (*SecretKey) Marshal

func (sk *SecretKey) Marshal() []byte

Marshal returns the Parameters field marshalled into a format suitable for storage. This result of this can be stored in clear text.

func (*SecretKey) Unmarshal

func (sk *SecretKey) Unmarshal(marshalled []byte) error

Unmarshal unmarshalls the parameters needed to derive the secret key from a passphrase into sk.

func (*SecretKey) Zero

func (sk *SecretKey) Zero()

Zero zeroes the underlying secret key while leaving the parameters intact. This effectively makes the key unusable until it is derived again via the DeriveKey function.