secure

package
v0.4.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 5, 2024 License: MIT Imports: 21 Imported by: 1

Documentation

Overview

Package secure makes encrypted data can only be decrypted by selected recipients. It allows different types of public keys to secretly exchange data.

Suppose we have a opponent X, append 0 to the upper cased letter we get X0, it represents X's private key, similarly X1 represents X's public key. We have a pool of key pairs S, they are accessible by everyone, they are pregenerated key pairs with the combinations of commonly use key types and sizes, such as 1024bit rsa 1024, 2048bit rsa, 256bit ecdsa, etc. Now we have opponents X and Y, they may have different key types, such as X's is rsa, Y's is ecdsa, we want to encrypt data D with X and decrypt it with Y. X has access to Y1.

Encryption steps: 

Find M0 from S that has the same key type and size as Y1.
Use Y1 and M0 to generate the shared secret key K.
Use K to encrypt the D to encrypted data E.
Send E to Y.

Decryption steps: 

Find M1 from S that has the same key type and size as Y0.
Use Y0 and M1 to generate the shared secret key K.
Use K to decrypt E.

Index

Constants

View Source 
const (
	KEY_TYPE_RSA     = "rsa"
	KEY_TYPE_ECDSA   = "ecdsa"
	KEY_TYPE_ED25519 = "ed25519"
)

Variables

View Source 
var ErrNotRecipient = fmt.Errorf("not a recipient, the data is not encrypted for your public key")
View Source 
var ErrNotSupportedKey = errors.New("not an supported key")
View Source 
var ErrSignNotMatch = errors.New("sign not match")
View Source 
var SharedKeys embed.FS
View Source 
var SupportedKeyTypes = []KeyInfo{
	{
		Type:    KEY_TYPE_RSA,
		BitSize: []int{1024, 2048, 3072},
	},
	{
		Type:    KEY_TYPE_ECDSA,
		BitSize: []int{256, 384, 521},
	},
	{
		Type:    KEY_TYPE_ED25519,
		BitSize: []int{256},
	},
}

Functions

func Belongs added in v0.2.0 

func Belongs(pub, prv []byte, passphrase string) (bool, error)

Belongs checks if pub key belongs to prv key.

func DecryptAES 

func DecryptAES(key, data []byte, aesType, guard int) ([]byte, error)

func DecryptSharedSecret added in v0.3.0 

func DecryptSharedSecret(encryptedAESKey []byte, aesType int, prv crypto.PrivateKey) ([]byte, error)

func EncryptAES 

func EncryptAES(key, data []byte, aesType, guard int) ([]byte, error)

func EncryptSharedSecret added in v0.3.0 

func EncryptSharedSecret(aesKey []byte, aesType int, pub crypto.PublicKey) ([]byte, error)

func FindPrvSharedKey added in v0.3.0 

func FindPrvSharedKey(pub crypto.PublicKey) (crypto.PrivateKey, error)

func FindPubSharedKey added in v0.3.0 

func FindPubSharedKey(prv crypto.PrivateKey) (crypto.PublicKey, error)

func IsAuthErr added in v0.1.0 

func IsAuthErr(err error) bool

func PrivateKeySize added in v0.3.0 

func PrivateKeySize(prv crypto.PrivateKey) int

func PublicKeyHash added in v0.3.0 

func PublicKeyHash(pub crypto.PublicKey) []byte

func PublicKeyHashByPrivateKey added in v0.3.0 

func PublicKeyHashByPrivateKey(prv crypto.PrivateKey) []byte

func PublicKeySize added in v0.3.0 

func PublicKeySize(pub crypto.PublicKey) int

func SSHPrvKey added in v0.2.0 

func SSHPrvKey(keyData []byte, passphrase string) (crypto.PrivateKey, error)

SSHPrvKey returns a private key from a ssh private key.

func SSHPubKey added in v0.1.0 

func SSHPubKey(publicKey []byte) (crypto.PublicKey, error)

Types

type Cipher added in v0.0.5 

type Cipher struct {
	AESType int
	// contains filtered or unexported fields
}

Cipher to encrypt and decrypt data. The cipher will generate a random AES secret, each public key will be used to encrypt the AES secret into a key. The wire format of the output looks like this: 

[n][key1][key2][key3]...[encrypted-data].

"n" is the number of keys. "key1" is the encrypted key for the first public key. "key2" is the encrypted key for the second public key. ... "encrypted-data" is the encrypted data by the AES secret.

func NewCipher added in v0.3.0 

func NewCipher(prv crypto.PrivateKey, index int, pubs ...crypto.PublicKey) *Cipher

NewCipher to encrypt or decrypt data. The index indicates which key in the key list is for the prv to decrypt the data.

func NewCipherBytes added in v0.3.0 

func NewCipherBytes(privateKey []byte, passphrase string, index int, publicKeys ...[]byte) (*Cipher, error)

func (*Cipher) DecodeAESKey added in v0.2.0 

func (c *Cipher) DecodeAESKey(encryptedKeys [][]byte) ([]byte, error)

func (*Cipher) Decoder added in v0.0.5 

func (c *Cipher) Decoder(r io.Reader) (io.ReadCloser, error)

func (*Cipher) EncodeAESKey added in v0.3.0 

func (c *Cipher) EncodeAESKey(aesKey []byte, pub crypto.PublicKey) ([]byte, error)

func (*Cipher) Encoder added in v0.0.5 

func (c *Cipher) Encoder(w io.Writer) (io.WriteCloser, error)

type KeyInfo added in v0.3.0 

type KeyInfo struct {
	Type    string
	BitSize []int
}

type Signer added in v0.0.5 

type Signer struct {
	// contains filtered or unexported fields
}

func NewSigner added in v0.3.0 

func NewSigner(prv crypto.PrivateKey, pub crypto.PrivateKey) *Signer

func NewSignerBytes added in v0.3.0 

func NewSignerBytes(privateKey []byte, passphrase string, publicKeys ...[]byte) (*Signer, error)

func (*Signer) Decoder added in v0.0.5 

func (s *Signer) Decoder(r io.Reader) (io.ReadCloser, error)

func (*Signer) Encoder added in v0.0.5 

func (s *Signer) Encoder(w io.Writer) (io.WriteCloser, error)

func (*Signer) SigDigest added in v0.3.0 

func (s *Signer) SigDigest(digest []byte) ([]byte, error)

func (*Signer) Sign added in v0.3.0 

func (s *Signer) Sign(data []byte) ([]byte, error)

func (*Signer) Verify added in v0.3.0 

func (s *Signer) Verify(data []byte) ([]byte, bool)

func (*Signer) VerifyDigest added in v0.3.0 

func (s *Signer) VerifyDigest(digest, sign []byte) bool

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.