Documentation
¶
Overview ¶
Package secure makes encrypted data can only be decrypted by selected recipients. It allows different types of public keys to secretly exchange data.
How It Works ¶
Suppose we have a opponent X, append 0 to the upper cased letter we get X0, it represents X's private key, similarly X1 represents X's public key. Now we have opponents X and Y, they may have different key types, such as X's is rsa, Y's is ecdsa, we want to encrypt data D with X and decrypt it with Y. X has access to Y1.
Encryption steps:
Generate ephemeral key M that has the same key type and size as Y1. Use Y1 and M0 to generate the shared secret key K. Use K to encrypt the D, it generates E. Only send M1 and E to Y.
Decryption steps:
Use Y0 and M1 to generate the shared secret key K. Use K to decrypt E, we get D.
Index ¶
- Variables
- func Belongs(pub, prv []byte, passphrase string) (bool, error)
- func DecryptAES(key, data []byte, aesType, guard int) ([]byte, error)
- func DecryptSharedSecret(encryptedAESKey []byte, aesType int, prv crypto.PrivateKey) ([]byte, error)
- func EncryptAES(key, data []byte, aesType, guard int) ([]byte, error)
- func EncryptSharedSecret(aesKey []byte, aesType int, pub crypto.PublicKey) ([]byte, error)
- func GenerateKeyFile(privateKeyPath, comment, passphrase string) error
- func IsAuthErr(err error) bool
- func PublicKeyHash(pub crypto.PublicKey) []byte
- func PublicKeyHashByPrivateKey(prv crypto.PrivateKey) []byte
- func SSHPrvKey(keyData []byte, passphrase string) (crypto.PrivateKey, error)
- func SSHPubKey(publicKey []byte) (crypto.PublicKey, error)
- type Cipher
- type Signer
- func (s *Signer) Decoder(r io.Reader) (io.ReadCloser, error)
- func (s *Signer) Encoder(w io.Writer) (io.WriteCloser, error)
- func (s *Signer) SigDigest(digest []byte) ([]byte, error)
- func (s *Signer) Sign(data []byte) ([]byte, error)
- func (s *Signer) Verify(data []byte) ([]byte, bool)
- func (s *Signer) VerifyDigest(digest, sign []byte) bool
Constants ¶
This section is empty.
Variables ¶
var ErrAlreadyClosed = errors.New("already closed")
var ErrNotRecipient = fmt.Errorf("not a recipient, the data is not encrypted for your public key")
var ErrNotSupportedKey = errors.New("not an supported key")
var ErrSignMismatch = errors.New("sign mismatch")
Functions ¶
func DecryptSharedSecret ¶ added in v0.3.0
func EncryptSharedSecret ¶ added in v0.3.0
func GenerateKeyFile ¶ added in v0.5.2
GenerateKeyFile generates a new ssh key pair.
func PublicKeyHash ¶ added in v0.3.0
func PublicKeyHashByPrivateKey ¶ added in v0.3.0
func PublicKeyHashByPrivateKey(prv crypto.PrivateKey) []byte
Types ¶
type Cipher ¶ added in v0.0.5
type Cipher struct {
AESType int
// contains filtered or unexported fields
}
Cipher to encrypt and decrypt data. The cipher will generate a random AES secret, each public key will be used to encrypt the AES secret into a key. The wire format of the output looks like this:
[n][key1][key2][key3]...[encrypted-data].
"n" is the number of keys. "key1" is the encrypted key for the first public key. "key2" is the encrypted key for the second public key. ... "encrypted-data" is the encrypted data by the AES secret.
func NewCipher ¶ added in v0.3.0
NewCipher to encrypt or decrypt data. The index indicates which key in the key list is for the prv to decrypt the data.
func NewCipherBytes ¶ added in v0.3.0
type Signer ¶ added in v0.0.5
type Signer struct {
// contains filtered or unexported fields
}
func NewSigner ¶ added in v0.3.0
func NewSigner(prv crypto.PrivateKey, pub crypto.PrivateKey) *Signer
Source Files