pemcrypt

package

v0.0.0-...-23a808a Latest Latest Go to latest Published: Sep 22, 2024 License: BSD-3-Clause Imports: 18 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

gitlab.com/xianic/xca

Documentation ¶

Index ¶

Constants
func Decrypt(block *pem.Block, options *CryptOptions, userContext string) error
func Encrypt(block *pem.Block, options *CryptOptions, userContext string) error
func MakePromptArgs(filePath string, ot OpType) (promptText string, twice bool)
func StripPemHeaders(headers map[string]string)
type CryptOptions
type OpType
type PasswordParameters
type YkHmacOptions
- func (ykOp *YkHmacOptions) String() string
type YubiKeySlot

Constants ¶

View Source

const (
	OpEncrypt OpType = iota
	OpDecrypt

	PemPrefix = "XCA ENCRYPTED "

	HeaderPrefix     = "XCA-"
	HeaderVersion    = HeaderPrefix + "Version"
	HeaderPassPhrase = HeaderPrefix + "Passphrase"
	HeaderKey        = HeaderPrefix + "Key"
	HeaderYkHMAC     = HeaderPrefix + "YK-HMAC"
)

View Source

const (
	MinTime    = 4  // Seconds
	MinMemory  = 64 // MB
	MinThreads = 4
)

Variables ¶

This section is empty.

Functions ¶

func Decrypt ¶

func Decrypt(block *pem.Block, options *CryptOptions, userContext string) error

func Encrypt ¶

func Encrypt(block *pem.Block, options *CryptOptions, userContext string) error

func MakePromptArgs ¶

func MakePromptArgs(filePath string, ot OpType) (promptText string, twice bool)

func StripPemHeaders ¶

func StripPemHeaders(headers map[string]string)

Types ¶

type CryptOptions ¶

type CryptOptions struct {
	// PasswordParameters indicates how to derive the password key from the
	// prompt. A nil value for this structure indicate it is unconfigured and
	// a default set of values will be set if needed.
	PasswordParameters *PasswordParameters

	// PasswordSource is where to get the password from. See one of the
	// PromptFrom*() functions for the various options. If nil, encryption
	// will not prompt for a password whereas decryption will only prompt
	// if a password was used in the encryption process.
	//
	// The value PromptDisabled disables any prompt. Attempting to decrypt
	// A PEM block that requires a password with PromptDisabled will cause the
	// decryption to fail.
	PasswordSource prompt.PasswordPrompt

	// YkHMAC is configuration needed to include a Yubikey in the encryption /
	// decryption process.
	YkHMAC YkHmacOptions

	// Key is the encrypted master key.
	Key []byte
}

CryptOptions provides options on how to encrypt or decrypt a PEM block. The options can be represented as a set of PEM headers or specified on the command line.

func (*CryptOptions) EncryptionEnabled ¶

func (op *CryptOptions) EncryptionEnabled(ot OpType) bool

func (*CryptOptions) ParseHeaders ¶

func (op *CryptOptions) ParseHeaders(headers map[string]string) error

ParseHeaders writes the data found in PEM headers into CryptOptions. It will overwrite values PasswordParameters and the Yubikey Salt if found in the headers. The password source is not modified, and the Yubikey slot is only modified if it is currently 0 and the headers indicate a slot to use.

func (*CryptOptions) SetHeaders ¶

func (op *CryptOptions) SetHeaders(headers *map[string]string, ot OpType)

SetHeaders writes the current options to a map that can be used in a PEM block. If headers is nil a new map will be allocated if the CryptOptions would write any headers.

func (*CryptOptions) WillUsePassword ¶

func (op *CryptOptions) WillUsePassword(ot OpType) bool

func (*CryptOptions) WillUseYubikey ¶

func (op *CryptOptions) WillUseYubikey() bool

type OpType ¶

type OpType int

type PasswordParameters ¶

type PasswordParameters struct {
	Salt          []byte
	TimeInSeconds bool
	Time          uint32
	Memory        uint32
	Threads       uint8
}

func (*PasswordParameters) ParsePasswordOptions ¶

func (po *PasswordParameters) ParsePasswordOptions(value string) error

func (*PasswordParameters) SetDefaults ¶

func (p *PasswordParameters) SetDefaults()

SetDefaults sets the default values for the current machine if the values are out of acceptable ranges. This function may be called on a nil pointer in which case a p will be set to a newly allocated struct.

func (*PasswordParameters) String ¶

func (p *PasswordParameters) String() string

type YkHmacOptions ¶

type YkHmacOptions struct {
	// The salt is passed through the Yubikey's HMAC-SHA1 to produce a value
	// include in computing the master key.
	Salt []byte

	// Slot is which Yubikey slot to use in HMAC-SHA1 mode. If set to 0 or
	// -1 a Yubikey will not be included in the master key generation. If set
	// to 0 then the slit number will be updated from the
	Slot YubiKeySlot
}

func (*YkHmacOptions) String ¶

func (ykOp *YkHmacOptions) String() string

type YubiKeySlot ¶

type YubiKeySlot int

const (
	// YubikeyDisabled is a slot number used to prevent using a yubikey.
	YubikeyDisabled YubiKeySlot = -1

	// YubikeyAuto is a slot number indicates that a YubikeyShould be used for
	// decryption only if it was used for encryption. Encrypting with this
	// slot number will result in the Yubikey not being used at all. This
	// is the
	YubikeyAuto YubiKeySlot = 0
)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL