attachment

package
v0.13.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 16, 2023 License: MPL-2.0 Imports: 8 Imported by: 13

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	HashMismatch         = errors.New("mismatching SHA-256 digest")
	UnsupportedVersion   = errors.New("unsupported Matrix file encryption version")
	UnsupportedAlgorithm = errors.New("unsupported JWK encryption algorithm")
	InvalidKey           = errors.New("failed to decode key")
	InvalidInitVector    = errors.New("failed to decode initialization vector")
	InvalidHash          = errors.New("failed to decode SHA-256 hash")
	ReaderClosed         = errors.New("encrypting reader was already closed")
)

Functions

This section is empty.

Types

type EncryptedFile

type EncryptedFile struct {
	Key        JSONWebKey          `json:"key"`
	InitVector string              `json:"iv"`
	Hashes     EncryptedFileHashes `json:"hashes"`
	Version    string              `json:"v"`
	// contains filtered or unexported fields
}

func NewEncryptedFile

func NewEncryptedFile() *EncryptedFile

func (*EncryptedFile) Decrypt deprecated

func (ef *EncryptedFile) Decrypt(ciphertext []byte) ([]byte, error)

Decrypt decrypts the given data and returns the plaintext.

Deprecated: this makes a copy for the plaintext data, which means 2x memory usage. DecryptInPlace is recommended.

func (*EncryptedFile) DecryptInPlace added in v0.11.0

func (ef *EncryptedFile) DecryptInPlace(data []byte) error

DecryptInPlace decrypts the given data in-place (i.e. the provided data is overridden with the plaintext).

func (*EncryptedFile) DecryptStream added in v0.11.0

func (ef *EncryptedFile) DecryptStream(reader io.Reader) io.ReadCloser

DecryptStream wraps the given io.Reader in order to decrypt the data.

The first Read call will check the algorithm and decode keys, so it might return an error before actually reading anything. If you want to validate the file before opening the stream, call PrepareForDecryption manually and check for errors.

The Close call will validate the hash and return an error if it doesn't match. In this case, the written data should be considered compromised and should not be used further.

func (*EncryptedFile) Encrypt deprecated

func (ef *EncryptedFile) Encrypt(plaintext []byte) []byte

Encrypt encrypts the given data, updates the SHA256 hash in the EncryptedFile struct and returns the ciphertext.

Deprecated: this makes a copy for the ciphertext, which means 2x memory usage. EncryptInPlace is recommended.

func (*EncryptedFile) EncryptInPlace added in v0.11.0

func (ef *EncryptedFile) EncryptInPlace(data []byte)

EncryptInPlace encrypts the given data in-place (i.e. the provided data is overridden with the ciphertext) and updates the SHA256 hash in the EncryptedFile struct.

func (*EncryptedFile) EncryptStream added in v0.7.5

func (ef *EncryptedFile) EncryptStream(reader io.Reader) io.ReadCloser

EncryptStream wraps the given io.Reader in order to encrypt the data.

The Close() method of the returned io.ReadCloser must be called for the SHA256 hash in the EncryptedFile struct to be updated. The metadata is not valid before the hash is filled.

func (*EncryptedFile) PrepareForDecryption added in v0.11.0

func (ef *EncryptedFile) PrepareForDecryption() error

PrepareForDecryption checks that the version and algorithm are supported and decodes the base64 keys

DecryptStream will call this with the first Read() call if this hasn't been called manually.

DecryptInPlace will always call this automatically, so calling this manually is not necessary when using that function.

type EncryptedFileHashes

type EncryptedFileHashes struct {
	SHA256 string `json:"sha256"`
}

type JSONWebKey

type JSONWebKey struct {
	Key         string   `json:"k"`
	Algorithm   string   `json:"alg"`
	Extractable bool     `json:"ext"`
	KeyType     string   `json:"kty"`
	KeyOps      []string `json:"key_ops"`
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL