Documentation ¶
Index ¶
- Constants
- Variables
- func DecryptFile(ctx context.Context, out io.Writer, in io.Reader, masterKey []byte, ...) (uint16, int32, []byte, error)
- func DecryptPackages(ctx context.Context, out io.Writer, in io.Reader, headerVersion uint16, ...) error
- func EncryptFile(out io.WriteCloser, in io.Reader, masterKey []byte, metadata *Metadata) error
- func GetFileHeader(in io.Reader) (uint16, int32, []byte, io.Reader, error)
- func KeyFromPassphrase(passphrase string, salt []byte) (key []byte, confirmationHash []byte, err error)
- func NewKey() ([]byte, error)
- func NewSalt() ([]byte, error)
- func RandomBytes(len int) ([]byte, error)
- func UnwrapKey(wrappingKey []byte, wrappedKey []byte) ([]byte, error)
- func WrapKey(wrappingKey []byte, key []byte) ([]byte, error)
- type Header
- type Metadata
- func (*Metadata) Descriptor() ([]byte, []int)deprecated
- func (x *Metadata) GetContentType() string
- func (x *Metadata) GetName() string
- func (x *Metadata) GetSize() int64
- func (*Metadata) ProtoMessage()
- func (x *Metadata) ProtoReflect() protoreflect.Message
- func (x *Metadata) Reset()
- func (x *Metadata) String() string
- type MetadataCb
- type MetadataCbReturn
Constants ¶
const MaxMetadataLength = 32766
Maximum length of the (encoded) metadata: 32KB - 2 bytes The first 2 bytes are used for the length This could be increased to up to 64KB - 2 bytes
Variables ¶
var ErrMetadataOnly = errors.New("output stream is nil, only metadata was returned")
This error is returned if we're just returning the metadata from the file
var File_metadata_proto protoreflect.FileDescriptor
Functions ¶
func DecryptFile ¶
func DecryptFile(ctx context.Context, out io.Writer, in io.Reader, masterKey []byte, metadataCb MetadataCbReturn) (uint16, int32, []byte, error)
DecryptFile decrypts a stream (in), streaming the result to out If the result stream is nil, it only returns the metadata and stops reading The function requires a masterKey, a 32-byte key for AES-256, which is used to un-wrap the unique key for the file The function optionally accepts a metadata callback. When the metadata is extracted from the file, the callback is invoked with the metadata. The callback is invoked before the function starts streaming data to the out stream The function returns the version and length of the header, the wrapped key, and an error if any
func DecryptPackages ¶ added in v0.5.0
func DecryptPackages(ctx context.Context, out io.Writer, in io.Reader, headerVersion uint16, wrappedKey []byte, masterKey []byte, seqNum, offset uint32, length int64, metadataCb MetadataCbReturn) error
DecryptPackages decrypts one or more packages/chunks of encrypted data (64kb + 32 bytes), streaming the result to out The function requires a wrapped key and the master key It also requires a sequence number, that is the number of the first package/chunk we expect to decrypt The function optionally accepts a metadata callback. When the metadata is extracted from the file (only from package #0), the callback is invoked with the metadata. The callback is invoked before the function starts streaming data to the out stream
func EncryptFile ¶
EncryptFile encrypts a stream (in), streaming the result to out The function requires a masterKey, a 32-byte key for AES-256, which is used to wrap a key unique for this file The function optionally accepts a metadata argument that will be encrypted at the beginning of the file
func GetFileHeader ¶ added in v0.5.0
GetFileHeader returns the wrapped key from the file header read from the stream "in" It returns the version and length of the header, the wrapped key as well as a new stream that should be used as input stream
func KeyFromPassphrase ¶
func KeyFromPassphrase(passphrase string, salt []byte) (key []byte, confirmationHash []byte, err error)
KeyFromPassphrase returns the 32-byte key derived from a passphrase and a salt using Argon2id It also returns a "confirmation hash" that can be used to ensure the passphrase is correct
func RandomBytes ¶ added in v0.3.0
RandomBytes returns a byte slice full with random bytes, of a given length This is useful to generate cryptographic keys, for example
Types ¶
type Metadata ¶
type Metadata struct { Name string `protobuf:"bytes,1,opt,name=name,json=n,proto3" json:"name,omitempty"` ContentType string `protobuf:"bytes,2,opt,name=content_type,json=ct,proto3" json:"content_type,omitempty"` Size int64 `protobuf:"varint,3,opt,name=size,json=sz,proto3" json:"size,omitempty"` // contains filtered or unexported fields }
Metadata message
func (*Metadata) Descriptor
deprecated
added in
v0.5.0
func (*Metadata) GetContentType ¶ added in v0.5.0
func (*Metadata) ProtoMessage ¶ added in v0.5.0
func (*Metadata) ProtoMessage()
func (*Metadata) ProtoReflect ¶ added in v0.5.0
func (x *Metadata) ProtoReflect() protoreflect.Message
type MetadataCb ¶
MetadataCb is the callback for the function that receives the metadata object, as well as the length of the encoded metadata (including the size bytes)
type MetadataCbReturn ¶ added in v0.5.0
MetadataCbReturn is like MetadataCb, but it supports a return value The callback should return true if everything went fine, or false to interrupt reading/decrypting the data after the metadata