README
¶
Simple encryption/decryption tool
This is a simple CLI program and library to encrypt and decrypt files.
The AEAD used is ChaCha20-Poly1305 and the KDF used is argon2. Only argon2id is supported.
Limitations
- This program does not commit to securely wipe sensitive data from memory, such as passwords and cryptography keys.
Documentation
¶
Index ¶
- Constants
- func Decrypt(key []byte, src io.Reader, dst io.Writer, params *Params) error
- func Encrypt(key []byte, src io.Reader, dst io.Writer, params *Params) error
- func Key(password []byte, params *Params) ([]byte, error)
- func ReadPassword(message string) ([]byte, error)
- type Params
- type Reader
- type Writer
Constants ¶
const ( ArgonVersion = 19 ArgonType = "argon2id" SaltSize = 16 ArgonTime = 1 ArgonMemory = 1 << 21 ArgonThreads = 4 ChunkSize = 64 * (1 << 10) // 64 KiB )
Default values of params fields.
Variables ¶
This section is empty.
Functions ¶
func Key ¶
Key uses argon2 algorithm to create a cryptographic key based on password and params.
Depending on the parameters passed to argon2, it can take a significant amount of time and memory. Using the zero value of params it will use the first recommended parameters option specified in RFC9106.
func ReadPassword ¶
ReadPassword reads the password from stdin without local echo, displaying message before reading the password. It is safe to interrupt the program with SIGINT when blocked by this function as it will restore the previous state of terminal on exit.
Types ¶
type Params ¶
type Params struct {
// ArgonVersion defines what version number of Argon2
// will be used to derivate the key.
ArgonVersion uint8
// ArgonType is the version of Argon2 that will be used
// to derivate the key.
ArgonType string
// SaltSize is the length, in bytes, of the salt that will be
// generated.
SaltSize uint8
// Salt is the actual salt used.
Salt []byte
// ArgonTime is the number of passes used.
ArgonTime uint32
// ArgonMemory is the amount of memory used in KiB.
ArgonMemory uint32
// ArgonThreads is the number of threads used.
ArgonThreads uint8
// ChunkSize is the length, in bytes, that the plaintext
// will be splitted and encrypted with different nonces.
ChunkSize int64
}
Params represents the parameters used to generate a symmetric key using Argon2 and the chunk size in bytes for splitting the payload before encrypting they with unique nonces.
func NewParams ¶
func NewParams() *Params
NewParams creates an instance of Params struct with default configuration
func ParseHeader ¶
func ParseHeader(src io.ReadSeeker) (*Params, error)
ParseHeader parses the header of the given src stream. It create a new Params object and load its fields from the provided header.
func (*Params) Check ¶
Check checks if the Params fields are correctly filled. Correcting them when a field with the zero value is detected or returning an error if a field has an invalid value.
func (*Params) MarshalHeader ¶
MarshalHeader returns a string header as a byte slice made from the Params fields. Returns an error if the Params used are not valid.
type Reader ¶
type Reader struct {
// contains filtered or unexported fields
}
Reader reads encrypted data from the underlying reader.
type Writer ¶
type Writer struct {
// contains filtered or unexported fields
}
Writer writes to underlying writer encrypting the data
func (*Writer) Close ¶
Close encrypt and write any remaning data in the buffer plus the AEAD tag, to the underlying writer. Close returns an error if it has already been called.
Source Files
Directories