README
¶
GO Windows DPAPI Wrapper
The Windows DPAPI uses keys from the user and computer to encrypt data.
Encrypt and decrypt strings:
pwd := "password"
encrypted, _ := dpapi.Encrypt(pwd)
decrypted, _ := dpapi.Decrypt(encrypted)
Encrypt and decrypt byte arrays:
secret := []byte("isolateIndoors")
enc, _ := dpapi.EncryptBytes(secret)
dec, _ := dpapi.DecryptBytes(enc)
An encrypted string looks like this:
AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAAQ5GMbx570mklMuNAyFRhgAAAAACAAAAAAAQZgAAAAEAACAAAACe7tibTHuzIsKVO2adNjiXU9TM9F1eR95Yk0Wk8Kzj7gAAAAAOgAAAAAIAACAAAAA7quouOuNvn7eicqjE9aa75UZN+TAbokD35hTXbE7UOBAAAADEFNscRxOqxxheOIVdtbiQQAAAAC+UCYzQFtF7uRyhjXKnqCii8OHUtmB5LwIgJTx46uLukKGsOp60rGVPGn6ufiYYCRXiCQPAmQEKjsEE1jwqZto=
The package also supports machine specific encryption and encryption using entropy.
Developing
There is an application in /cmd/stable that creates a JSON file of encrypted values. The purpose is to create a stable encrypted value and then verify it can still be decrypted after any changes are made.
It creates a file named domain.computer.user.stable.json on the first run. On subsequent runs it tries to decrypt the values in the JSON file. It currently only tests per-user encryption. But this should allow testing of machine encryption and encryption with entropy.
References
- Data Protection API (wikipedia.org)
- Windows Data Protection (microsoft.com)
- Troubleshooting the DPAPI (microsoft.com)
- CryptProtectData function (microsoft.com)
- Example C Program: Using CryptProtectData (microsoft.com)
Documentation
¶
Index ¶
- func Decrypt(data string) (string, error)
- func DecryptBytes(data []byte) ([]byte, error)
- func DecryptBytesEntropy(data, entropy []byte) ([]byte, error)
- func DecryptEntropy(data, entropy string) (string, error)
- func Encrypt(secret string) (string, error)
- func EncryptBytes(data []byte) ([]byte, error)
- func EncryptBytesEntropy(data, entropy []byte) ([]byte, error)
- func EncryptBytesMachineLocal(data []byte) ([]byte, error)
- func EncryptBytesMachineLocalEntropy(data, entropy []byte) ([]byte, error)
- func EncryptEntropy(secret, entropy string) (string, error)
- func EncryptMachineLocal(secret string) (string, error)
- func EncryptMachineLocalEntropy(secret, entropy string) (string, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DecryptBytes ¶
EncryptBytes encrypts a byte array and returns a byte array
func DecryptBytesEntropy ¶ added in v0.3.0
func DecryptEntropy ¶ added in v0.3.0
func EncryptBytes ¶
EncryptBytes encrypts a byte array and returns a byte array
func EncryptBytesEntropy ¶ added in v0.3.0
func EncryptBytesMachineLocal ¶ added in v0.2.0
EncryptBytesMachineLocal encrypts a byte array and returns a byte array and associates the data encrypted with the current computer instead of with an individual user.
func EncryptBytesMachineLocalEntropy ¶ added in v0.3.0
func EncryptEntropy ¶ added in v0.3.0
func EncryptMachineLocal ¶ added in v0.2.0
EncryptMachineLocal a string value to a base64 string and associates the data encrypted with the current computer instead of with an individual user.
func EncryptMachineLocalEntropy ¶ added in v0.3.0
Types ¶
This section is empty.
Source Files
Directories