README
¶
CRYPTOUTILS
cryptoutils is a thin wrapper around the NaCl toolkit, and offers hashing, integer conversion and securely reading passwords from stdin in the terminal.
The commandline tool is still work in progress.
Library
Public Interface
// Symmetric Crypto
func SymmetricDecrypt(data []byte, key *[KeySize]byte) ([]byte, error)
func SymmetricEncrypt(data []byte, key *[KeySize]byte) ([]byte, error)
func SymmetricEncryptStatic(data string, staticNonce *[NonceSize]byte, key *[KeySize]byte) []byte
// Asymmetric Crypto
func AsymmetricDecrypt(data []byte, pubKey, privKey *[KeySize]byte) ([]byte, bool)
func AsymmetricEncrypt(data []byte, pubKey, privKey *[KeySize]byte) ([]byte, error)
// Key & Nonce Generation
func GenerateKey(data string) *[KeySize]byte
func GenerateKeyStdin() *[KeySize]byte
func GenerateKeypair() (pubKey, privKey *[KeySize]byte, err error)
func GenerateNonce() (*[NonceSize]byte, error)
// Utils
func PasswordPrompt(prompt string) (password string, err error)
// Hashes
func MD5(text string) string
func RandomString() (string, error)
func Sha256(data string) []byte
Library Examples
see the tests for sample usage
// simple example for symmetric encryption
key := GenerateKey("test")
enc, err := SymmetricEncrypt(data, key)
if err != nil {
log.Fatal("failed to encrypt: ", err)
}
dec, err := SymmetricDecrypt(enc, key)
if err != nil {
log.Fatal("failed to decrypt: ", err)
}
// simple example for asymmetric encryption
// peer 1
pubKey1, privKey1, err := GenerateKeypair()
if err != nil {
log.Fatal("failed to generate keypair: ", err)
}
// peer 2
pubKey2, privKey2, err := GenerateKeypair()
if err != nil {
log.Fatal("failed to generate keypair: ", err)
}
enc, err := AsymmetricEncrypt(data, pubKey1, privKey2)
if err != nil {
log.Fatal("failed to encrypt: ", err)
}
dec, ok := AsymmetricDecrypt(enc, pubKey2, privKey1)
if !ok {
log.Fatal("failed to decrypt")
}
Commandline Tool
The commandline tool provides all functionality of the library on the commandline. It can also read input from stdin.
Commandline Examples
By default output from cryptotool goes to stdout:
# encrypt input from stdin, user will be prompted to enter key
echo "test" | cryptotool -e
# encrypt input from stdin, with key "key"
echo "test" | cryptotool -e -k "key"
# encrypt file
cryptotool -e <filenam>
# decrypt file
cryptotool -d <filename>
# calculate the sha256 for "test"
cryptotool -sha256 "test"
# calculate the md5 for "test"
cryptotool -md5 "test"
Benchmarks
Run the benchmarks and tests:
$ go test -v -bench=.
=== RUN TestSymmetricEncryption
--- PASS: TestSymmetricEncryption (0.00s)
=== RUN TestAsymmetricEncryption
--- PASS: TestAsymmetricEncryption (0.00s)
goos: darwin
goarch: amd64
pkg: github.com/dreadl0ck/cryptoutils
BenchmarkSymmetricEncrypt-12 2000000 707 ns/op 128 B/op 3 allocs/op
BenchmarkSymmetricDecrypt-12 5000000 279 ns/op 16 B/op 1 allocs/op
BenchmarkAsymmetricEncrypt-12 50000 34467 ns/op 128 B/op 3 allocs/op
BenchmarkAsymmetricDecrypt-12 50000 32642 ns/op 16 B/op 1 allocs/op
PASS
ok github.com/dreadl0ck/cryptoutils 7.907s
Cryptographic Primitives
CRYPTOUTILS uses the famous NaCl Library from Daniel J. Bernstein. more specifically the secretbox go implementation for symmetric encryption: secretbox and the box implementation for asymmetric encryption.
Secretbox uses XSalsa20 and Poly1305 to encrypt and authenticate messages with secret-key cryptography. The length of messages is not hidden.
Box uses Curve25519, XSalsa20 and Poly1305 to encrypt and authenticate messages. The length of messages is not hidden.
The KeySize is 256bit. For every encryption procedure a fresh nonce is generated.
LICENSE
GPLv3
Contact
You have ideas, feedback, bugs, security issues, pull requests etc? Contact me: <dreadl0ck [at] protonmail [dot] ch>
Documentation
¶
Index ¶
- Constants
- Variables
- func AsymmetricDecrypt(data []byte, pubKey, privKey *[KeySize]byte) ([]byte, bool)
- func AsymmetricEncrypt(data []byte, pubKey, privKey *[KeySize]byte) ([]byte, error)
- func Base64(text string) string
- func ConvertInt(s string) (bin, oct, dec, hex string, err error)
- func GenerateKey(data string) *[KeySize]byte
- func GenerateKeyStdin() *[KeySize]byte
- func GenerateKeypair() (pubKey, privKey *[KeySize]byte, err error)
- func GenerateNonce() (*[NonceSize]byte, error)
- func HashDir(path string, hashFunc HashFunc) (string, error)
- func HashFile(path string, hashFunc HashFunc) (string, error)
- func MD5(text string) string
- func MD5Data(data []byte) []byte
- func PasswordPrompt(prompt string) (password string, err error)
- func RandomString(length int) (string, error)
- func ReadKeyStdin() *[KeySize]byte
- func Sha1Data(data []byte) []byte
- func Sha256(text string) []byte
- func Sha256Data(data []byte) []byte
- func Sha512Data(data []byte) []byte
- func SymmetricDecrypt(data []byte, key *[KeySize]byte) ([]byte, error)
- func SymmetricEncrypt(data []byte, key *[KeySize]byte) ([]byte, error)
- func SymmetricEncryptStatic(data string, staticNonce *[NonceSize]byte, key *[KeySize]byte) []byte
- func ToBin(n int64) string
- func ToDec(n int64) string
- func ToHex(n int64) string
- func ToOct(n int64) string
- type HashFunc
Constants ¶
const ( KeySize = 32 NonceSize = 24 )
KeySize is 256bit
Variables ¶
var ( // ErrDecrypt means something went wrong decrypting ErrDecrypt = errors.New("error decrypting") // ErrEmptyFile means the file is empty ErrEmptyFile = errors.New("file is empty") )
Functions ¶
func AsymmetricDecrypt ¶
AsymmetricDecrypt decrypts a message
func AsymmetricEncrypt ¶
AsymmetricEncrypt encrypts a message for the given pubKey
func ConvertInt ¶
ConvertInt coverts an int into bin, hex, dec and oct
func GenerateKey ¶
GenerateKey generates a Key, by calculating the SHA-256 Hash for the given string
func GenerateKeyStdin ¶
GenerateKeyStdin can be used to set the encryption key by reading it from stdin
func GenerateKeypair ¶
GenerateKeypair generates a public and a private key
func GenerateNonce ¶
GenerateNonce creates a new random nonce.
func HashDir ¶
HashDir walks a directory and hashes all files inside afterwards all hashes are concatenated and hashed again this works because the order in which filepath.Walk walks the files is always the same
func PasswordPrompt ¶
PasswordPrompt reads a password from stdin without echoing the typed characters
func RandomString ¶
RandomString generates a length bytes long random string
func ReadKeyStdin ¶
ReadKeyStdin reads the decryption key from stdin
func Sha256Data ¶
Sha256Data calculates the Sha256 for the given data
func Sha512Data ¶
Sha512Data calculates the sha512 for the given data
func SymmetricDecrypt ¶
SymmetricDecrypt extracts the nonce from the ciphertext, and attempts to decrypt with NaCl's secretbox.
func SymmetricEncrypt ¶
SymmetricEncrypt generates a random nonce and encrypts the input using NaCl's secretbox package. The nonce is prepended to the ciphertext. A sealed message will the same size as the original message + secretbox.Overhead bytes long.
func SymmetricEncryptStatic ¶
SymmetricEncryptStatic encrypts using a fixed nonce
Source Files
Directories