README
¶
go-emp : Encrypted Message Protocol implementation
Overview 
This repository contains a reference implementation of Encrypted Message Protocol in Go programming language.
It is not aimed to give universal solution. Instead it implements some popular types on encrypted messages, such as:
- RSA encrypted with SHA-256/SHA-512 signing
- AES128 and AES256 encrypted without signing
Install
go get github.com/emproto/go-emp
How to generate RSA keys
mkdir -p ~/.keys/emproto
ssh-keygen -m pem -t rsa -f ~/.keys/emproto/id_rsa
openssl rsa -in ~/.keys/emproto/id_rsa -pubout -out ~/.keys/emproto/id_rsa.pub.pem
Code example
import (
"io/ioutil"
"os"
"github.com/emproto/go-emt"
)
func createMessage(text string) []byte {
privKey := ioutil.ReadFile(os.ExpandVar("~/.keys/emproto/id_rsa"))
pubKey := ioutil.ReadFile(os.ExpandVar("~/.keys/emproto/id_rsa.pub.pem"))
msg := emp.NewRsaSha256Message("Hello, Secure World!")
err := msg.Encrypt(pubKey)
if err != nil {
panic(err)
}
err := msg.Sign(privKey)
if err != nil {
panic(err)
}
packedMessage, _ := emp.PackBase64(msg)
receiveMessage(packedMessage)
}
func receiveMessage(msgBytes []byte) {
privKey := ioutil.ReadFile(os.ExpandVar("~/.keys/emproto/id_rsa"))
pubKey := ioutil.ReadFile(os.ExpandVar("~/.keys/emproto/id_rsa.pub.pem"))
rawMessage, _ := emp.UnpackBase64(msgBytes)
rsaMessage := LoadRsaMessage(rawMessage)
err := rsaMessage.Verify(pubKey)
if err != nil {
panic("cannot verify message")
}
rawMsgBytes, err := rsaMessage.Decrypt(privKey)
if err != nil {
panic(err)
}
fmt.Println(string(rawMsgBytes))
}
License
MIT.
Documentation
¶
Index ¶
- Constants
- Variables
- func PackBase64(m MessageEncrypter) ([]byte, error)
- type AesMessage
- type AsymmetricMessage
- func (m AsymmetricMessage) Alg() string
- func (m *AsymmetricMessage) Decrypt(privateKey []byte) ([]byte, error)
- func (m *AsymmetricMessage) Encrypt(pubkey []byte) error
- func (m AsymmetricMessage) EncryptedMessage() []byte
- func (m *AsymmetricMessage) Sign(privateKey []byte) error
- func (m AsymmetricMessage) Signature() []byte
- type EncMessage
- type MessageEncrypter
- type RSAMessage
- type SymmetricMessage
Constants ¶
const ( // asymmetric algorithms AlgRsaSha256 = "RSA-SHA256" AlgRsaSha512 = "RSA-SHA512" // symmetric algorithms AlgAes128 = "AES128" AlgAes256 = "AES256" )
Constant algorithms names
Variables ¶
var ErrAesSecretLength = errors.New("AES secret must be 16 bytes long for AES128 or 32 bytes long for AES256")
ErrAESSecretLength is a default error for invalid secret length
Functions ¶
func PackBase64 ¶
func PackBase64(m MessageEncrypter) ([]byte, error)
PackBase64 packs JSON representation of message using base64url encoding with padding stripped.
Types ¶
type AesMessage ¶
type AesMessage struct {
SymmetricMessage
}
AesMessage represents AES encrypted ET message. It is composition type of base SymmetricMessage struct
func LoadAesMessage ¶
func LoadAesMessage(emsg MessageEncrypter) *AesMessage
LoadAesMessage populates RSAMessage struct with given emsg data
func NewAes128Message ¶
func NewAes128Message(text string) *AesMessage
NewAes128Message returns new or received ET message
func NewAes256Message ¶
func NewAes256Message(text string) *AesMessage
NewAes256Message returns new or received ET message
func (AesMessage) Decrypt ¶
func (m AesMessage) Decrypt(secret []byte) ([]byte, error)
Decrypt decrypts received message using given secret bytes
func (*AesMessage) Encrypt ¶
func (m *AesMessage) Encrypt(secret []byte) error
Encrypt encrypts message to be sent using given secret
type AsymmetricMessage ¶
type AsymmetricMessage struct {
EncMessage
// contains filtered or unexported fields
}
AsymmetricMessage represents asymmetrically encrypted ET message. It implements MessageEncrypter interface
func (AsymmetricMessage) Alg ¶
func (m AsymmetricMessage) Alg() string
Alg returns Message encryption algorithm
func (*AsymmetricMessage) Decrypt ¶
func (m *AsymmetricMessage) Decrypt(privateKey []byte) ([]byte, error)
Decrypt decrypts received message using given private key bytes
func (*AsymmetricMessage) Encrypt ¶
func (m *AsymmetricMessage) Encrypt(pubkey []byte) error
Encrypt encrypts message to be sent using given private key
func (AsymmetricMessage) EncryptedMessage ¶
func (m AsymmetricMessage) EncryptedMessage() []byte
EncryptedMessage returns ecrypted part of ET message
func (*AsymmetricMessage) Sign ¶
func (m *AsymmetricMessage) Sign(privateKey []byte) error
Sign signs message using given private key
func (AsymmetricMessage) Signature ¶
func (m AsymmetricMessage) Signature() []byte
Signature returns signature part of ET message
type EncMessage ¶
type EncMessage struct {
Algorithm string `json:"alg"`
Message []byte `json:"msg"`
Sig []byte `json:"sig,omitempty"`
}
EncMessage is a base struct like json.RawMessage. It already implements MessageEncrypter interface, but you must not use this directly. Use it for struct composition instead.
func (EncMessage) Decrypt ¶
func (m EncMessage) Decrypt(k []byte) ([]byte, error)
Decrypt satisfies MessageEncrypter interface
func (EncMessage) Encrypt ¶
func (m EncMessage) Encrypt(k []byte) error
Encrypt satisfies MessageEncrypter interface
func (EncMessage) EncryptedMessage ¶
func (m EncMessage) EncryptedMessage() []byte
EncryptedMessage satisfies MessageEncrypter interface
func (EncMessage) Sign ¶
func (m EncMessage) Sign(k []byte) error
Sign satisfies MessageEncrypter interface
func (EncMessage) Signature ¶
func (m EncMessage) Signature() []byte
Signature satisfies MessageEncrypter interface
func (EncMessage) Verify ¶
func (m EncMessage) Verify(k []byte) error
Verify satisfies MessageEncrypter interface
type MessageEncrypter ¶
type MessageEncrypter interface {
Alg() string
EncryptedMessage() []byte
Signature() []byte
Decrypt([]byte) ([]byte, error)
Encrypt([]byte) error
Sign([]byte) error
Verify([]byte) error
}
MessageEncrypter represents ET message
func UnpackBase64 ¶
func UnpackBase64(m []byte) (MessageEncrypter, error)
UnpackBase64 unpacks base64url encoded JSON representation of message.
type RSAMessage ¶
type RSAMessage struct {
AsymmetricMessage
}
RSAMessage represents RSA encrypted ET message. It is composition type of base AsymmetricMessage struct
func LoadRsaMessage ¶
func LoadRsaMessage(emsg MessageEncrypter) *RSAMessage
LoadRsaMessage populates RSAMessage struct with given emsg data
func NewRsaSha256Message ¶
func NewRsaSha256Message(text string) *RSAMessage
NewRsaSha256Message returns new unencrypted message
func NewRsaSha512Message ¶
func NewRsaSha512Message(text string) *RSAMessage
NewRsaSha512Message returns new unencrypted message
func (RSAMessage) Verify ¶
func (m RSAMessage) Verify(pubkey []byte) error
Verify checks message signature
type SymmetricMessage ¶
type SymmetricMessage struct {
EncMessage
// contains filtered or unexported fields
}
SymmetricMessage represents symmetrically encrypted ET message. It partially implements MessageEncrypter interface
func (SymmetricMessage) Alg ¶
func (m SymmetricMessage) Alg() string
Alg returns Message encryption algorithm
func (SymmetricMessage) EncryptedMessage ¶
func (m SymmetricMessage) EncryptedMessage() []byte
EncryptedMessage returns ecrypted part of ET message
func (SymmetricMessage) Sign ¶
func (m SymmetricMessage) Sign(k []byte) error
Sign satisfies MessageEncrypter interface
func (SymmetricMessage) Signature ¶
func (m SymmetricMessage) Signature() []byte
Signature satisfies MessageEncrypter interface
func (SymmetricMessage) Verify ¶
func (m SymmetricMessage) Verify(k []byte) error
Verify satisfies MessageEncrypter interface
Source Files