warded

package module

v0.0.0-...-2afb36f Latest Latest Go to latest Published: Apr 13, 2019 License: MIT Imports: 20 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/hexid/warded

Links

Open Source Insights

README ¶

warded

A minimal passphrase manager using Chacha20-Poly1305

This project is still in active development and is likely to change drastically in the time leading up to a 1.0 release

Usage

warded [command] [options]

Options

--ward {wardName}
- Select a ward to operate on
- Defaults to default if not supplied

Commands

edit <passName>
- Edit/create a passphrase using $EDITOR
generate <passLength> [<passName>]
- Generates a new passphrase
- If passName already exists, only the first line will be replaced
- If passName isn't provided, then a passphrase will be generated and printed to stdout
ls, list
- List passphrases in a ward
rekey
- Replaces the existing master key and a new master key
- This operation will create a new temporary ward to ensure that the existing ward is not left in an inconsistent state in the case of failure/interruption
show <passName>
- Prints the given passphrase

Documentation ¶

Overview ¶

Package warded provides methods for interacting with groups of encrypted passphrases, referred to as wards.

A ward is restricted to a single master key for all subdirectories.

Index ¶

Constants
type Cipher
type CipherConfig
- func (c *CipherConfig) UnmarshalJSON(b []byte) error
type Config
- func (c Config) GetWardConfig(name string) WardConfig
- func (c *Config) UnmarshalJSON(data []byte) error
type Group
type Key
- func (k Key) Lock() error
- func (k Key) Unlock() error
type KeyDerivation
type KeyDerivationConfig
- func (c *KeyDerivationConfig) UnmarshalJSON(b []byte) error
type KeyDerivationFunc
type Passphrase
- func ReadPassphrase(fileName string) (*Passphrase, error)
- func (pass Passphrase) Decrypt(masterKey []byte) ([]byte, error)
- func (pass Passphrase) Write(perms os.FileMode) error
type Scrypt
type SearchResult
type Statistics
type Ward
- func NewWard() Ward
- func (w Ward) Edit(passName string, content []byte) (err error)
- func (w Ward) Get(passName string) ([]byte, error)
- func (w Ward) GetOrCheck(passName string) ([]byte, error)
- func (w Ward) List(pathPattern string) ([]string, error)
- func (w Ward) Map(pathPattern string) (map[string]*Passphrase, error)
- func (w Ward) Path(passName string) string
- func (w Ward) Rekey(newMasterKey []byte, tempDir string) error
- func (w Ward) Search(path string, regex *regexp.Regexp) ([]SearchResult, error)
- func (w *Ward) SetKey(key []byte)
- func (w Ward) Stats(path string) (*Statistics, error)
- func (w Ward) Update(passName string, passStr []byte) ([]byte, error)
type WardConfig
- func DefaultWardConfig() WardConfig

Constants ¶

View Source

const (
	// TypeChacha20poly1305 is the type representing the chacha20poly1305 cipher
	TypeChacha20poly1305 cipherType = iota
	// TypeXsalsa20poly1305 is the type representing the xsalsa20poly1305 cipher
	TypeXsalsa20poly1305
)

View Source

const (
	// TypeScrypt is the type representing the scrypt key derivation function
	TypeScrypt keyDerivationType = iota
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Cipher ¶

type Cipher interface {
	Seal(plaintext []byte, keyFn KeyDerivationFunc) error
	Open(keyFn KeyDerivationFunc) ([]byte, error)
}

Cipher is an interface for wrapping supported ciphers

type CipherConfig ¶

type CipherConfig struct {
	Type cipherType `json:"type"`
	Data Cipher     `json:"data"`
}

CipherConfig is the configuration for a Cipher

func (*CipherConfig) UnmarshalJSON ¶

func (c *CipherConfig) UnmarshalJSON(b []byte) error

UnmarshalJSON unmarshals JSON into a CipherConfig. This uses the Type to determine which cipher to marshal the data into.

type Config ¶

type Config struct {
	Ward  WardConfig            `json:"ward"`
	Wards map[string]WardConfig `json:"wards"`
}

Config contains the general and ward-specific configurations. Ward is the general configuration and defaults to the default ward configuration. Wards is a map from ward name to configuration and defaults to the general ward configuration.

func (Config) GetWardConfig ¶

func (c Config) GetWardConfig(name string) WardConfig

GetWardConfig returns the ward-specific configuration, if one exists. Otherwise, the general config is returned.

func (*Config) UnmarshalJSON ¶

func (c *Config) UnmarshalJSON(data []byte) error

UnmarshalJSON unmarshals the warded configuration.

type Group ¶

type Group struct {
	Length      int      `json:"len"`
	Passphrases []string `json:"pass"`
}

A Group holds the names and some statistics about a group of common passphrases

type Key ¶

type Key []byte

Key is a byte array that can be locked and unlocked to ensure that it isn't moved out of memory.

func (Key) Lock ¶

func (k Key) Lock() error

Lock will keep the key in memory.

func (Key) Unlock ¶

func (k Key) Unlock() error

Unlock will clear the key and allow it to move out of memory.

type KeyDerivation ¶

type KeyDerivation interface {
	// contains filtered or unexported methods
}

KeyDerivation is an interface wrapper around key derivation functions.

type KeyDerivationConfig ¶

type KeyDerivationConfig struct {
	Type keyDerivationType `json:"type"`
	Data KeyDerivation     `json:"data"`
}

KeyDerivationConfig is the configuration for a KeyDerivation

func (*KeyDerivationConfig) UnmarshalJSON ¶

func (c *KeyDerivationConfig) UnmarshalJSON(b []byte) error

UnmarshalJSON unmarshals JSON into a CipherConfig. This uses the Type to determine which key derivation function to marshal the data into.

type KeyDerivationFunc ¶

type KeyDerivationFunc func(keyLen int) ([]byte, error)

KeyDerivationFunc is a function type that will return a key of the given length. This should only be called once.

type Passphrase ¶

type Passphrase struct {
	Cipher        CipherConfig        `json:"cipher"`
	KeyDerivation KeyDerivationConfig `json:"keyDerivation"`
	Filename      string              `json:"-"`
}

Passphrase is the encrypted passphrase

func ReadPassphrase ¶

func ReadPassphrase(fileName string) (*Passphrase, error)

ReadPassphrase reads the given file and returns a Passphrase assuming it contains the necessary data

func (Passphrase) Decrypt ¶

func (pass Passphrase) Decrypt(masterKey []byte) ([]byte, error)

Decrypt returns the plaintext passphrase, assuming that the correct master key has been provided.

func (Passphrase) Write ¶

func (pass Passphrase) Write(perms os.FileMode) error

Write writes the Passphrase to a given file with the provided permissions

type Scrypt ¶

type Scrypt struct {
	Iterations int    `json:"N"`
	BlockSize  int    `json:"r"`
	Parallel   int    `json:"p"`
	Salt       []byte `json:"salt"`
}

Scrypt holds the CPU/memory cost parameters used in the scrypt key derivation function

type SearchResult ¶

type SearchResult struct {
	Passphrase string
	Line       []byte
	LineNum    int
	IndexStart int
	IndexEnd   int
}

SearchResult contains information about a matched search

type Statistics ¶

type Statistics struct {
	Groups    []Group `json:"groups"`
	Count     int     `json:"count"`
	SumLength int     `json:"sum"`
	MaxLength int     `json:"max"`
}

Statistics holds statistics about the entire ward

type Ward ¶

type Ward struct {
	Config WardConfig
	Dir    string
	// contains filtered or unexported fields
}

Ward holds data needed to work with a ward.

func NewWard ¶

func NewWard() Ward

NewWard creates a Ward.

func (Ward) Edit ¶

func (w Ward) Edit(passName string, content []byte) (err error)

Edit sets the entire content of the warded passphrase.

func (Ward) Get ¶

func (w Ward) Get(passName string) ([]byte, error)

Get returns the decrypted passphrase content.

func (Ward) GetOrCheck ¶

func (w Ward) GetOrCheck(passName string) ([]byte, error)

GetOrCheck returns the decrypted passphrase content. If Get throws an error, the Ward's key is checked against a random passphrase in the Ward.

func (Ward) List ¶

func (w Ward) List(pathPattern string) ([]string, error)

List returns a list of passphrase names in the ward

func (Ward) Map ¶

func (w Ward) Map(pathPattern string) (map[string]*Passphrase, error)

Map returns a map of passphrase names to the warded passphrase.

func (Ward) Path ¶

func (w Ward) Path(passName string) string

Path returns the path to a passphrase. Generated by joining the ward directory with the cleaned passphrase name

func (Ward) Rekey ¶

func (w Ward) Rekey(newMasterKey []byte, tempDir string) error

Rekey changes the master key for the entire ward. Any errors will cancel the operation, leaving the ward with the existing key.

func (Ward) Search ¶

func (w Ward) Search(path string, regex *regexp.Regexp) ([]SearchResult, error)

Search searches through a ward, printing lines that match the given regular expression.

func (*Ward) SetKey ¶

func (w *Ward) SetKey(key []byte)

func (Ward) Stats ¶

func (w Ward) Stats(path string) (*Statistics, error)

Stats returns statistics for the current ward.

func (Ward) Update ¶

func (w Ward) Update(passName string, passStr []byte) ([]byte, error)

Update replaces the first line of a passphrase with the given string.

type WardConfig ¶

type WardConfig struct {
	KeyDerivation KeyDerivationConfig `json:"keyDerivation"`
	Cipher        string              `json:"cipher"`
}

WardConfig contains the configuration for the ward

func DefaultWardConfig ¶

func DefaultWardConfig() WardConfig

DefaultWardConfig returns the default WardConfig. This contains recommended values.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
cmd
warded

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL