Documentation ¶
Overview ¶
Package warded provides methods for interacting with groups of encrypted passphrases, referred to as wards.
A ward is restricted to a single master key for all subdirectories.
Index ¶
- Constants
- type Cipher
- type CipherConfig
- type Config
- type Group
- type Key
- type KeyDerivation
- type KeyDerivationConfig
- type KeyDerivationFunc
- type Passphrase
- type Scrypt
- type SearchResult
- type Statistics
- type Ward
- func (w Ward) Edit(passName string, content []byte) (err error)
- func (w Ward) Get(passName string) ([]byte, error)
- func (w Ward) GetOrCheck(passName string) ([]byte, error)
- func (w Ward) List(pathPattern string) ([]string, error)
- func (w Ward) Map(pathPattern string) (map[string]*Passphrase, error)
- func (w Ward) Path(passName string) string
- func (w Ward) Rekey(newMasterKey []byte, tempDir string) error
- func (w Ward) Search(path string, regex *regexp.Regexp) ([]SearchResult, error)
- func (w *Ward) SetKey(key []byte)
- func (w Ward) Stats(path string) (*Statistics, error)
- func (w Ward) Update(passName string, passStr []byte) ([]byte, error)
- type WardConfig
Constants ¶
const ( // TypeChacha20poly1305 is the type representing the chacha20poly1305 cipher TypeChacha20poly1305 cipherType = iota // TypeXsalsa20poly1305 is the type representing the xsalsa20poly1305 cipher TypeXsalsa20poly1305 )
const ( // TypeScrypt is the type representing the scrypt key derivation function TypeScrypt keyDerivationType = iota )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Cipher ¶
type Cipher interface { Seal(plaintext []byte, keyFn KeyDerivationFunc) error Open(keyFn KeyDerivationFunc) ([]byte, error) }
Cipher is an interface for wrapping supported ciphers
type CipherConfig ¶
type CipherConfig struct { Type cipherType `json:"type"` Data Cipher `json:"data"` }
CipherConfig is the configuration for a Cipher
func (*CipherConfig) UnmarshalJSON ¶
func (c *CipherConfig) UnmarshalJSON(b []byte) error
UnmarshalJSON unmarshals JSON into a CipherConfig. This uses the Type to determine which cipher to marshal the data into.
type Config ¶
type Config struct { Ward WardConfig `json:"ward"` Wards map[string]WardConfig `json:"wards"` }
Config contains the general and ward-specific configurations. Ward is the general configuration and defaults to the default ward configuration. Wards is a map from ward name to configuration and defaults to the general ward configuration.
func (Config) GetWardConfig ¶
func (c Config) GetWardConfig(name string) WardConfig
GetWardConfig returns the ward-specific configuration, if one exists. Otherwise, the general config is returned.
func (*Config) UnmarshalJSON ¶
UnmarshalJSON unmarshals the warded configuration.
type Key ¶
type Key []byte
Key is a byte array that can be locked and unlocked to ensure that it isn't moved out of memory.
type KeyDerivation ¶
type KeyDerivation interface {
// contains filtered or unexported methods
}
KeyDerivation is an interface wrapper around key derivation functions.
type KeyDerivationConfig ¶
type KeyDerivationConfig struct { Type keyDerivationType `json:"type"` Data KeyDerivation `json:"data"` }
KeyDerivationConfig is the configuration for a KeyDerivation
func (*KeyDerivationConfig) UnmarshalJSON ¶
func (c *KeyDerivationConfig) UnmarshalJSON(b []byte) error
UnmarshalJSON unmarshals JSON into a CipherConfig. This uses the Type to determine which key derivation function to marshal the data into.
type KeyDerivationFunc ¶
KeyDerivationFunc is a function type that will return a key of the given length. This should only be called once.
type Passphrase ¶
type Passphrase struct { Cipher CipherConfig `json:"cipher"` KeyDerivation KeyDerivationConfig `json:"keyDerivation"` Filename string `json:"-"` }
Passphrase is the encrypted passphrase
func ReadPassphrase ¶
func ReadPassphrase(fileName string) (*Passphrase, error)
ReadPassphrase reads the given file and returns a Passphrase assuming it contains the necessary data
type Scrypt ¶
type Scrypt struct { Iterations int `json:"N"` BlockSize int `json:"r"` Parallel int `json:"p"` Salt []byte `json:"salt"` }
Scrypt holds the CPU/memory cost parameters used in the scrypt key derivation function
type SearchResult ¶
SearchResult contains information about a matched search
type Statistics ¶
type Statistics struct { Groups []Group `json:"groups"` Count int `json:"count"` SumLength int `json:"sum"` MaxLength int `json:"max"` }
Statistics holds statistics about the entire ward
type Ward ¶
type Ward struct { Config WardConfig Dir string // contains filtered or unexported fields }
Ward holds data needed to work with a ward.
func (Ward) GetOrCheck ¶
GetOrCheck returns the decrypted passphrase content. If Get throws an error, the Ward's key is checked against a random passphrase in the Ward.
func (Ward) Map ¶
func (w Ward) Map(pathPattern string) (map[string]*Passphrase, error)
Map returns a map of passphrase names to the warded passphrase.
func (Ward) Path ¶
Path returns the path to a passphrase. Generated by joining the ward directory with the cleaned passphrase name
func (Ward) Rekey ¶
Rekey changes the master key for the entire ward. Any errors will cancel the operation, leaving the ward with the existing key.
func (Ward) Search ¶
Search searches through a ward, printing lines that match the given regular expression.
type WardConfig ¶
type WardConfig struct { KeyDerivation KeyDerivationConfig `json:"keyDerivation"` Cipher string `json:"cipher"` }
WardConfig contains the configuration for the ward
func DefaultWardConfig ¶
func DefaultWardConfig() WardConfig
DefaultWardConfig returns the default WardConfig. This contains recommended values.