Documentation ¶
Index ¶
- Constants
- Variables
- func EncryptNACLStore(data, salt []byte, ecpk [64]byte) ([]byte, [64]byte, [24]byte, error)
- func ExchangeAESKeyRSADecrypt(oaep bool, encrypted, label []byte, hasher *hash.Hash, pk *rsa.PrivateKey) error
- func ExchangeAESKeyRSAEncrypt(oaep bool, label []byte, hasher *hash.Hash, pub *rsa.PublicKey) ([]byte, error)
- func GenEdDSAKeyPair() ([32]byte, [64]byte, error)
- func GenSalt() ([]byte, error)
- func LoadPkECDSA(path string) (*ecdsa.PrivateKey, error)
- func LoadPkRSA(path string) (*rsa.PrivateKey, error)
- func LoadPubECDSA(path string) (*ecdsa.PublicKey, error)
- func LoadPubRSA(path string) (*rsa.PublicKey, error)
- func PGPStyleCreateKeypairs(bit int) ([]byte, []byte, []byte, []byte, error)
- func PGPStyleDecrypt(encrypted, h, nonce, additionalData, ekey []byte, pk *rsa.PrivateKey) ([]byte, error)
- func PGPStyleEncrypt(data []byte, pub *rsa.PublicKey) ([]byte, []byte, []byte, []byte, []byte, error)
- func PGPStyleLoadPrivateKey(pemPk []byte) (*rsa.PrivateKey, error)
- func PGPStyleLoadPublicKey(pemPub []byte) (*rsa.PublicKey, error)
- func SetData(data []byte)
- func SetKey(key, salt []byte) error
- func ValidateNACL(password, salt, encrypted []byte, sign [64]byte, nonce [24]byte, pub [32]byte, ...) error
- type ENC
- func (b *ENC) DecryptECDSA(encrypted, rb, sb, nonce []byte, pub *ecdsa.PublicKey) ([]byte, error)
- func (b *ENC) DecryptRSA(encrypted, s, nonce []byte, pub *rsa.PublicKey) ([]byte, error)
- func (b *ENC) EncryptECDSASend(data []byte, pk *ecdsa.PrivateKey) ([]byte, []byte, []byte, []byte, error)
- func (b *ENC) EncryptECDSAStore(data, salt []byte, pk *ecdsa.PrivateKey) ([]byte, []byte, []byte, []byte, error)
- func (b *ENC) EncryptRSASend(data []byte, pk *rsa.PrivateKey) ([]byte, []byte, []byte, error)
- func (b *ENC) EncryptRSAStore(data, salt []byte, pk *rsa.PrivateKey) ([]byte, []byte, []byte, error)
- func (b *ENC) ValidateECDSA(password, salt, encrypted, rb, sb, nonce []byte, pub *ecdsa.PublicKey) error
- func (b *ENC) ValidateRSA(password, salt, encrypted, s, nonce []byte, pub *rsa.PublicKey) error
- type NACL
- func (n *NACL) Decrypt(encrypted, h, salt []byte, nonce *[24]byte, ppub *[32]byte) ([]byte, bool)
- func (n *NACL) DecryptSK(encrypted, h, salt []byte, nonce *[24]byte) ([]byte, bool)
- func (n *NACL) Encrypt(msg, salt []byte, ppub *[32]byte) ([]byte, []byte, [24]byte, error)
- func (n *NACL) EncryptSK(msg, salt []byte) ([]byte, []byte, [24]byte, error)
- func (n *NACL) GenSharedKey(ppub *[32]byte)
Constants ¶
const (
VERSION = "0.0.3"
)
Variables ¶
var DATA []byte = []byte("additional data")
Additional data for AEAD
var KEY []byte = []byte("change me from this 2 other byte")
AES key, length must be 32 bytes to use AES256
Functions ¶
func EncryptNACLStore ¶
Encrypt data to be stored using NaCL-EdDSA, be sure to do SetKey() beforehand. Please don't forget to store the salt. Returns encrypted data, signature, and nonce.
func ExchangeAESKeyRSADecrypt ¶
func ExchangeAESKeyRSADecrypt(oaep bool, encrypted, label []byte, hasher *hash.Hash, pk *rsa.PrivateKey) error
Decrypt AES key from server to be used using RSA, pk is client's (or us if we are the client) private key. ( You should only do this once to exchange AES key. This automatically set KEY variable, after that you can use New()
func ExchangeAESKeyRSAEncrypt ¶
func ExchangeAESKeyRSAEncrypt(oaep bool, label []byte, hasher *hash.Hash, pub *rsa.PublicKey) ([]byte, error)
These two functions are created to support PGP style encryption Encrypt AES key to be sent to client using RSA. pub is client's (or us if we are the client) public key. You preferably should use SetKey() first before using this, because this function get the key to be encrypted from package's KEY variable For JS, see https://github.com/travist/jsencrypt (The lib is using PKCS1) Returns encrypted key
func GenEdDSAKeyPair ¶
Returns 32 byte pub and 64 byte pk for EdDSA (Ed25519)
func GenSalt ¶
Salt must be the same when you encrypt and verify. Forgot to save salt means your data would be lost forever.
func LoadPkECDSA ¶
func LoadPkECDSA(path string) (*ecdsa.PrivateKey, error)
Load ECDSA private key, pk's EC must be prime256v1
func LoadPkRSA ¶
func LoadPkRSA(path string) (*rsa.PrivateKey, error)
Load RSA private key, pk must be PKCS1 and at least 2048 bits
func PGPStyleCreateKeypairs ¶
These PGPStyle* functions purposefully created for secure messaging from Go server to JS clients PGP style But you should not ever consider using it, at least for now create a pair of bit RSA keypair in PEM format Returns client pk, server pk, client pub, and server pub
func PGPStyleDecrypt ¶
func PGPStyleDecrypt(encrypted, h, nonce, additionalData, ekey []byte, pk *rsa.PrivateKey) ([]byte, error)
Returns decrypted message
func PGPStyleEncrypt ¶
func PGPStyleEncrypt(data []byte, pub *rsa.PublicKey) ([]byte, []byte, []byte, []byte, []byte, error)
Returns encrypted message, hash, nonce, additionalData, and encrypted key
func PGPStyleLoadPrivateKey ¶
func PGPStyleLoadPrivateKey(pemPk []byte) (*rsa.PrivateKey, error)
Load key in PEM format and return as *rsa.PrivateKey
func PGPStyleLoadPublicKey ¶
Load key in PEM format and return as *rsa.PublicKey
Types ¶
type ENC ¶
func (*ENC) DecryptECDSA ¶
Decrypt the encrypted data Returns the decrypted data
func (*ENC) DecryptRSA ¶
Decrypt the encrypted data Returns the decrypted data
func (*ENC) EncryptECDSASend ¶
func (b *ENC) EncryptECDSASend(data []byte, pk *ecdsa.PrivateKey) ([]byte, []byte, []byte, []byte, error)
Encrypt data to be send using ECDSA-AES256GCM-AEAD For JS, see http://bitwiseshiftleft.github.io/sjcl/doc/symbols/sjcl.mode.gcm.html and https://github.com/cryptocoinjs/ecdsa just remember to use prime256v1 (secp256r1) Returns encrypted data, r, s, and nonce
func (*ENC) EncryptECDSAStore ¶
func (b *ENC) EncryptECDSAStore(data, salt []byte, pk *ecdsa.PrivateKey) ([]byte, []byte, []byte, []byte, error)
Encrypt data using scrypt -> ECDSA-AES256GCM-AEAD to be stored returns encrypted, r, s, and nonce. Preferably store them each in different databases (or machines) if you can
func (*ENC) EncryptRSASend ¶
Encrypt data to be send using RSA-AES256GCM-AEAD For JS, see http://bitwiseshiftleft.github.io/sjcl/doc/symbols/sjcl.mode.gcm.html and https://github.com/travist/jsencrypt Returns encrypted data, sign, and nonce
func (*ENC) EncryptRSAStore ¶
func (b *ENC) EncryptRSAStore(data, salt []byte, pk *rsa.PrivateKey) ([]byte, []byte, []byte, error)
Encrypt data using scrypt -> RSA-AES256GCM-AEAD to be stored returns encrypted, sign, and nonce. Preferably store them each in different databases (or machines) if you can
type NACL ¶
func (*NACL) EncryptSK ¶
Encrypt the message using shared key, returns encrypted data, hash, and nonce
func (*NACL) GenSharedKey ¶
Generate SK from other party's public key