saltpack

package
v1.0.14-1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 25, 2016 License: BSD-3-Clause, BSD-3-Clause Imports: 16 Imported by: 0

Documentation

Overview

Package saltpack is an implementation of the saltpack message format. Saltpack is a light wrapper around Dan Berstein's famous NaCl library. It adds support for longer messages, streaming input and output of data, multiple recipients for encrypted messages, and a reasonable armoring format. We intend Saltpack as a replacement for the PGP messaging format, as it can be used in many of the same circumstances. However, it is designed to be: (1) simpler; (2) easier to implement; (3) judicious (perhaps judgmental) in its crypto usage; (4) fully modern (no CFB mode here); (5) high performance; (6) less bug- prone; (7) generally unwilling to output unauthenticated data; and (8) easier to compose with other software in any manner of languages or platforms.

Key Management

Saltpack makes no attempt to manage keys. We assume the wrapping application has a story for key management.

Modes of Operation

Saltpack supports three modes of operation: encrypted messages, attached signatures, and detached signatures. Encrypted messages use NaCl's authenticated public-key encryption; we add repudiable authentication. An attached signature contains a message and a signature that authenticates it. A detached signature contains just the signature, and assumes an independent delievery mechanism for the file (this might come up when distributing an ISO and separate signature of the file).

Encoding

Saltpack has two encoding modes: binary and armored. In armored mode, saltpack outputs in Base62-encoding, suitable for publication into any manner of Web settings without fear of markup-caused mangling.

API

This saltpack library implementation supports two API patterns: streaming and all-at-once. The former is useful for large files that can't fit into memory; the latter is more convenient. Both produce the same output.

More Info

See https://saltpack.org

Index

Examples

Constants

View Source 
const DetachedSignatureArmorString = "DETACHED SIGNATURE"

DetachedSignatureArmorString is included in armor headers for detached signatures.

View Source 
const EncryptionArmorString = "ENCRYPTED MESSAGE"

EncryptionArmorString is included in armor headers for encrypted messages.

View Source 
const SaltpackFormatName = "saltpack"

SaltpackFormatName is the publicly advertised name of the format, used in the header of the message and also in Nonce creation.

View Source 
const SignedArmorString = "SIGNED MESSAGE"

SignedArmorString is included in armor headers for signed messages

Variables

View Source 
var (
	// ErrNoDecryptionKey is an error indicating no decryption key was found for the
	// incoming message. You'll get one of these if you respond to a Keyring.LookupSecretBoxKey
	// request with a (-1,nil) return value, and no hidden keys are found.
	ErrNoDecryptionKey = errors.New("no decryption key found for message")

	// ErrNoSenderKey indicates that on decryption/verification we couldn't find a public key
	// for the sender.
	ErrNoSenderKey = errors.New("no sender key found for message")

	// ErrTrailingGarbage indicates that additional msgpack packets were found after the
	// end of the encryption stream.
	ErrTrailingGarbage = errors.New("trailing garbage found at end of message")

	// ErrFailedToReadHeaderBytes indicates that we failed to read the
	// doubly-encoded header bytes object from the input stream.
	ErrFailedToReadHeaderBytes = errors.New("failed to read header bytes")

	// ErrPacketOverflow indicates that more than (2^64-2) packets were found in an encryption
	// stream.  This would indicate a very big message, and results in an error here.
	ErrPacketOverflow = errors.New("no more than 2^32 packets in a message are supported")

	// ErrInsufficientRandomness is generated when the encryption fails to collect
	// enough randomness to proceed.  We're using the standard crypto/rand source
	// of randomness, so this should never happen
	ErrInsufficientRandomness = errors.New("could not collect enough randomness")

	// ErrBadEphemeralKey is for when an ephemeral key fails to be properly
	// imported.
	ErrBadEphemeralKey = errors.New("bad ephermal key in header")

	// ErrBadReceivers shows up when you pass a bad receivers vector
	ErrBadReceivers = errors.New("bad receivers argument")

	// ErrBadSenderKeySecretbox is returned if the sender secretbox fails to
	// open.
	ErrBadSenderKeySecretbox = errors.New("sender secretbox failed to open")

	// ErrBadSymmetricKey is returned if a key with the wrong number of bytes
	// is discovered in the encryption header.
	ErrBadSymmetricKey = errors.New("bad symmetric key; must be 32 bytes")

	// ErrBadBoxKey is returned if a key with the wrong number of bytes
	// is discovered in the encryption header.
	ErrBadBoxKey = errors.New("bad box key; must be 32 bytes")

	// ErrBadLookup is when the user-provided key lookup gives a bad value
	ErrBadLookup = errors.New("bad key lookup")

	// ErrBadSignature is returned when verification of a block fails.
	ErrBadSignature = errors.New("invalid signature")

	// ErrDecryptionFailed is returned when a decryption fails
	ErrDecryptionFailed = errors.New("decryption failed")
)
View Source 
var Armor62Params = armorParams{
	BytesPerWord: 15,
	WordsPerLine: 200,
	Punctuation:  byte('.'),
	Encoding:     basex.Base62StdEncoding,
}

Armor62Params are the armoring parameters we recommend for use with a generic armorer. It specifies the spaces between words, the spacing between lines, some simple punctuation, and an encoding alphabet.

View Source 
var ErrOverflow = errors.New("buffer was overflowed before we found punctuation")

ErrOverflow is returned if we were looking for punctuation but our quota was overflowed before we found the needed character.

View Source 
var ErrPunctuated = errors.New("found punctuation in stream")

ErrPunctuated is produced when a punctuation character is found in the stream. It can be returned along with data, unlike usual errors.

View Source 
var SaltpackCurrentVersion = Version{Major: 1, Minor: 0}

SaltpackCurrentVersion is currently the only supported packet version, 1.0.

Functions

func Armor62Open 

func Armor62Open(msg string) (body []byte, header string, footer string, err error)

Armor62Open runs armor stream decoding, but on a string, and it outputs a string.

func Armor62Seal 

func Armor62Seal(plaintext []byte, typ MessageType, brand string) (string, error)

Armor62Seal takes an input plaintext and returns and output armor encoding as a string, or an error if a problem was encountered. Also provide a header and a footer to frame the message. Uses Base62 encoding scheme

func CheckArmor62 

func CheckArmor62(hdr string, ftr string, typ MessageType) (brand string, err error)

CheckArmor62 checks that the frame matches our standard begin/end frame

func CheckArmor62Frame 

func CheckArmor62Frame(frame Frame, typ MessageType) (brand string, err error)

CheckArmor62Frame checks that the frame matches our standard begin/end frame

func EncryptArmor62Seal 

func EncryptArmor62Seal(plaintext []byte, sender BoxSecretKey, receivers []BoxPublicKey, brand string) (string, error)

EncryptArmor62Seal is the non-streaming version of NewEncryptArmor62Stream, which inputs a plaintext (in bytes) and output a ciphertext (as a string).

Example 
package main

import (
	"fmt"
	"github.com/keybase/client/go/saltpack"
	"github.com/keybase/client/go/saltpack/basic"
)

func main() {

	var err error

	// Make a new Keyring, initialized to be empty
	keyring := basic.NewKeyring()

	// The test message
	msg := []byte("The Magic Words are Squeamish Ossifrage")

	// Make a secret key for the sender
	var sender saltpack.BoxSecretKey
	sender, err = keyring.GenerateBoxKey()
	if err != nil {
		return
	}

	// And one for the receiver
	var receiver saltpack.BoxSecretKey
	receiver, err = keyring.GenerateBoxKey()
	if err != nil {
		return
	}

	// AllReceivers can contain more receivers (like the sender)
	// but for now, just the one.
	var ciphertext string
	allReceivers := []saltpack.BoxPublicKey{receiver.GetPublicKey()}
	ciphertext, err = saltpack.EncryptArmor62Seal(msg, sender, allReceivers, "")
	if err != nil {
		return
	}

	// The decrypted message should match the input mesasge.
	var msg2 []byte
	_, msg2, _, err = saltpack.Dearmor62DecryptOpen(ciphertext, keyring)
	if err != nil {
		return
	}

	fmt.Println(string(msg2))

}

Output:

The Magic Words are Squeamish Ossifrage

func MakeArmorFooter 

func MakeArmorFooter(typ MessageType, brand string) string

MakeArmorFooter makes the armor footer for the message type for the given "brand"

func MakeArmorHeader 

func MakeArmorHeader(typ MessageType, brand string) string

MakeArmorHeader makes the armor header for the message type for the given "brand"

func NewArmor62EncoderStream 

func NewArmor62EncoderStream(encoded io.Writer, typ MessageType, brand string) (io.WriteCloser, error)

NewArmor62EncoderStream makes a new Armor 62 encoding stream, using the base62-alphabet and a 32/43 encoding rate strategy. Pass it an `encoded` stream writer to write the encoded stream to. Also pass an optional "brand" . It will return an io.WriteCloser on success, that you can write raw (unencoded) data to. An error will be returned if there is trouble writing the header to encoded.

To make the output look pretty, a space is inserted every 15 characters of output, and a newline is inserted every 200 words.

func NewDearmor62DecryptStream 

func NewDearmor62DecryptStream(ciphertext io.Reader, kr Keyring) (*MessageKeyInfo, io.Reader, Frame, error)

NewDearmor62DecryptStream makes a new stream that dearmors and decrypts the given Reader stream. Pass it a keyring so that it can lookup private and public keys as necessary

func NewDearmor62VerifyStream 

func NewDearmor62VerifyStream(r io.Reader, keyring SigKeyring) (skey SigningPublicKey, vs io.Reader, frame Frame, err error)

NewDearmor62VerifyStream creates a stream that consumes data from reader r. It returns the signer's public key and a reader that only contains verified data. If the signer's key is not in keyring, it will return an error. It expects the data it reads from r to be armor62-encoded.

func NewEncryptArmor62Stream 

func NewEncryptArmor62Stream(ciphertext io.Writer, sender BoxSecretKey, receivers []BoxPublicKey, brand string) (plaintext io.WriteCloser, err error)

NewEncryptArmor62Stream creates a stream that consumes plaintext data. It will write out encrypted data to the io.Writer passed in as ciphertext. The encryption is from the specified sender, and is encrypted for the given receivers.

The "brand" is the optional "brand" string to put into the header and footer.

The ciphertext is additionally armored with the recommended armor62-style format.

Returns an io.WriteCloser that accepts plaintext data to be encrypted; and also returns an error if initialization failed.

Example 
package main

import (
	"bytes"
	"github.com/keybase/client/go/saltpack"
	"github.com/keybase/client/go/saltpack/basic"
	"io"
	"os"
)

func main() {

	var err error

	// Make a new Keyring, initialized to be empty
	keyring := basic.NewKeyring()

	// The test message
	plaintext := "The Magic Words are Squeamish Ossifrage"

	// Make a secret key for the sender
	var sender saltpack.BoxSecretKey
	sender, err = keyring.GenerateBoxKey()
	if err != nil {
		return
	}

	// And one for the receiver
	var receiver saltpack.BoxSecretKey
	receiver, err = keyring.GenerateBoxKey()
	if err != nil {
		return
	}

	// AllReceivers can contain more receivers (like the sender)
	// but for now, just the one.
	var output bytes.Buffer
	allReceivers := []saltpack.BoxPublicKey{receiver.GetPublicKey()}
	var input io.WriteCloser
	input, err = saltpack.NewEncryptArmor62Stream(&output, sender, allReceivers, "")
	if err != nil {
		return
	}
	// Write plaintext into the returned WriteCloser stream
	input.Write([]byte(plaintext))
	// And close when we're done
	input.Close()

	// The decrypted message
	var plaintextOutput io.Reader
	_, plaintextOutput, _, err = saltpack.NewDearmor62DecryptStream(&output, keyring)
	if err != nil {
		return
	}

	// Copy all of the data out of the output decrypted stream, and into standard
	// output, here for testing / comparison purposes.
	io.Copy(os.Stdout, plaintextOutput)
	os.Stdout.Write([]byte{'\n'})

}

Output:

The Magic Words are Squeamish Ossifrage

func NewEncryptStream 

func NewEncryptStream(ciphertext io.Writer, sender BoxSecretKey, receivers []BoxPublicKey) (io.WriteCloser, error)

NewEncryptStream creates a stream that consumes plaintext data. It will write out encrypted data to the io.Writer passed in as ciphertext. The encryption is from the specified sender, and is encrypted for the given receivers.

Returns an io.WriteClose that accepts plaintext data to be encrypted; and also returns an error if initialization failed.

func NewSignArmor62Stream 

func NewSignArmor62Stream(signedtext io.Writer, signer SigningSecretKey, brand string) (stream io.WriteCloser, err error)

NewSignArmor62Stream creates a stream that consumes plaintext data. It will write out signed data to the io.Writer passed in as signedtext. The `brand` is optional, and allows you to specify your "white label" brand to this signature. NewSignArmor62Stream only generates attached signatures.

The signed data is armored with the recommended armor62-style format.

Example 
package main

import (
	"bytes"
	"fmt"
	"github.com/keybase/client/go/saltpack"
	"github.com/keybase/client/go/saltpack/basic"
	"io"
	"os"
)

func main() {

	var err error

	// Make a new Keyring, initialized to be empty
	keyring := basic.NewKeyring()

	// The test message
	msg := []byte("The Magic Words are Squeamish Ossifrage")

	// Make a secret key for the sender
	var signer saltpack.SigningSecretKey
	signer, err = keyring.GenerateSigningKey()
	if err != nil {
		return
	}

	// Make a new signature stream. We write the input data into
	// the input stream, and we read output out of the output stream.
	// In this case, the output stream is just a buffer.
	var input io.WriteCloser
	var output bytes.Buffer
	input, err = saltpack.NewSignArmor62Stream(&output, signer, "")
	if err != nil {
		return
	}

	// Write the message into the input stream, and then close
	input.Write(msg)
	input.Close()

	// The verified message. We pass the signed stream as the first argument
	// as a stream (here a bytes.Buffer which is output from above), and read the
	// verified data out of verified stream.
	var verifiedStream io.Reader
	var signingPublicKey saltpack.SigningPublicKey
	signingPublicKey, verifiedStream, _, err = saltpack.NewDearmor62VerifyStream(&output, keyring)
	if err != nil {
		return
	}

	// Assert we got the right key back.
	if saltpack.PublicKeyEqual(signingPublicKey, signer.GetPublicKey()) {
		fmt.Println("The right key")
	}

	// Copy all of the data out of the verified stream, and into standard
	// output, here for testing / comparison purposes.
	io.Copy(os.Stdout, verifiedStream)
	os.Stdout.Write([]byte{'\n'})

}

Output:

The right key
The Magic Words are Squeamish Ossifrage

func NewSignDetachedArmor62Stream 

func NewSignDetachedArmor62Stream(detachedsig io.Writer, signer SigningSecretKey, brand string) (stream io.WriteCloser, err error)

NewSignDetachedArmor62Stream creates a stream that consumes plaintext data. It will write out the detached signature to the io.Writer passed in as detachedsig. The `brand` is optional, and allows you to specify your "white label" brand to this signature.

The signed data is armored with the recommended armor62-style NewSignDetachedArmor62Stream only generates detached signatures.

The signature is armored with the recommended armor62-style format.

func NewSignDetachedStream 

func NewSignDetachedStream(detachedsig io.Writer, signer SigningSecretKey) (stream io.WriteCloser, err error)

NewSignDetachedStream creates a stream that consumes plaintext data. It will write out a detached signature to the io.Writer passed in as detachedsig.

func NewSignStream 

func NewSignStream(signedtext io.Writer, signer SigningSecretKey) (stream io.WriteCloser, err error)

NewSignStream creates a stream that consumes plaintext data. It will write out signed data to the io.Writer passed in as signedtext. NewSignStream only generates attached signatures.

func PublicKeyEqual 

func PublicKeyEqual(k1, k2 BasePublicKey) bool

PublicKeyEqual returns true if the two public keys are equal.

func Seal 

func Seal(plaintext []byte, sender BoxSecretKey, receivers []BoxPublicKey) (out []byte, err error)

Seal a plaintext from the given sender, for the specified receiver groups. Returns a ciphertext, or an error if something bad happened.

func Sign 

func Sign(plaintext []byte, signer SigningSecretKey) ([]byte, error)

Sign creates an attached signature message of plaintext from signer.

func SignArmor62 

func SignArmor62(plaintext []byte, signer SigningSecretKey, brand string) (string, error)

SignArmor62 creates an attached armored signature message of plaintext from signer.

Example 
package main

import (
	"fmt"
	"github.com/keybase/client/go/saltpack"
	"github.com/keybase/client/go/saltpack/basic"
)

func main() {

	var err error

	// Make a new Keyring, initialized to be empty
	keyring := basic.NewKeyring()

	// The test message
	msg := []byte("The Magic Words are Squeamish Ossifrage")

	// Make a secret key for the sender
	var signer saltpack.SigningSecretKey
	signer, err = keyring.GenerateSigningKey()
	if err != nil {
		return
	}

	var signed string
	signed, err = saltpack.SignArmor62(msg, signer, "")
	if err != nil {
		return
	}

	// The verified message should match the input mesasge.
	var verifiedMsg []byte
	var signingPublicKey saltpack.SigningPublicKey
	signingPublicKey, verifiedMsg, _, err = saltpack.Dearmor62Verify(signed, keyring)
	if err != nil {
		return
	}

	if saltpack.PublicKeyEqual(signingPublicKey, signer.GetPublicKey()) {
		fmt.Println("The right key")
	}

	fmt.Println(string(verifiedMsg))

}

Output:

The right key
The Magic Words are Squeamish Ossifrage

func SignDetached 

func SignDetached(plaintext []byte, signer SigningSecretKey) ([]byte, error)

SignDetached returns a detached signature of plaintext from signer.

func SignDetachedArmor62 

func SignDetachedArmor62(plaintext []byte, signer SigningSecretKey, brand string) (string, error)

SignDetachedArmor62 returns a detached armored signature of plaintext from signer.

Types

type BasePublicKey 

type BasePublicKey interface {
	// ToKID outputs the "key ID" that corresponds to this key.
	// You can do whatever you'd like here, but probably it makes sense just
	// to output the public key as is.
	ToKID() []byte
}

BasePublicKey types can output a key ID corresponding to the key.

type BoxPrecomputedSharedKey 

type BoxPrecomputedSharedKey interface {
	Unbox(nonce *Nonce, msg []byte) ([]byte, error)
	Box(nonce *Nonce, msg []byte) []byte
}

BoxPrecomputedSharedKey results from a Precomputation below.

type BoxPublicKey 

type BoxPublicKey interface {
	BasePublicKey

	// ToRawBoxKeyPointer returns this public key as a *[32]byte,
	// for use with nacl.box.Seal
	ToRawBoxKeyPointer() *RawBoxKey

	// CreateEmphemeralKey creates an ephemeral key of the same type,
	// but totally random.
	CreateEphemeralKey() (BoxSecretKey, error)

	// HideIdentity returns true if we should hide the identity of this
	// key in our output message format.
	HideIdentity() bool
}

BoxPublicKey is an generic interface to NaCl's public key Box function.

type BoxSecretKey 

type BoxSecretKey interface {

	// Box boxes up data, sent from this secret key, and to the receiver
	// specified.
	Box(receiver BoxPublicKey, nonce *Nonce, msg []byte) []byte

	// Unobx opens up the box, using this secret key as the receiver key
	// abd the give public key as the sender key.
	Unbox(sender BoxPublicKey, nonce *Nonce, msg []byte) ([]byte, error)

	// GetPublicKey gets the public key associated with this secret key.
	GetPublicKey() BoxPublicKey

	// Precompute computes a DH with the given key
	Precompute(sender BoxPublicKey) BoxPrecomputedSharedKey
}

BoxSecretKey is the secret key corresponding to a BoxPublicKey

type EncryptionHeader 

type EncryptionHeader struct {
	FormatName      string         `codec:"format_name"`
	Version         Version        `codec:"vers"`
	Type            MessageType    `codec:"type"`
	Ephemeral       []byte         `codec:"ephemeral"`
	SenderSecretbox []byte         `codec:"sendersecretbox"`
	Receivers       []receiverKeys `codec:"rcvrs"`
	// contains filtered or unexported fields
}

EncryptionHeader is the first packet in an encrypted message. It contains the encryptions of the session keys, and various message metadata.

type ErrBadCiphertext 

type ErrBadCiphertext packetSeqno

ErrBadCiphertext is generated when decryption fails due to improper authentication. It specifies which Packet sequence number the bad packet was in.

func (ErrBadCiphertext) Error 

func (e ErrBadCiphertext) Error() string

type ErrBadFrame 

type ErrBadFrame struct {
	// contains filtered or unexported fields
}

ErrBadFrame shows up when the BEGIN or END frames have issues

func (ErrBadFrame) Error 

func (e ErrBadFrame) Error() string

type ErrBadTag 

type ErrBadTag packetSeqno

ErrBadTag is generated when a payload hash doesn't match the hash authenticator. It specifies which Packet sequence number the bad packet was in.

func (ErrBadTag) Error 

func (e ErrBadTag) Error() string

type ErrBadVersion 

type ErrBadVersion struct {
	// contains filtered or unexported fields
}

ErrBadVersion is returned if a packet of an unsupported version is found. Current, only Version1 is supported.

func (ErrBadVersion) Error 

func (e ErrBadVersion) Error() string

type ErrInvalidParameter 

type ErrInvalidParameter struct {
	// contains filtered or unexported fields
}

ErrInvalidParameter signifies that a function was called with an invalid parameter.

func (ErrInvalidParameter) Error 

func (e ErrInvalidParameter) Error() string

type ErrRepeatedKey 

type ErrRepeatedKey []byte

ErrRepeatedKey is produced during encryption if a key is repeated; keys must be unique.

func (ErrRepeatedKey) Error 

func (e ErrRepeatedKey) Error() string

type ErrWrongMessageType 

type ErrWrongMessageType struct {
	// contains filtered or unexported fields
}

ErrWrongMessageType is produced if one packet tag was expected, but a packet of another tag was found.

func (ErrWrongMessageType) Error 

func (e ErrWrongMessageType) Error() string

type Frame 

type Frame interface {
	// GetHeader() returns the frame associated with this stream, or an error
	GetHeader() (string, error)
	// GetFooter() returns the frame associated with this stream, or an error
	GetFooter() (string, error)
}

Frame is a way to read the frame out of a Decoder stream.

func NewArmor62DecoderStream 

func NewArmor62DecoderStream(r io.Reader) (io.Reader, Frame, error)

NewArmor62DecoderStream is used to decode input base62-armoring format. It returns a stream you can read from, and also a Frame you can query to see what the open/close frame markers were.

type Keyring 

type Keyring interface {
	// LookupBoxSecretKey looks in the Keyring for the secret key corresponding
	// to one of the given Key IDs.  Returns the index and the key on success,
	// or -1 and nil on failure.
	LookupBoxSecretKey(kids [][]byte) (int, BoxSecretKey)

	// LookupBoxPublicKey returns a public key given the specified key ID.
	// For most cases, the key ID will be the key itself.
	LookupBoxPublicKey(kid []byte) BoxPublicKey

	// GetAllSecretKeys returns all keys, needed if we want to support
	// "hidden" receivers via trial and error
	GetAllBoxSecretKeys() []BoxSecretKey

	// ImportEphemeralKey imports the ephemeral key into
	// BoxPublicKey format. This key has never been seen before, so
	// will be ephemeral.
	ImportBoxEphemeralKey(kid []byte) BoxPublicKey
}

Keyring is an interface used with decryption; it is called to recover public or private keys during the decryption process. Calls can block on network action.

type MessageKeyInfo 

type MessageKeyInfo struct {
	// These fields are cryptographically verified
	SenderKey      BoxPublicKey
	SenderIsAnon   bool
	ReceiverKey    BoxSecretKey
	ReceiverIsAnon bool

	// These fields are not cryptographically verified, and are just repeated from what
	// we saw in the incoming message.
	NamedReceivers   [][]byte
	NumAnonReceivers int
}

MessageKeyInfo conveys all of the data about the keys used in this encrypted message.

func Dearmor62DecryptOpen 

func Dearmor62DecryptOpen(ciphertext string, kr Keyring) (*MessageKeyInfo, []byte, string, error)

Dearmor62DecryptOpen takes an armor62'ed, encrypted ciphertext and attempts to dearmor and decrypt it, using the provided keyring. Checks that the frames in the armor are as expected. Returns the MessageKeyInfo recovered during message processing, the plaintext (if decryption succeeded), the armor branding, and maybe an error if there was a failure.

func NewDecryptStream 

func NewDecryptStream(r io.Reader, keyring Keyring) (mki *MessageKeyInfo, plaintext io.Reader, err error)

NewDecryptStream starts a streaming decryption. It synchronously ingests and parses the given Reader's encryption header. It consults the passed keyring for the decryption keys needed to decrypt the message. On failure, it returns a null Reader and an error message. On success, it returns a Reader with the plaintext stream, and a nil error. In either case, it will return a `MessageKeyInfo` which tells about who the sender was, and which of the Receiver's keys was used to decrypt the message.

Note that the caller has an opportunity not to ingest the plaintext if he doesn't trust the sender revealed in the MessageKeyInfo.

func Open 

func Open(ciphertext []byte, keyring Keyring) (i *MessageKeyInfo, plaintext []byte, err error)

Open simply opens a ciphertext given the set of keys in the specified keyring. It returns a plaintext on sucess, and an error on failure. It returns the header's MessageKeyInfo in either case.

type MessageType 

type MessageType int

MessageType is an int used to describe what "type" of message it is. 

const MessageTypeAttachedSignature MessageType = 1

MessageTypeAttachedSignature is a packet type to describe an attached signature. 

const MessageTypeDetachedSignature MessageType = 2

MessageTypeDetachedSignature is a packet type to describe a detached signature. 

const MessageTypeEncryption MessageType = 0

MessageTypeEncryption is a packet type to describe an encryption message.

func (MessageType) String 

func (m MessageType) String() string

type Nonce 

type Nonce [nonceBytes]byte

Nonce is a NaCl-style nonce, with 24 bytes of data, some of which can be counter values, and some of which can be random-ish values.

type RawBoxKey 

type RawBoxKey [32]byte

RawBoxKey is the raw byte-representation of what a box key should look like, a static 32-byte buffer. Used for NaCl Box.

type SigKeyring 

type SigKeyring interface {
	// LookupSigningPublicKey returns a public signing key for the specified key ID.
	LookupSigningPublicKey(kid []byte) SigningPublicKey
}

SigKeyring is an interface used during verification to find the public key for the signer of a message.

type SignatureHeader 

type SignatureHeader struct {
	FormatName   string      `codec:"format_name"`
	Version      Version     `codec:"vers"`
	Type         MessageType `codec:"type"`
	SenderPublic []byte      `codec:"sender_public"`
	Nonce        []byte      `codec:"nonce"`
	// contains filtered or unexported fields
}

SignatureHeader is the first packet in a signed message.

type SigningPublicKey 

type SigningPublicKey interface {
	BasePublicKey

	// Verify verifies that signature is a valid signature of message for
	// this public key.
	Verify(message []byte, signature []byte) error
}

SigningPublicKey is a public NaCl key that can verify signatures.

func Dearmor62Verify 

func Dearmor62Verify(signedMsg string, keyring SigKeyring) (skey SigningPublicKey, verifiedMsg []byte, brand string, err error)

Dearmor62Verify checks the signature in signedMsg. It returns the signer's public key and a verified message. It expects signedMsg to be armor62-encoded.

func Dearmor62VerifyDetached 

func Dearmor62VerifyDetached(message []byte, signature string, keyring SigKeyring) (skey SigningPublicKey, brand string, err error)

Dearmor62VerifyDetached verifies that signature is a valid armor62-encoded signature for message, and that the public key for the signer is in keyring. It returns the signer's public key.

func Dearmor62VerifyDetachedReader 

func Dearmor62VerifyDetachedReader(r io.Reader, signature string, keyring SigKeyring) (skey SigningPublicKey, brand string, err error)

Dearmor62VerifyDetachedReader verifies that signature is a valid armor62-encoded signature for entire message read from Reader, and that the public key for the signer is in keyring. It returns the signer's public key.

func NewVerifyStream 

func NewVerifyStream(r io.Reader, keyring SigKeyring) (skey SigningPublicKey, vs io.Reader, err error)

NewVerifyStream creates a stream that consumes data from reader r. It returns the signer's public key and a reader that only contains verified data. If the signer's key is not in keyring, it will return an error.

func Verify 

func Verify(signedMsg []byte, keyring SigKeyring) (skey SigningPublicKey, verifiedMsg []byte, err error)

Verify checks the signature in signedMsg. It returns the signer's public key and a verified message.

func VerifyDetached 

func VerifyDetached(message, signature []byte, keyring SigKeyring) (skey SigningPublicKey, err error)

VerifyDetached verifies that signature is a valid signature for message, and that the public key for the signer is in keyring. It returns the signer's public key.

func VerifyDetachedReader 

func VerifyDetachedReader(message io.Reader, signature []byte, keyring SigKeyring) (skey SigningPublicKey, err error)

VerifyDetachedReader verifies that signature is a valid signature for entire message read from message Reader, and that the public key for the signer is in keyring. It returns the signer's public key.

type SigningSecretKey 

type SigningSecretKey interface {
	// Sign signs message with this secret key.
	Sign(message []byte) ([]byte, error)

	// GetPublicKey gets the public key associated with this secret key.
	GetPublicKey() SigningPublicKey
}

SigningSecretKey is a secret NaCl key that can sign messages.

type SymmetricKey 

type SymmetricKey [32]byte

SymmetricKey is a template for a symmetric key, a 32-byte static buffer. Used for NaCl SecretBox.

type Version 

type Version struct {
	Major int `codec:"major"`
	Minor int `codec:"minor"`
	// contains filtered or unexported fields
}

Version is a major.minor pair that shows the version of the whole file

Source Files

View all Source files

Directories

Path Synopsis
Package basic is a basic implementation of a saltpack key/keyring configuration.
 Package basic is a basic implementation of a saltpack key/keyring configuration.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.