Documentation ¶
Overview ¶
Package protectedblob can create passphrase-protected wrappers for binary blobs (any non-empty arbitary byte arrays).
The wrapper, called an envelop, uses a randomly-generated key to encrypt the given byte array. The key is then encrypted with another key that's derived from user-supplied passphrase. The integrity of the encrypted blob is checked with an HMAC (hash-based message authentication code). The HMAC is computed with the encrypted data and another key derived from the passphrase. Together, this implements an encrypt-then-MAC authenticated encryption scheme.
package main import "github.com/lukhnos/protectedblob-go" func someFunc() { envelope, _ := protectedblob.Create(plaintext, passphrase, rounds) jsonBytes, _ := envelope.ToJSON() // Write out the JSON. envelope, _ := protectedblob.FromJSON(jsonBytes) plaintext, _ := envelope.GetPlaintext(passphrase) }
A command line tool under the same name is also provided to create and use the envelopes. To install the command line tool:
go get github.com/lukhnos/protectedblob-go go install github.com/lukhnos/protectedblob-go/...
This is a Go port of protectedblob-py (https://github.com/lukhnos/protectedblob-py).
Index ¶
- Constants
- Variables
- type BlobError
- type CipherSuite
- type Data
- type DerivedKeyPair
- type Envelope
- func (envlp *Envelope) ChangePassphrase(oldPhrase string, newPhrase string) error
- func (envlp *Envelope) ChangePassphraseAndRounds(oldPhrase string, newPhrase string, newRounds int32) error
- func (envlp *Envelope) GetPlaintext(passphrase string) ([]byte, error)
- func (envlp *Envelope) ToJSON() ([]byte, error)
- type KDF
- type ProtectedKey
Constants ¶
const DefaultRounds int32 = 131072
const SupportedVersion string = "2"
Variables ¶
var AES256CBCSHA256 = _AES256CBCSHA256{}
var PBKDF2SHA256AES256 = _PBKDF2SHA256AES256{}
Functions ¶
This section is empty.
Types ¶
type CipherSuite ¶
type DerivedKeyPair ¶
type Envelope ¶
type Envelope struct { Version string `json:"version"` CipherSuite string `json:"cipher_suite"` KDF string `json:"kdf"` Data Data `json:"encrypted_data"` ProtectedKey ProtectedKey `json:"encrypted_key"` }
func (*Envelope) ChangePassphrase ¶
func (*Envelope) ChangePassphraseAndRounds ¶
func (*Envelope) GetPlaintext ¶
type KDF ¶
type KDF interface { Name() string Validate(src ProtectedKey) error Encrypt(key []byte, passphrase string, rounds int32) (ProtectedKey, error) Decrypt(src ProtectedKey, passphrase string) ([]byte, error) }