README
¶
protectedblob
Package protectedblob can create passphrase-protected wrappers for binary blobs (any non-empty arbitary byte arrays).
The wrapper, called an envelop, uses a randomly-generated key to encrypt the given byte array. The key is then encrypted with another key that's derived from user-supplied passphrase. The integrity of the encrypted blob is checked with an HMAC (hash-based message authentication code). The HMAC is computed with the encrypted data and another key derived from the passphrase. Together, this implements an encrypt-then-MAC authenticated encryption scheme.
package main
import "github.com/lukhnos/protectedblob-go"
func someFunc() {
envelope, _ := protectedblob.Create(plaintext, passphrase, rounds)
jsonBytes, _ := envelope.ToJSON()
// Write out the JSON.
envelope, _ := protectedblob.FromJSON(jsonBytes)
plaintext, _ := envelope.GetPlaintext(passphrase)
}
A command line tool under the same name is also provided to create and use the envelopes. To install the command line tool:
go get github.com/lukhnos/protectedblob-go
go install github.com/lukhnos/protectedblob-go/...
This is a Go port of protectedblob-py.
Documentation
¶
Overview ¶
Package protectedblob can create passphrase-protected wrappers for binary blobs (any non-empty arbitary byte arrays).
The wrapper, called an envelop, uses a randomly-generated key to encrypt the given byte array. The key is then encrypted with another key that's derived from user-supplied passphrase. The integrity of the encrypted blob is checked with an HMAC (hash-based message authentication code). The HMAC is computed with the encrypted data and another key derived from the passphrase. Together, this implements an encrypt-then-MAC authenticated encryption scheme.
package main
import "github.com/lukhnos/protectedblob-go"
func someFunc() {
envelope, _ := protectedblob.Create(plaintext, passphrase, rounds)
jsonBytes, _ := envelope.ToJSON()
// Write out the JSON.
envelope, _ := protectedblob.FromJSON(jsonBytes)
plaintext, _ := envelope.GetPlaintext(passphrase)
}
A command line tool under the same name is also provided to create and use the envelopes. To install the command line tool:
go get github.com/lukhnos/protectedblob-go go install github.com/lukhnos/protectedblob-go/...
This is a Go port of protectedblob-py (https://github.com/lukhnos/protectedblob-py).
Index ¶
- Constants
- Variables
- type BlobError
- type CipherSuite
- type Data
- type DerivedKeyPair
- type Envelope
- func (envlp *Envelope) ChangePassphrase(oldPhrase string, newPhrase string) error
- func (envlp *Envelope) ChangePassphraseAndRounds(oldPhrase string, newPhrase string, newRounds int32) error
- func (envlp *Envelope) GetPlaintext(passphrase string) ([]byte, error)
- func (envlp *Envelope) ToJSON() ([]byte, error)
- type KDF
- type ProtectedKey
Constants ¶
const DefaultRounds int32 = 131072
const SupportedVersion string = "2"
Variables ¶
var AES256CBCSHA256 = _AES256CBCSHA256{}
var PBKDF2SHA256AES256 = _PBKDF2SHA256AES256{}
Functions ¶
This section is empty.
Types ¶
type CipherSuite ¶
type DerivedKeyPair ¶
type Envelope ¶
type Envelope struct {
Version string `json:"version"`
CipherSuite string `json:"cipher_suite"`
KDF string `json:"kdf"`
Data Data `json:"encrypted_data"`
ProtectedKey ProtectedKey `json:"encrypted_key"`
}
func (*Envelope) ChangePassphrase ¶
func (*Envelope) ChangePassphraseAndRounds ¶
func (*Envelope) GetPlaintext ¶
type KDF ¶
type KDF interface {
Name() string
Validate(src ProtectedKey) error
Encrypt(key []byte, passphrase string, rounds int32) (ProtectedKey, error)
Decrypt(src ProtectedKey, passphrase string) ([]byte, error)
}
Source Files
Directories