keysmanager

package
v0.0.0-...-c2ccda8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 26, 2019 License: MIT Imports: 13 Imported by: 0

Documentation

Overview

keysmanager stores secret keys encrypted with a password. It creates its own directory with the 3 different files that it needs 

keys:

    the keys encrypted with scrypt(userPassword, saltK). userPassword is
    the same for every different key, it's just the salt that changes

salts:

    the salts, stored in clear text

passwordhash:

    contains the password hash. It's just a utility to be able to tell
    whether the user gave the right password when he tries to log in. It
    doesn't make the system any more secure (we could let the user go
    through, and he would just wrongly decrypt the keys)

Index

Constants

This section is empty.

Variables

View Source 
var ErrAlreadyLoaded = errors.New("already loaded")

ErrAlreadyLoaded is a multi purpose tagging error used to indicate when an action that should have been done only once was executed mulitple times. For example, you will get this error if you try to login or load keys more than once for example

View Source 
var ErrNoSaltsFile = fmt.Errorf("no salts file (%w)", ErrPrivCorrupted)

ErrNoSaltsFile is returned when the salt file isn't found in the private directory

View Source 
var ErrNotLoggedIn = errors.New("please login first")

ErrNotLoggedIn is returned when an action requires login in

View Source 
var ErrPrivCorrupted = errors.New("priv directory corrupted")

ErrPrivCorrupted is tag error which indicates that the priv directory isn't right (missing file, altered keys, etc...)

View Source 
var ErrWrongPassword = errors.New("wrong password")

ErrWrongPassword is returned when the hash store hashpasswordfile doesn't match with the hash of the typed password. See Login function

Functions

This section is empty.

Types

type Keys 

type Keys struct {
	Encryption, MAC []byte
}

Keys contains the *decrypted* keys

func (Keys) Equal 

func (k Keys) Equal(target Keys) bool

Equal compares whether the fields are equal

func (Keys) String 

func (k Keys) String() string

String prevents someone printing keys without realizing that they secret. If he *really* wants to see the keys, he has to print them manually (fmt.Println(keys.MAC))

type KeysManager 

type KeysManager struct {
	// contains filtered or unexported fields
}

KeysManager loads the different keys from a file (keysfile) and decrypts them using the password. It can also generate new keys in place of the old ones

func NewKeysManager 

func NewKeysManager(privroot string) *KeysManager

NewKeysManager create a new KeysManager with some sane default

func (*KeysManager) ChangePassword 

func (km *KeysManager) ChangePassword(newpassword []byte) error

ChangePassword changes the user's password. Note that the user must already be logged in. If it isn't case, use set password

func (*KeysManager) HasSignedUp 

func (km *KeysManager) HasSignedUp() bool

HasSignedUp returns true of the privroot directory exists, even if we can't read from it. That's because if the user doesn't have the permission for example, he won't be able to create his priv directory by signing up. So, we let .Login report the error, because it will know best what to do based (whereas this function is just general-purposed)

func (*KeysManager) LoadKeys 

func (km *KeysManager) LoadKeys() (Keys, error)

LoadKeys loads the keys from the keys file. Errors: ErrPrivCorrupted, ErrNotLoggedIn

FIXME: do something so that we ensure that we only load the keys once

func (*KeysManager) Login 

func (km *KeysManager) Login(password []byte) error

Login creates the block cipher from the password, which will then be used to decrypt the keys from the file. It can return ErrAlreadyLoaded (already logged in), ErrPrivCorrupted, ErrWrongPassword or err (internal error)

func (*KeysManager) RemovePrivroot 

func (km *KeysManager) RemovePrivroot() error

RemovePrivroot removes permanantely the private folder. If you run that, you loose your keys (ie. you won't be able to decrypt your files anymore)

func (*KeysManager) SignUp 

func (km *KeysManager) SignUp(password []byte) error

SignUp makes the priv directory, creates the salts, password hash file and generates new keys. Returns ErrAlreadyLoaded (already signed up), err

type SM 

type SM struct {
	// contains filtered or unexported fields
}

func NewSaltsManager 

func NewSaltsManager(n int, file string, size int) *SM

NewSaltsManager will store in clear n salts of length size byte in file

func (*SM) GenerateNew 

func (sm *SM) GenerateNew() error

GenerateNew will generate some new salts (in place of the current ones if they do exist)

func (*SM) Get 

func (sm *SM) Get(i int) []byte

GetSalt returns the ith salt (0 based). Panics if i >= n

func (*SM) Load 

func (sm *SM) Load() error

Load loads the salts from the file. This isn't done automatically by .Get so that .Get can always return without an error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.