Documentation
¶
Overview ¶
Implementation of the Web3 Secret Storage Definition to protect private keys.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CryptoParams ¶
type CryptoParams struct {
// Specifies the encryption algorithm used (e.g., "aes-128-ctr").
Cipher string `json:"cipher"`
// Additional parameters specific to the chosen cipher.
CipherParams map[string]string `json:"cipherparams"`
// Key Derivation Function used (e.g., "pbkdf2" or "scrypt").
KDF string `json:"kdf"`
// Additional parameters specific to the chosen KDF.
KDFParams map[string]interface{} `json:"kdfparams"`
// The encrypted data or ciphertext.
Ciphertext string `json:"ciphertext"`
// Message Authentication Code used for data integrity verification.
MAC string `json:"mac"`
}
type KeyDerivator ¶
type KeyDerivator interface {
// DeriveKey derives a cryptographic key from a given password.
// It takes the password as input and returns the derived key as a byte slice.
// It may also return an error if the key derivation process fails.
DeriveKey(password []byte) ([]byte, error)
// Name returns the name or identifier of the key derivation function (KDF).
// This can be used to identify the specific KDF being used, such as "pbkdf2" or "scrypt."
Name() string
// Encode returns a map of parameters and their values that describe the key derivation function.
// This information is typically used for encoding and decoding purposes when storing or exchanging data.
Encode() map[string]interface{}
}
type PBDKDF2KeyDerivator ¶
type PBDKDF2KeyDerivator struct {
Iterations int // The number of iterations performed during key derivation.
Salt []byte // A random salt value used as an additional input to the KDF.
DkLen int // The length (in bytes) of the derived key.
}
func NewPBDKDF2KeyDerivator ¶
func NewPBDKDF2KeyDerivator(iterations int, salt []byte, dkLen int) *PBDKDF2KeyDerivator
NewPBDKDF2KeyDerivator creates a new instance of PBDKDF2KeyDerivator with the specified key derivation parameters. It is used to derive keys using the PBKDF2 key derivation function, which employs HMAC with SHA-256 as the pseudo-random function (PRF).
Parameters: - iterations: The number of iterations for key stretching. - salt: A byte slice representing the salt value for key derivation. - dkLen: The desired length (in bytes) of the derived key.
Returns: - A pointer to a new PBDKDF2KeyDerivator instance initialized with the provided parameters.
Example usage:
derivator := NewPBDKDF2KeyDerivator(10000, []byte("random_salt"), 32)
func (*PBDKDF2KeyDerivator) DeriveKey ¶
func (k *PBDKDF2KeyDerivator) DeriveKey(password []byte) ([]byte, error)
DeriveKey derives a cryptographic key from the provided password using PBKDF2. It takes the password as input and performs key derivation based on the PBKDF2 algorithm configured with the parameters stored in the PBDKDF2KeyDerivator struct. The method returns the derived key as a byte slice and may return an error if the key derivation process encounters any issues.
func (*PBDKDF2KeyDerivator) Encode ¶
func (k *PBDKDF2KeyDerivator) Encode() map[string]interface{}
Encode returns a map of parameters and their values that describe the configuration of the PBKDF2 key derivation function. The returned map includes information such as the number of iterations, salt value, and desired key length. This information is typically used for encoding and decoding purposes when storing or exchanging data, allowing the configuration to be preserved and communicated.
func (*PBDKDF2KeyDerivator) Name ¶
func (k *PBDKDF2KeyDerivator) Name() string
Name returns the name or identifier of the key derivation function (KDF). In this implementation, it always returns "pbkdf2" to indicate the use of the PBKDF2 algorithm. This information is useful for identifying the specific KDF being used within cryptographic operations.
type ScryptKeyDerivator ¶
type ScryptKeyDerivator struct {
// DkLen is the length (in bytes) of the derived key.
DkLen int
// N is the CPU/memory cost factor (parallelization factor) for Scrypt.
N int
// R is the block size parameter for Scrypt.
R int
// P is the parallelization parameter for Scrypt.
P int
// Salt is a random salt value used as an additional input to the KDF.
Salt []byte
}
ScryptKeyDerivator represents the configuration parameters for the Scrypt key derivation function.
func NewScryptKeyDerivator ¶
func NewScryptKeyDerivator(dkLen, n, r, p int, salt []byte) *ScryptKeyDerivator
NewScryptKeyDerivator creates a new instance of ScryptKeyDerivator with the specified key derivation parameters. It is used to derive keys using the scrypt key derivation function, which is designed to be memory-hard and CPU-intensive for enhanced security.
Parameters: - dkLen: The desired length (in bytes) of the derived key. - n: The CPU/memory cost parameter, typically a power of two. - r: The block size parameter. - p: The parallelization parameter. - salt: A byte slice representing the salt value for key derivation.
Returns: - A pointer to a new ScryptKeyDerivator instance initialized with the provided parameters.
Example usage:
derivator := NewScryptKeyDerivator(32, 16384, 8, 1, []byte("random_salt"))
func (*ScryptKeyDerivator) DeriveKey ¶
func (k *ScryptKeyDerivator) DeriveKey(password []byte) ([]byte, error)
DeriveKey takes a user-provided password and applies the Scrypt key derivation function to generate a derived key. The derived key is computed based on the Scrypt parameters, including N, R, P, and the salt value, which should be set prior to calling this method. The derived key is returned as a byte slice. If any error occurs during the key derivation process, an error is returned.
func (*ScryptKeyDerivator) Encode ¶
func (k *ScryptKeyDerivator) Encode() map[string]interface{}
Encode converts the ScryptKeyDerivator's parameters into a map of strings and interfaces for serialization purposes. The resulting map includes the following key-value pairs: - "dklen": The length (in bytes) of the derived key. - "n": The CPU/memory cost factor (parallelization factor) for Scrypt. - "r": The block size parameter for Scrypt. - "p": The parallelization parameter for Scrypt. - "salt": The salt value, encoded as a hexadecimal string. This method is used to represent the Scrypt parameters in a format suitable for serialization, such as JSON.
func (*ScryptKeyDerivator) Name ¶
func (k *ScryptKeyDerivator) Name() string
Name returns the name or identifier for the Scrypt key derivation function. This method is used to indicate the specific key derivation function being employed, and it returns the string "scrypt" to represent Scrypt-based key derivation.
type SecretWallet ¶
type SecretWallet struct {
// Credentials is a hexadecimal string representing the encrypted private key.
Credentials string
// Derivator is an interface for key derivation, specifying the method used
// to derive the decryption key from the password.
Derivator KeyDerivator
Password []byte
// IV (Initialization Vector) is a byte slice used in the AES decryption process
// to ensure secure encryption and decryption of the private key.
IV []byte
// ID is a unique identifier associated with the wallet.
ID []byte
}
SecretWallet represents a wallet file used to securely store credentials, such as a private key associated with an bitcoin address. The private key within the wallet is encrypted with a secret password and can be decoded using the provided KeyDerivator, password, and initialization vector (IV). The ID field holds a unique identifier for the wallet.
func DecodeSecretWallet ¶
func DecodeSecretWallet(encodedWallet string, password string) (*SecretWallet, error)
DecodeSecretWallet decodes a wallet from the given encoded JSON representation and uses the provided password to decrypt the private key stored in the wallet.
Parameters: - encoded: The JSON-encoded representation of the wallet. - password: The password used for decrypting the private key.
func NewSecretWallet ¶
func NewSecretWallet(credentials string, password string, scryptN int, p int) (*SecretWallet, error)
NewSecretWallet creates a new instance of SecretWallet, which represents a wallet file used to securely store credentials like private keys. The private key is encrypted using the provided password and key derivation parameters.
Parameters:
- credentials: The credentials to be stored in the wallet.
- password: The password used for encrypting the private key.
- scryptN: The CPU/memory cost parameter for the scrypt key derivation function, typically a power of two.
- p: The parallelization parameter for the scrypt key derivation function.
func (*SecretWallet) ToBase68 ¶
func (w *SecretWallet) ToBase68() (string, error)
ToBase68 encodes the credentials of the SecretWallet instance to a Base68-encoded string. This method represents the wallet's data, including encryption details and credentials, in a Base68-encoded format that can be stored or transmitted.
func (*SecretWallet) ToJSON ¶
func (w *SecretWallet) ToJSON() (string, error)
ToJSON serializes the SecretWallet into a JSON-encoded string. This method represents the wallet's data, including encryption details and credentials, in a JSON format that can be stored or transmitted.
type WalletData ¶
type WalletData struct {
// Specifies the version of the wallet data structure (e.g., version 3).
Version int `json:"version"`
// Contains cryptographic parameters and information for data encryption and decryption.
Crypto CryptoParams `json:"crypto"`
// Represents a unique identifier or UUID associated with the wallet.
ID string `json:"id"`
}
func (*WalletData) Validate ¶
func (w *WalletData) Validate() error
Source Files