Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // ErrRecipientNotInWhitelist is returned when the specified key fingerprint // is not found in the ProdSupportPubRing ErrRecipientNotInWhitelist = errors.New( `The recipient's PGP fingerprint is not in the authorized keychain`) // ErrInvalidPGPFingerprint is returned when a specified PGP key fingerprint // does not parse from hex with optional spaces to exactly 20 bytes ErrInvalidPGPFingerprint = errors.New(`The PGP fingerprint provided is not a valid hex encoding of 20 bytes`) // ErrKeyFingerprintNotSpecified is returned when an export is requested // without specifying the recipient's key fingerprint ErrKeyFingerprintNotSpecified = errors.New(`A specific PGP key fingerprint is required, but was not specified`) // ErrInvalidID is returned when a specified file ID does not match // the regular expression /^[a-z0-9]{64}$/ ErrInvalidID = errors.New(`Invalid file ID`) // ErrIncorrectPassphrase is returned when a passphrase does not decrypt a // private key ErrIncorrectPassphrase = errors.New(`Incorect private key passphrase`) // ErrMasterKeyNotFound is returned when a specified key fingerprint // is not found on the provided secret keyring ErrMasterKeyNotFound = errors.New(`The specified master key fingerprint was not found on the secure keyring`) )
View Source
var ( // PGPSettings defines the cipher (AES256) and compression settings // (ZLIB with default compression) used by the filevault PGPSettings = &packet.Config{ DefaultCipher: packet.CipherAES256, DefaultCompressionAlgo: packet.CompressionZLIB, CompressionConfig: &packet.CompressionConfig{Level: packet.DefaultCompression}, } // HashAlgo is the cyptographic hashing algorithm used to identify files HashAlgo = sha256.New // IDLength is the length of file identifiers in bytes IDLength = hex.EncodedLen(sha256.Size) // SubDirCharLen specifies how many characters of the file ID will be used to // generate subdirectories under the file, key and meta root folders. Since // each character can be one of 16 possible values ([a-f0-9]), // the maximum number of subdirectories will be 16^SubDirCharLen SubDirCharLen = 2 // IDPattern is a regular expression that all valid IDs must match IDPattern = regexp.MustCompile(fmt.Sprintf("^[a-f0-9]{%d}$", IDLength)) // DEKBytes defines the number or random bytes used to generate the data // encrypting keys. The random bytes are base64 encoded and used as a PGP // passphrase for symmetric encryption DEKBytes = 16 )
Functions ¶
func HexStringToFingerprint ¶
HexStringToFingerprint converts a string with optional spaces into the 20 byte array format of a PGP key fingerprint
Types ¶
type Config ¶
type Config struct {
TLSCert, TLSKey string
DataRoot, KeyRoot, MetaRoot string
ProdSupportDir string
ProdSupportPubRing string
LogFile string
EmailFrom, EmailTo string
SMTPServer string
SMTPPort int
SecRing string
MasterKeyPassphrase string
MasterKeyFingerprint string
HTTPLog string
HtpasswdFile string
}
Config stores the configuration parameters for a filevault
type Vault ¶
type Vault interface { // Store adds a file and associated metadata into the vault Store(unencryptedData io.Reader, md *Metadata) (id string, err error) // Export re-encrypts a file in the vault with a specified public key // and stores the output in a pre-configured location Export(id string, recipientFingerprint [20]byte) (path string, err error) // Get copies the unencrypted data of a file to the provided Writer Get(id string, dest io.Writer, requester string) (err error) // GetMetadata loads available metadata for a specified file GetMetadata(id string, md *Metadata) error // LoadExportKeyring reloads approved export recipients from the configured // ProdSupportKeyring file path LoadExportKeyring(data io.Reader) error }
Vault stores sensitive files
Click to show internal directories.
Click to hide internal directories.