Documentation
¶
Overview ¶
Package vault implements Brief's password manager.
Index ¶
- Constants
- Variables
- type Bytes
- type Ciphertext
- type Crypter
- type Password
- type PasswordSource
- type Plaintext
- type RecryptFunc
- type Trust
- type Vault
- func (oldv *Vault) Clone() *Vault
- func (v *Vault) Crypter(secret any) (Crypter, error)
- func (v *Vault) Crypter_(passwordsource PasswordSource) (Crypter, error)
- func (v *Vault) Fixup(secret any) error
- func (oldv *Vault) Recrypt(oldsecret any, newtrust Trust, newsecret any) (*Vault, RecryptFunc, error)
Constants ¶
const DefaultTrust = BriefTrustD015c957
MUST be changed when cryptographic methods lose their trustworthiness
Variables ¶
var ErrBriefTrustD015c957 = errors.New(string(BriefTrustD015c957))
var ErrPassword errPassword
Functions ¶
This section is empty.
Types ¶
type Ciphertext ¶
type Ciphertext []byte
Ciphertext represents a slice of bytes whose public knowledge is permissible. It thus base64-text-marshals itself.
func ReadCiphertext ¶
func ReadCiphertext(passwordsource PasswordSource, crypter Crypter, prompt string) (Ciphertext, error)
ReadCiphertext reads sensitive information in and encrypts it using crypter.
Once: func Console(crypter Crypter, prompt string) (Ciphertext, error) {
func (Ciphertext) MarshalText ¶
func (ct Ciphertext) MarshalText() ([]byte, error)
func (*Ciphertext) UnmarshalText ¶
func (ct *Ciphertext) UnmarshalText(text []byte) error
type Crypter ¶
type Crypter interface {
// Encrypt encrypts plaintext into ciphertext.
// Encrypt MUST NEITHER passed-in NOR passed-out values.
// Encrypt MUST fail if the system's entropy is non-sufficient.
Encrypt(Plaintext) (Ciphertext, error)
// Decrypt decrypts ciphertext into plaintext.
// Decrypt MUST NEITHER passed-in NOR passed-out values.
// Decrypt MUST fail if the system's entropy is non-sufficient.
Decrypt(Ciphertext) (Plaintext, error)
}
type Password ¶
type Password struct {
// contains filtered or unexported fields
}
Password represents a vault-internal password. Password is designed to be opaque as to make it hard to in good faith leak a password.
func ReadPassword ¶
func ReadPassword(passwordsource PasswordSource, prompt string) (Password, error)
Once: ConsolePassword
type PasswordSource ¶
func Console ¶
func Console() PasswordSource
TODO expunge (implementations should use their *World's PasswordSource and no one should need to call this
func HideSource ¶
func HideSource(source func(prompt string) ([]byte, error)) PasswordSource
TODO ugly name?
Used primarily for testing.
func OSPasswordSource ¶
func OSPasswordSource(stdin interface{ Fd() uintptr }, stderr io.Writer) PasswordSource
type Plaintext ¶
type Plaintext []byte
Plaintext represents a slice of bytes whose public knowledge is a breach of confidentiality. It thus disallows text marshalling.
type RecryptFunc ¶
type RecryptFunc = func(oldciphertext Ciphertext) (newciphertext Ciphertext, err error)
type Vault ¶
type Vault struct {
XMLName xml.Name `xml:"vault"`
Trust Trust `xml:"trust"`
Salt Bytes `xml:"salt"`
ProofPlaintext Bytes `xml:"proof-plaintext"`
ProofCiphertext Ciphertext `xml:"proof-ciphertext"`
}
func NewVault_ ¶
func NewVault_(passwordsource PasswordSource, trust Trust) (*Vault, error)
passwordsource may be nil
func (*Vault) Crypter_ ¶
func (v *Vault) Crypter_(passwordsource PasswordSource) (Crypter, error)
Once: func (v *Vault) ConsolePassword() (Crypter, error) {
func (*Vault) Fixup ¶
secret may be nil, in which case Vault.ProofCiphertext may become stale.
Source Files