aesctr

package module

v0.0.0-...-12b17a7 Latest Latest Go to latest Published: Jun 23, 2020 License: MIT Imports: 9 Imported by: 2

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/Xeoncross/go-aesctr-with-hmac

Links

Open Source Insights

README ¶

Encryption and Decryption

This package is a simple AES-CTR encryption wrapper with SHA512 HMAC authentication. I wrote it to handle large blobs of data that would not fit into memory (or would take to much memory). Examples include files and client-to-client uploads. The assumption is that this will be used with public/private key cryptography where the AES password (and HMAC password) will be strong and random providing a strong security guarantee.

I also wanted this to be easy to implement in Javascript for client-to-client communication via electron or react-native.

Benchmarks

Included the example folder is a benchmark of encrypting an decrypting a 500MB stream of data. I get over 100MB/sec on my local computer using two cores.

go get github.com/Xeoncross/go-aesctr-with-hmac
cd $GOPATH/src/github.com/Xeoncross/go-aesctr-with-hmac/example
go run main.go

Using passwords

If using passwords to encrypt things I recommend you use this the "decrypto" AES-CTR + HMAC + scrypt password strengthening implementation found in odeke-em/drive. It might be slower (and uses a temp file) but is worth it for the security gains. Human-passwords aren't safe to use alone.

Encrypting small blobs

If the data you are encrypting is small and easily fits into memory then you should use GCM. GCM is nice and simple to use if your data is small.

Encrypting a Media stream

If you need to encrypt video/audio stream, then a more complex chunked version of GCM is for you. https://github.com/minio/sio (D.A.R.E. v2) provides a way to break data up into chunks that can be decrypted as they arrive and used without waiting for the rest of the stream to finish arriving.

Warning

I am not a cryptographer. However, this implementation has very few moving parts all of which are written by real cryptographers and used as described.

Reference

Documentation ¶

Index ¶

Constants
Variables
func Decrypt(in io.Reader, out io.Writer, keyAes, keyHmac []byte) (err error)
func Encrypt(in io.Reader, out io.Writer, keyAes, keyHmac []byte) (err error)

Constants ¶

View Source

const BUFFER_SIZE int = 16 * 1024

View Source

const IV_SIZE int = 16

View Source

const V1 byte = 0x1

Variables ¶

View Source

var ErrInvalidHMAC = errors.New("Invalid HMAC")

ErrInvalidHMAC for authentication failure

Functions ¶

func Decrypt ¶

func Decrypt(in io.Reader, out io.Writer, keyAes, keyHmac []byte) (err error)

Decrypt the stream and verify HMAC using the given AES-CTR and SHA512-HMAC key Do not trust the out io.Writer contents until the function returns the result of validating the ending HMAC hash.

func Encrypt ¶

func Encrypt(in io.Reader, out io.Writer, keyAes, keyHmac []byte) (err error)

Encrypt the stream using the given AES-CTR and SHA512-HMAC key

Types ¶

This section is empty.

Source Files ¶

View all Source files

crypt.go

Directories ¶

Path	Synopsis
example

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL