saltpack

package
v0.0.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 6, 2024 License: MIT Imports: 16 Imported by: 1

README

Saltpack

See saltpack.org for more details.

This github.com/burlingtonbertie99/mykeys/saltpack package allows you to encrypt/decrypt, sign/verify using Saltpack.

Examples

Documentation

Overview

Package saltpack integrates keys with Saltpack (saltpack.org).

Index

Examples

Constants

This section is empty.

Variables

View Source
var ErrInvalidData = errors.New("invalid data")

ErrInvalidData if data was invalid.

Functions

func Decrypt

func Decrypt(b []byte, armored bool, kr Keyring) ([]byte, *keys.X25519PublicKey, error)

Decrypt bytes. If there was a sender, will return the X25519 public key.

Example
aliceID := keys.ID("kbx15nsf9y4k28p83wth93tf7hafhvfajp45d2mge80ems45gz0c5gys57cytk")
encrypted := []byte(`BEGIN SALTPACK ENCRYPTED MESSAGE. 
	kcJn5brvybfNjz6 D5ll2Nk0YnkdsxV g8EmizCg7a8zpHt Wh3GEuw5BrCUP2u N00ZdO6tTiw5NAl 
	M2M9M0ErPX1xAmK Cfh7IG2sQfbxIH3 OmQwZxc13hjpoG4 1NWwphYm2HR7i1Z LOdCpf8kbf5UFSC 
	eEUlInuYgfWLJdT 7y3iBbCvlejdmJW aSRZAgrmiEqYfTL a0NzUyir4lT4h9G DUYEGWA8JD3cuCh 
	Xfi0TNH5BlgOnBm 65o53Xaztwpv6Q4 BMM6AoTyMYk9iR3 5ybluVFI5DJq0YP N6t. 
	END SALTPACK ENCRYPTED MESSAGE.`)

bob := keys.NewX25519KeyFromSeed(testSeed(0x02))

// Bob decrypts
out, sender, err := saltpack.Decrypt(encrypted, true, saltpack.NewKeyring(bob))
if err != nil {
	log.Fatal(err)
}

if sender != nil && sender.ID() == aliceID {
	fmt.Printf("signer is alice\n")
}
fmt.Printf("%s\n", string(out))
Output:

signer is alice
hi bob

func Encrypt

func Encrypt(b []byte, armored bool, sender *keys.X25519Key, recipients ...keys.ID) ([]byte, error)

Encrypt to recipients. Sender can be nil. See https://saltpack.org/encryption-format-v2.

Example
alice := keys.NewX25519KeyFromSeed(testSeed(0x01))
bobID := keys.ID("kbx1e6xn45wvkce7c7msc9upffw8dmxs9959q5xng369hgzcwrjc04vs8u82mj")

message := []byte("hi bob")

fmt.Printf("alice: %s\n", alice.ID())
fmt.Printf("bob: %s\n", bobID)

// Encrypt from alice to bob
encrypted, err := saltpack.Encrypt(message, true, alice, bobID)
if err != nil {
	log.Fatal(err)
}
fmt.Printf("%s...\n", encrypted[0:30])
Output:

alice: kbx15nsf9y4k28p83wth93tf7hafhvfajp45d2mge80ems45gz0c5gys57cytk
bob: kbx1e6xn45wvkce7c7msc9upffw8dmxs9959q5xng369hgzcwrjc04vs8u82mj
BEGIN SALTPACK ENCRYPTED MESSA...

func NewDecryptStream

func NewDecryptStream(r io.Reader, armored bool, kr Keyring) (io.Reader, *keys.X25519PublicKey, error)

NewDecryptStream creates a decrypt stream. If there was a sender, will return a X25519 key ID.

func NewEncryptStream

func NewEncryptStream(w io.Writer, armored bool, sender *keys.X25519Key, recipients ...keys.ID) (io.WriteCloser, error)

NewEncryptStream creates an encrypted armored io.WriteCloser. Sender can be nil, if you want it to be anonymous.

func NewSignStream

func NewSignStream(w io.Writer, armored bool, detached bool, key *keys.EdX25519Key) (io.WriteCloser, error)

NewSignStream ...

func NewSigncryptOpenStream

func NewSigncryptOpenStream(r io.Reader, armored bool, kr Keyring) (io.Reader, *keys.EdX25519PublicKey, error)

NewSigncryptOpenStream creates a signcrypt open stream.

func NewSigncryptStream

func NewSigncryptStream(w io.Writer, armored bool, sender *keys.EdX25519Key, recipients ...keys.ID) (io.WriteCloser, error)

NewSigncryptStream creates a signcrypt stream.

func NewVerifyStream

func NewVerifyStream(r io.Reader) (io.Reader, keys.ID, error)

NewVerifyStream ...

func SetLogger

func SetLogger(l Logger)

SetLogger sets logger for the package.

func Sign

func Sign(b []byte, armored bool, key *keys.EdX25519Key) ([]byte, error)

Sign bytes.

Example
alice := keys.GenerateEdX25519Key()

message := []byte("hi from alice")

sig, err := saltpack.Sign(message, true, alice)
if err != nil {
	log.Fatal(err)
}
fmt.Printf("%s\n", alice.ID())
fmt.Printf("%s\n", sig)
Output:

func SignArmored

func SignArmored(b []byte, key *keys.EdX25519Key) (string, error)

Sign bytes (armored).

func SignDetached

func SignDetached(b []byte, armored bool, key *keys.EdX25519Key) ([]byte, error)

SignDetached ...

Example
alice := keys.GenerateEdX25519Key()

message := []byte("hi from alice")

sig, err := saltpack.SignDetached(message, true, alice)
if err != nil {
	log.Fatal(err)
}
fmt.Printf("%s", sig)
Output:

func SignFile

func SignFile(in string, out string, key *keys.EdX25519Key, armored bool, detached bool) error

SignFile signs a file.

func Signcrypt

func Signcrypt(b []byte, armored bool, sender *keys.EdX25519Key, recipients ...keys.ID) ([]byte, error)

Signcrypt to recipients. https://saltpack.org/signcryption-format

Example
alice := keys.NewEdX25519KeyFromSeed(testSeed(0x01))
bobID := keys.ID("kex1syuhwr4g05t4744r23nvxnr7en9cmz53knhr0gja7c84hr7fkw2quf6zcg")

message := []byte("hi bob")

fmt.Printf("alice: %s\n", alice.ID())
fmt.Printf("bob: %s\n", bobID)

// Signcrypt from alice to bob
encrypted, err := saltpack.Signcrypt(message, true, alice, bobID)
if err != nil {
	log.Fatal(err)
}
fmt.Printf("%s...\n", encrypted[0:30])
Output:

alice: kex132yw8ht5p8cetl2jmvknewjawt9xwzdlrk2pyxlnwjyqrdq0dawqqph077
bob: kex1syuhwr4g05t4744r23nvxnr7en9cmz53knhr0gja7c84hr7fkw2quf6zcg
BEGIN SALTPACK ENCRYPTED MESSA...

func SigncryptOpen

func SigncryptOpen(b []byte, armored bool, kr Keyring) ([]byte, *keys.EdX25519PublicKey, error)

SigncryptOpen ...

Example
aliceID := keys.ID("kex132yw8ht5p8cetl2jmvknewjawt9xwzdlrk2pyxlnwjyqrdq0dawqqph077")
encrypted := []byte(`BEGIN SALTPACK ENCRYPTED MESSAGE. 
	keDIDMQWYvVR58B FTfTeDQNHw4rtf4 DhnUhh7QIMs1BwB LmssBxGhQ4mlcCU qV8WjYl8IkxQJbg 
	ONicYJ6bKt4MtL5 u1uoXQQMHpGQoxv i81G0YjJmVk3fve kTnkT7hxuNZPhL3 2gdI2jzdhgOuv2I 
	GepiKbfYFkh9crE 1N4kuPgLFmiQoUb UxbqPeFjmNwUTf7 zGeNEy8DBW16Iyd jw64NZ1Ln4gebRP 
	2mFMbPdyBRdxldx ugMs9cTZ2cTcyWJ mTPQ9RkdnnfPGdd k6x2hQWAdkwBOmy 4NcS7hFls2iGX4I 
	4lh5nDtDzwGHFOn ehwbipT7iNVK9kE 388GznWBW4Vci88 43Z1Txd2cbm2dBJ y883ohi7SLL. 
	END SALTPACK ENCRYPTED MESSAGE.`)

bob := keys.NewEdX25519KeyFromSeed(testSeed(0x02))

// Bob decrypts
out, sender, err := saltpack.SigncryptOpen(encrypted, true, saltpack.NewKeyring(bob))
if err != nil {
	log.Fatal(err)
}

if sender != nil && sender.ID() == aliceID {
	fmt.Printf("signer is alice\n")
}
fmt.Printf("%s\n", string(out))
Output:

signer is alice
hi bob

func StripBefore

func StripBefore(message string) string

StripBefore removes text before BEGIN.

func Verify

func Verify(b []byte) ([]byte, keys.ID, error)

Verify ...

Example
aliceID := keys.ID("kex1w2jep8dkr2s0g9kx5g6xe3387jslnlj08yactvn8xdtrx4cnypjq9rpnux")
signed := []byte(`BEGIN SALTPACK SIGNED MESSAGE. 
	kXR7VktZdyH7rvq v5wcIkHbs7mPCSd NhKLR9E0K47y29T QkuYinHym6EfZwL 
	1TwgxI3RQ52fHg5 1FzmLOMghcYLcV7 i0l0ovabGhxGrEl z7WuI4O3xMU5saq 
	U28RqUnKNroATPO 5rn2YyQcut2SeMn lXJBlDqRv9WyxjG M0PcKvsAsvmid1m 
	cqA4TCjz5V9VpuO zuIQ55lRQLeP5kU aWFxq5Nl8WsPqlR RdX86OuTbaKUvKI 
	wdNd6ISacrT0I82 qZ71sc7sTxiMxoI P43uCGaAZZ3Ab62 vR8N6WQPE8. 
	END SALTPACK SIGNED MESSAGE.`)

out, signer, err := saltpack.Verify(signed)
if err != nil {
	log.Fatal(err)
}
if signer == aliceID {
	fmt.Printf("signer is alice\n")
}
fmt.Printf("%s\n", string(out))
Output:

signer is alice
hi from alice

func VerifyArmored

func VerifyArmored(s string) ([]byte, keys.ID, error)

VerifyArmored verified armored statement.

func VerifyDetached

func VerifyDetached(sig []byte, b []byte) (keys.ID, error)

VerifyDetached ...

func VerifyDetachedReader

func VerifyDetachedReader(sig []byte, r io.Reader) (keys.ID, error)

VerifyDetachedReader ...

func VerifyFile

func VerifyFile(in string, out string) (keys.ID, error)

VerifyFile outputs verified file from in path.

func VerifyFileDetached

func VerifyFileDetached(sig []byte, path string) (keys.ID, error)

VerifyFileDetached verifies file at path with signature.

Types

type ContextLogger

type ContextLogger interface {
	Debugf(ctx context.Context, format string, args ...interface{})
	Infof(ctx context.Context, format string, args ...interface{})
	Warningf(ctx context.Context, format string, args ...interface{})
	Errorf(ctx context.Context, format string, args ...interface{})
}

ContextLogger interface used in this package with request context.

func NewContextLogger

func NewContextLogger(lev LogLevel) ContextLogger

NewContextLogger ...

type Encoding

type Encoding string

Encoding for saltpack (encrypt, signcrypt, sign).

const (
	// UnknownEncoding is unknown.
	UnknownEncoding Encoding = ""
	// EncryptEncoding used saltpack.Encrypt
	EncryptEncoding Encoding = "encrypt"
	// SigncryptEncoding used saltpack.Signcrypt
	SigncryptEncoding Encoding = "signcrypt"
	// SignEncoding used saltpack.Sign
	SignEncoding Encoding = "sign"
)

func NewReader

func NewReader(r io.Reader, kr Keyring) (out io.Reader, key keys.Key, enc Encoding, err error)

NewReader creates io.Reader for decryption after trying to detect the encoding. We peek up to 512 bytes from the reader, detect the encoding and return that stream.

func Open

func Open(b []byte, kr Keyring) (out []byte, key keys.Key, enc Encoding, err error)

Open decrypts bytes after attempting to auto detect the encoding.

type Keyring

type Keyring interface {
	X25519Keys() ([]*keys.X25519Key, error)
}

Keyring for Saltpack keys.

func NewKeyring

func NewKeyring(keys ...keys.Key) Keyring

NewKeyring creates keyring for keys.

type LogLevel

type LogLevel int

LogLevel ...

const (
	// DebugLevel ...
	DebugLevel LogLevel = 3
	// InfoLevel ...
	InfoLevel LogLevel = 2
	// WarnLevel ...
	WarnLevel LogLevel = 1
	// ErrLevel ...
	ErrLevel LogLevel = 0
)

type Logger

type Logger interface {
	Debugf(format string, args ...interface{})
	Infof(format string, args ...interface{})
	Warningf(format string, args ...interface{})
	Errorf(format string, args ...interface{})
}

Logger interface used in this package.

func NewLogger

func NewLogger(lev LogLevel) Logger

NewLogger ...

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL