Various constants needed for encryption scheme.
Error types and messages.
CryptoKey represents a secret key which can be used to encrypt and decrypt data.
GenerateCryptoKey generates a new crypotgraphically random key.
Decrypt decrypts the passed data. The must be the output of the Encrypt function.
Encrypt encrypts the passed data.
Zero clears the key by manually zeroing all memory. This is for security conscience application which wish to zero the memory after they've used it rather than waiting until it's reclaimed by the garbage collector. The key is no longer usable after this call.
Parameters are not secret and can be stored in plain text.
SecretKey houses a crypto key and the parameters needed to derive it from a passphrase. It should only be used in memory.
NewSecretKey returns a SecretKey structure based on the passed parameters.
Decrypt takes in a JSON blob and returns it's decrypted form.
DeriveKey derives the underlying secret key and ensures it matches the expected digest. This should only be called after previously calling the Zero function or on an initial Unmarshal.
Encrypt encrypts in bytes and returns a JSON blob.
Marshal returns the Parameters field marshalled into a format suitable for storage. This result of this can be stored in clear text.
Unmarshal unmarshalls the parameters needed to derive the secret key from a passphrase into sk.
Zero zeroes the underlying secret key while leaving the parameters intact. This effectively makes the key unusable until it is derived again via the DeriveKey function.