siv

func Decrypt ¶

func Decrypt(key, ciphertext []byte, associated [][]byte) ([]byte, error)

Given ciphertext previously generated by Encrypt and the key and associated data that were used when generating the ciphertext, return the original plaintext given to Encrypt. If the input is well-formed but the key is incorrect, return an instance of WrongKeyError.

func Encrypt ¶

func Encrypt(dst, key, plaintext []byte, associated [][]byte) ([]byte, error)

Given a key and plaintext, encrypt the plaintext using the SIV mode of AES, as defined by RFC 5297, append the result (including both the synthetic initialization vector and the ciphertext) to dst, and return the updated slice. The output can later be fed to Decrypt to recover the plaintext.

In addition to confidentiality, this function also offers authenticity. That is, without the secret key an attacker is unable to construct a byte string that Decrypt will accept.

The supplied key must be 32, 48, or 64 bytes long.

The supplied associated data, up to 126 strings, is also authenticated, though it is not included in the ciphertext. The user must supply the same associated data to Decrypt in order for the Decrypt call to succeed. If no associated data is desired, pass an empty slice.

If the same key, plaintext, and associated data are supplied to this function multiple times, the output is guaranteed to be identical. As per RFC 5297 section 3, you may use this function for nonce-based authenticated encryption by passing a nonce as the last associated data element.