nacl: github.com/kevinburke/nacl Index | Examples | Files | Directories

package nacl

import "github.com/kevinburke/nacl"

Package nacl is a pure Go implementation of the NaCL cryptography library.

Compared with the implementation in golang.org/x/crypto/nacl, this library offers all of the API's present in NaCL, as well as some utilities for generating and loading keys and nonces, and encrypting messages.

NaCl's goal is to provide all of the core operations needed to build higher-level cryptographic tools, as well as to demonstrate how to implement these tools in Go.

Compared with the equivalent packages in the Go standard library and x/crypto package, we replace some function calls with their equivalents in this package, and make more use of return values (versus writing to a byte array specified at stdin). Most functions should be compatible with their C/C++ counterparts in the library here: https://nacl.cr.yp.to/. In many cases the tests are ported directly to this library.

Index

Examples

Package Files

nacl.go

Constants

const HashSize = sha512.Size

HashSize is the size, in bytes, of the result of calling Hash.

const KeySize = 32

Size of a public or private key in bytes.

const NonceSize = 24

Size of a nonce in bytes.

const Version = "0.5"

The software version.

func Hash Uses

func Hash(m []byte) *[HashSize]byte

Hash hashes a message m.

The crypto_hash function is designed to be usable as a strong component of DSA, RSA-PSS, key derivation, hash-based message-authentication codes, hash-based ciphers, and various other common applications. "Strong" means that the security of these applications, when instantiated with crypto_hash, is the same as the security of the applications against generic attacks. In particular, the crypto_hash function is designed to make finding collisions difficult.

Hash is currently an implementation of SHA-512.

func Load64 Uses

func Load64(hexkey string) (*[64]byte, error)

Load decodes a 128-byte hex string into a Key. A hex key is suitable for representation in a configuration file. You can generate one by running nacl/sign.GenerateKey(nil).

func Verify Uses

func Verify(a, b []byte) bool

Verify returns true if and only if a and b have equal contents. The time taken is a function of the length of the slices and is independent of the contents. If an attacker controls the length of a, they may be able to determine the length of b (and vice versa).

func Verify16 Uses

func Verify16(a, b *[16]byte) bool

Verify16 returns true if and only if a and b have equal contents, without leaking timing information.

func Verify32 Uses

func Verify32(a, b *[KeySize]byte) bool

Verify32 returns true if and only if a and b have equal contents, without leaking timing information.

type Key Uses

type Key *[KeySize]byte

Key represents a private or public key for use in encryption or authentication. A key should be random bytes and *not* simply 32 characters in the visible ASCII set.

func Load Uses

func Load(hexkey string) (Key, error)

Load decodes a 64-byte hex string into a Key. A hex key is suitable for representation in a configuration file. You can generate one by running "openssl rand -hex 32".

Code:

// Don't use this key for anything real.
// You can generate one by running openssl rand -hex 32.
key, err := nacl.Load("6368616e676520746869732070617373776f726420746f206120736563726574")
if err != nil {
    panic(err)
}
fmt.Println(base64.StdEncoding.EncodeToString(key[:]))

Output:

Y2hhbmdlIHRoaXMgcGFzc3dvcmQgdG8gYSBzZWNyZXQ=

func NewKey Uses

func NewKey() Key

NewKey returns a new Key with cryptographically random data. NewKey panics if we could not read the correct amount of random data into key.

func Setup Uses

func Setup(nonce Nonce, key Key) (Key, *[16]byte)

Setup produces a sub-key and Salsa20 counter given a nonce and key.

type Nonce Uses

type Nonce *[NonceSize]byte

Nonce is an arbitrary value that should be used only once per (sender, receiver) pair. For example, the lexicographically smaller public key can use nonce 1 for its first message to the other key, nonce 3 for its second message, nonce 5 for its third message, etc., while the lexicographically larger public key uses nonce 2 for its first message to the other key, nonce 4 for its second message, nonce 6 for its third message, etc. Nonces are long enough that randomly generated nonces have negligible risk of collision.

func NewNonce Uses

func NewNonce() Nonce

NewNonce returns a new Nonce with cryptographically random data. It panics if we could not read the correct amount of random data into nonce.

Directories

PathSynopsis
authPackage auth authenticates a message m using a secret key k.
boxPackage box authenticates and encrypts messages using public-key cryptography.
internal/subtlePackage subtle implements functions that are often useful in cryptographic code but require careful thought to use correctly.
onetimeauthPackage onetimeauth provides primitives for secret-key, single-message authentication.
randombytesPackage randombytes implements helpers for reading random data.
scalarmultPackage scalarmult provides an implementation of scalar multiplication.
secretboxPackage secretbox encrypts and authenticates small messages.
signPackage sign can be used to verify messages were signed with a given secret key.
sign/internal/edwards25519
stream

Package nacl imports 6 packages (graph) and is imported by 17 packages. Updated 2019-01-02. Refresh now. Tools for package owners.