saltpack: github.com/keybase/saltpack Index | Examples | Files | Directories

package saltpack

import "github.com/keybase/saltpack"

Package saltpack is an implementation of the saltpack message format. Saltpack is a light wrapper around Dan Berstein's famous NaCl library. It adds support for longer messages, streaming input and output of data, multiple recipients for encrypted messages, and a reasonable armoring format. We intend Saltpack as a replacement for the PGP messaging format, as it can be used in many of the same circumstances. However, it is designed to be: (1) simpler; (2) easier to implement; (3) judicious (perhaps judgmental) in its crypto usage; (4) fully modern (no CFB mode here); (5) high performance; (6) less bug- prone; (7) generally unwilling to output unauthenticated data; and (8) easier to compose with other software in any manner of languages or platforms.

Key Management

Saltpack makes no attempt to manage keys. We assume the wrapping application has a story for key management.

Modes of Operation

Saltpack supports three modes of operation: encrypted messages, attached signatures, and detached signatures. Encrypted messages use NaCl's authenticated public-key encryption; we add repudiable authentication. An attached signature contains a message and a signature that authenticates it. A detached signature contains just the signature, and assumes an independent delievery mechanism for the file (this might come up when distributing an ISO and separate signature of the file).

Encoding

Saltpack has two encoding modes: binary and armored. In armored mode, saltpack outputs in Base62-encoding, suitable for publication into any manner of Web settings without fear of markup-caused mangling.

API

This saltpack library implementation supports two API patterns: streaming and all-at-once. The former is useful for large files that can't fit into memory; the latter is more convenient. Both produce the same output.

More Info

See https://saltpack.org

Code:

plaintext := "example plaintext"

encoded := exampleEncode([]byte(plaintext))
mps := newMsgpackStream(bytes.NewReader(encoded))
r := newChunkReader(newExampleChunker(mps))

decoded, err := ioutil.ReadAll(r)
if err != nil {
    panic(err)
}

fmt.Println(string(decoded))

Output:

example plaintext

Index

Examples

Package Files

armor.go armor62.go armor62_decrypt.go armor62_encrypt.go armor62_sign.go armor62_signcrypt.go armor62_verify.go chunk_reader.go classify_and_decrypt.go common.go const.go decrypt.go doc.go encrypt.go errors.go frame.go key.go msgpack.go nonce.go packets.go punctuated_reader.go rand.go sign.go sign_stream.go signcrypt_open.go signcrypt_seal.go verify.go verify_stream.go

Constants

const DetachedSignatureArmorString = "DETACHED SIGNATURE"

DetachedSignatureArmorString is included in armor headers for detached signatures.

const EncryptionArmorString = "ENCRYPTED MESSAGE"

EncryptionArmorString is included in armor headers for encrypted messages.

const FormatName = "saltpack"

FormatName is the publicly advertised name of the format, used in the header of the message and also in Nonce creation.

const SignedArmorString = "SIGNED MESSAGE"

SignedArmorString is included in armor headers for signed messages

Variables

var (
    // ErrNoDecryptionKey is an error indicating no decryption key was found for the
    // incoming message. You'll get one of these if you respond to a Keyring.LookupSecretBoxKey
    // request with a (-1,nil) return value, and no hidden keys are found.
    ErrNoDecryptionKey = errors.New("no decryption key found for message")

    // ErrNoSenderKey indicates that on decryption/verification we couldn't find a public key
    // for the sender.
    ErrNoSenderKey = errors.New("no sender key found for message")

    // ErrTrailingGarbage indicates that additional msgpack packets were found after the
    // end of the encryption stream.
    ErrTrailingGarbage = errors.New("trailing garbage found at end of message")

    // ErrFailedToReadHeaderBytes indicates that we failed to read the
    // doubly-encoded header bytes object from the input stream.
    ErrFailedToReadHeaderBytes = errors.New("failed to read header bytes")

    // ErrPacketOverflow indicates that more than (2^64-2) packets were found in an encryption
    // stream.  This would indicate a very big message, and results in an error here.
    ErrPacketOverflow = errors.New("no more than 2^32 packets in a message are supported")

    // ErrInsufficientRandomness is generated when the encryption fails to collect
    // enough randomness to proceed.  We're using the standard crypto/rand source
    // of randomness, so this should never happen
    ErrInsufficientRandomness = errors.New("could not collect enough randomness")

    // ErrBadEphemeralKey is for when an ephemeral key fails to be properly
    // imported.
    ErrBadEphemeralKey = errors.New("bad ephermal key in header")

    // ErrBadReceivers shows up when you pass a bad receivers vector
    ErrBadReceivers = errors.New("bad receivers argument")

    // ErrBadSenderKeySecretbox is returned if the sender secretbox fails to
    // open.
    ErrBadSenderKeySecretbox = errors.New("sender secretbox failed to open")

    // ErrBadSymmetricKey is returned if a key with the wrong number of bytes
    // is discovered in the encryption header.
    ErrBadSymmetricKey = errors.New("bad symmetric key; must be 32 bytes")

    // ErrBadBoxKey is returned if a key with the wrong number of bytes
    // is discovered in the encryption header.
    ErrBadBoxKey = errors.New("bad box key; must be 32 bytes")

    // ErrBadLookup is when the user-provided key lookup gives a bad value
    ErrBadLookup = errors.New("bad key lookup")

    // ErrBadSignature is returned when verification of a block fails.
    ErrBadSignature = errors.New("invalid signature")

    // ErrDecryptionFailed is returned when a decryption fails
    ErrDecryptionFailed = errors.New("decryption failed")

    // ErrWrongNumberOfKeys is returned when the resolved list of keys isn't
    // the same length as the identifiers list.
    ErrWrongNumberOfKeys = errors.New("wrong number of resolved keys")

    // ErrUnexpectedEmptyBlock is returned when an empty block is
    // encountered that isn't both the last one and the first one
    // (for V2 and higher), or isn't the last one (for V1).
    ErrUnexpectedEmptyBlock = errors.New("unexpected empty block")

    // ErrShortSliceOrBuffer is returned when the input slice or buffer provided
    // is too short to determine if it is the beginning of a binary saltpack message
    ErrShortSliceOrBuffer = errors.New("the slice or buffer is too short to tell if it is the beginning of a saltpack message")

    // ErrNotASaltpackMessage is returned when the message given as input is not
    // a valid  saltpack message
    ErrNotASaltpackMessage = errors.New("not a saltpack message")
)
var Armor62Params = armorParams{
    BytesPerWord: 15,
    WordsPerLine: 200,
    Punctuation:  byte('.'),
    Encoding:     basex.Base62StdEncoding,
}

Armor62Params are the armoring parameters we recommend for use with a generic armorer. It specifies the spaces between words, the spacing between lines, some simple punctuation, and an encoding alphabet.

var ErrOverflow = errors.New("buffer was overflowed before we found punctuation")

ErrOverflow is returned if we were looking for punctuation but our quota was overflowed before we found the needed character.

var ErrPunctuated = errors.New("found punctuation in stream")

ErrPunctuated is produced when a punctuation character is found in the stream. It can be returned along with data, unlike usual errors.

func Armor62Open Uses

func Armor62Open(msg string) (body []byte, header string, footer string, err error)

Armor62Open runs armor stream decoding, but on a string, and it outputs a string. It does not do any validation on the header and footer. Deprecated: user Armor62OpenWithValidation instead.

func Armor62OpenWithValidation Uses

func Armor62OpenWithValidation(msg string, hc HeaderChecker, fc FrameChecker) (body []byte, brand string, header string, footer string, err error)

Armor62OpenWithValidation runs armor stream decoding, but on a string, and it outputs a string. It validates header and footer with the provided checkers (which are optional and can be nil).

func Armor62Seal Uses

func Armor62Seal(plaintext []byte, typ MessageType, brand string) (string, error)

Armor62Seal takes an input plaintext and returns and output armor encoding as a string, or an error if a problem was encountered. Also provide a header and a footer to frame the message. Uses Base62 encoding scheme

func CheckArmor62 Uses

func CheckArmor62(hdr string, ftr string, typ MessageType) (brand string, err error)

CheckArmor62 checks that the frame matches our standard begin/end frame

func CheckArmor62Frame Uses

func CheckArmor62Frame(frame Frame, typ MessageType) (brand string, err error)

CheckArmor62Frame checks that the frame matches our standard begin/end frame

func CheckKnownMajorVersion Uses

func CheckKnownMajorVersion(version Version) error

CheckKnownMajorVersion returns nil if the given version has a known major version. You probably want to use this with NewDecryptStream, unless you want to restrict to specific versions only.

func ClassifyEncryptedStreamAndMakeDecoder Uses

func ClassifyEncryptedStreamAndMakeDecoder(source io.Reader, decryptionKeyring SigncryptKeyring, keyResolver SymmetricKeyResolver) (
    plainsource io.Reader, msgType MessageType, mki *MessageKeyInfo, senderPublic SigningPublicKey, isArmored bool, brand string, ver Version, err error)

ClassifyEncryptedStreamAndMakeDecoder takes as input an io.Reader (containing an encrypted saltpack stream), a SigncryptKeyring containing the keys to use for decryption, and a SymmetricKeyResolver (used to map an identifiers to symmetric keys in an application specific way). It classifies the encrypted stream (encryption vs signcryption mode and binary vs armored format) and returns a reader for the decoded stream, as well as some informtation about the stream. The brand is only returned for armored ciphertexts, mki only for encryption-mode ciphertext, senderPublic only for signcryption-mode ciphertexts.

func ClassifyStream Uses

func ClassifyStream(stream *bufio.Reader) (isArmored bool, brand string, messageType MessageType, ver Version, err error)

ClassifyStream peeks at the beginning of a stream and checks wether it seems to contain a valid saltpack message (either armored or not). The buffer size must be at least minLengthToIdentifyBinarySaltpack bytes for binary messages, and large enough that if there is a header frame (i.e. "BEGIN FOO."), plus the first base62 encoded block (43 characters) of the steam (the default buffer size of bufio.Reader will be enough in most cases). Otherwise, ErrShortSliceOrBuffer will be returned. If err is nil, then the expected message type and version will be returned, as well as a booleand indicating if the message is ASCII-armored and the brand (for armored messages only). Note this classification is just a guess based on the beginning of the stream, and it does not guarantee that the message is valid or well formed.

func EncryptArmor62Seal Uses

func EncryptArmor62Seal(version Version, plaintext []byte, sender BoxSecretKey, receivers []BoxPublicKey, brand string) (string, error)

EncryptArmor62Seal is the non-streaming version of NewEncryptArmor62Stream, which inputs a plaintext (in bytes) and output a ciphertext (as a string).

Code:

var err error

// Make a new Keyring, initialized to be empty
keyring := basic.NewKeyring()

// The test message
msg := []byte("The Magic Words are Squeamish Ossifrage")

// Make a secret key for the sender
var sender saltpack.BoxSecretKey
sender, err = keyring.GenerateBoxKey()
if err != nil {
    return
}

// And one for the receiver
var receiver saltpack.BoxSecretKey
receiver, err = keyring.GenerateBoxKey()
if err != nil {
    return
}

// AllReceivers can contain more receivers (like the sender)
// but for now, just the one.
var ciphertext string
allReceivers := []saltpack.BoxPublicKey{receiver.GetPublicKey()}
ciphertext, err = saltpack.EncryptArmor62Seal(saltpack.CurrentVersion(), msg, sender, allReceivers, "")
if err != nil {
    return
}

// The decrypted message should match the input mesasge.
var msg2 []byte
_, msg2, _, err = saltpack.Dearmor62DecryptOpen(saltpack.CheckKnownMajorVersion, ciphertext, keyring)
if err != nil {
    return
}

fmt.Println(string(msg2))

Output:

The Magic Words are Squeamish Ossifrage

func IsSaltpackArmored Uses

func IsSaltpackArmored(stream *bufio.Reader) (brand string, msgType MessageType, ver Version, err error)

IsSaltpackArmored peeks into the provided bufio.Reader to determine whether it encodes an ASCII-armored saltpack message. It does not consume any of the reader's bytes. The buffer size of the reader must be sufficient to contain the header frame plus the first Base62 encoded block of the payload. It returns a non nil error if the buffer size of the reader is not large enough to make this determination (ErrShortSliceOrBuffer), or if the stream does not appear to contain a valid saltpack message. If err is nil, then the brand, version and expected type of the message will be returned, but this does *NOT* guarantee that the rest of the message is well formed.

func IsSaltpackArmoredPrefix Uses

func IsSaltpackArmoredPrefix(pref string) (brand string, messageType MessageType, ver Version, err error)

IsSaltpackArmoredPrefix tries to determine whether the string is the prefix of a valid ASCII-armored saltpack message. The prefix must be large enough to contain the header frame plus the first Base62 encoded block of the payload. It returns a non nil error if the buffer size of the reader is not large enough to make this determination (ErrShortSliceOrBuffer), or if the stream does not appear to contain a valid saltpack message. If err is nil, then the brand, version and expected type of the message will be returned, but this does *NOT* guarantee that the rest of the message is well formed.

func IsSaltpackBinary Uses

func IsSaltpackBinary(stream *bufio.Reader) (msgType MessageType, version Version, err error)

IsSaltpackBinary peeks into the provided bufio.Reader to determine whether it encodes a binary saltpack message. It does not consume any of the reader's bytes (whose buffer length must be at least minLengthToIdentifyBinarySaltpack). It returns a non nil error if the buffer size of the reader is not large enough (ErrShortSliceOrBuffer), or if the stream does not appear to contain a binary saltpack message. If err is nil, msgType will return the type of the encoded message, but this does *NOT* guarantee that the rest of the message is well formed.

func IsSaltpackBinarySlice Uses

func IsSaltpackBinarySlice(b []byte) (msgType MessageType, version Version, err error)

IsSaltpackBinarySlice tries to determine if the input slice encodes the beginning of a binary saltpack message. It returns a non nil error if the slice is not long enough to make this determination, or if it does not appear to contain a binary saltpack message. If err is nil, msgType will return the type of the encoded message, but this does *NOT* guarantee that the rest of the message is well formed.

func MakeArmorFooter Uses

func MakeArmorFooter(typ MessageType, brand string) string

MakeArmorFooter makes the armor footer for the message type for the given "brand"

func MakeArmorHeader Uses

func MakeArmorHeader(typ MessageType, brand string) string

MakeArmorHeader makes the armor header for the message type for the given "brand"

func NewArmor62EncoderStream Uses

func NewArmor62EncoderStream(encoded io.Writer, typ MessageType, brand string) (io.WriteCloser, error)

NewArmor62EncoderStream makes a new Armor 62 encoding stream, using the base62-alphabet and a 32/43 encoding rate strategy. Pass it an `encoded` stream writer to write the encoded stream to. Also pass an optional "brand" . It will return an io.WriteCloser on success, that you can write raw (unencoded) data to. An error will be returned if there is trouble writing the header to encoded.

To make the output look pretty, a space is inserted every 15 characters of output, and a newline is inserted every 200 words.

func NewEncryptArmor62Stream Uses

func NewEncryptArmor62Stream(version Version, ciphertext io.Writer, sender BoxSecretKey, receivers []BoxPublicKey, brand string) (plaintext io.WriteCloser, err error)

NewEncryptArmor62Stream creates a stream that consumes plaintext data. It will write out encrypted data to the io.Writer passed in as ciphertext. The encryption is from the specified sender, and is encrypted for the given receivers.

The "brand" is the optional "brand" string to put into the header and footer.

The ciphertext is additionally armored with the recommended armor62-style format.

If initialization succeeds, returns an io.WriteCloser that accepts plaintext data to be encrypted and a nil error. Otherwise, returns nil and the initialization error.

Code:

var err error

// Make a new Keyring, initialized to be empty
keyring := basic.NewKeyring()

// The test message
plaintext := "The Magic Words are Squeamish Ossifrage"

// Make a secret key for the sender
var sender saltpack.BoxSecretKey
sender, err = keyring.GenerateBoxKey()
if err != nil {
    return
}

// And one for the receiver
var receiver saltpack.BoxSecretKey
receiver, err = keyring.GenerateBoxKey()
if err != nil {
    return
}

// AllReceivers can contain more receivers (like the sender)
// but for now, just the one.
var output bytes.Buffer
allReceivers := []saltpack.BoxPublicKey{receiver.GetPublicKey()}
var input io.WriteCloser
input, err = saltpack.NewEncryptArmor62Stream(saltpack.CurrentVersion(), &output, sender, allReceivers, "")
if err != nil {
    return
}
// Write plaintext into the returned WriteCloser stream
input.Write([]byte(plaintext))
// And close when we're done
input.Close()

// The decrypted message
var plaintextOutput io.Reader
_, plaintextOutput, _, err = saltpack.NewDearmor62DecryptStream(saltpack.CheckKnownMajorVersion, &output, keyring)
if err != nil {
    return
}

// Copy all of the data out of the output decrypted stream, and into standard
// output, here for testing / comparison purposes.
io.Copy(os.Stdout, plaintextOutput)
os.Stdout.Write([]byte{'\n'})

Output:

The Magic Words are Squeamish Ossifrage

func NewEncryptStream Uses

func NewEncryptStream(version Version, ciphertext io.Writer, sender BoxSecretKey, receivers []BoxPublicKey) (io.WriteCloser, error)

NewEncryptStream creates a stream that consumes plaintext data. It will write out encrypted data to the io.Writer passed in as ciphertext. The encryption is from the specified sender, and is encrypted for the given receivers.

If initialization succeeds, returns an io.WriteCloser that accepts plaintext data to be encrypted and a nil error. Otherwise, returns nil and the initialization error.

func NewSignArmor62Stream Uses

func NewSignArmor62Stream(version Version, signedtext io.Writer, signer SigningSecretKey, brand string) (stream io.WriteCloser, err error)

NewSignArmor62Stream creates a stream that consumes plaintext data. It will write out signed data to the io.Writer passed in as signedtext. The `brand` is optional, and allows you to specify your "white label" brand to this signature. NewSignArmor62Stream only generates attached signatures.

The signed data is armored with the recommended armor62-style format.

Code:

var err error

// Make a new Keyring, initialized to be empty
keyring := basic.NewKeyring()

// The test message
msg := []byte("The Magic Words are Squeamish Ossifrage")

// Make a secret key for the sender
var signer saltpack.SigningSecretKey
signer, err = keyring.GenerateSigningKey()
if err != nil {
    return
}

// Make a new signature stream. We write the input data into
// the input stream, and we read output out of the output stream.
// In this case, the output stream is just a buffer.
var input io.WriteCloser
var output bytes.Buffer
input, err = saltpack.NewSignArmor62Stream(saltpack.CurrentVersion(), &output, signer, "")
if err != nil {
    return
}

// Write the message into the input stream, and then close
input.Write(msg)
input.Close()

// The verified message. We pass the signed stream as the first argument
// as a stream (here a bytes.Buffer which is output from above), and read the
// verified data out of verified stream.
var verifiedStream io.Reader
var signingPublicKey saltpack.SigningPublicKey
signingPublicKey, verifiedStream, _, err = saltpack.NewDearmor62VerifyStream(saltpack.CheckKnownMajorVersion, &output, keyring)
if err != nil {
    return
}

// Assert we got the right key back.
if saltpack.PublicKeyEqual(signingPublicKey, signer.GetPublicKey()) {
    fmt.Println("The right key")
}

// Copy all of the data out of the verified stream, and into standard
// output, here for testing / comparison purposes.
io.Copy(os.Stdout, verifiedStream)
os.Stdout.Write([]byte{'\n'})

Output:

The right key
The Magic Words are Squeamish Ossifrage

func NewSignDetachedArmor62Stream Uses

func NewSignDetachedArmor62Stream(version Version, detachedsig io.Writer, signer SigningSecretKey, brand string) (stream io.WriteCloser, err error)

NewSignDetachedArmor62Stream creates a stream that consumes plaintext data. It will write out the detached signature to the io.Writer passed in as detachedsig. The `brand` is optional, and allows you to specify your "white label" brand to this signature.

The signed data is armored with the recommended armor62-style NewSignDetachedArmor62Stream only generates detached signatures.

The signature is armored with the recommended armor62-style format.

func NewSignDetachedStream Uses

func NewSignDetachedStream(version Version, detachedsig io.Writer, signer SigningSecretKey) (stream io.WriteCloser, err error)

NewSignDetachedStream creates a stream that consumes plaintext data. It will write out a detached signature to the io.Writer passed in as detachedsig.

func NewSignStream Uses

func NewSignStream(version Version, signedtext io.Writer, signer SigningSecretKey) (stream io.WriteCloser, err error)

NewSignStream creates a stream that consumes plaintext data. It will write out signed data to the io.Writer passed in as signedtext. NewSignStream only generates attached signatures.

func NewSigncryptArmor62SealStream Uses

func NewSigncryptArmor62SealStream(ciphertext io.Writer, ephemeralKeyCreator EphemeralKeyCreator, sender SigningSecretKey, receiverBoxKeys []BoxPublicKey, receiverSymmetricKeys []ReceiverSymmetricKey, brand string) (plaintext io.WriteCloser, err error)

NewSigncryptArmor62SealStream creates a stream that consumes plaintext data. It will write out signcrypted data to the io.Writer passed in as ciphertext. The signcryption is from the specified sender, and is signcrypted for the given receivers.

The "brand" is the optional "brand" string to put into the header and footer.

The ciphertext is additionally armored with the recommended armor62-style format.

If initialization succeeds, returns an io.WriteCloser that accepts plaintext data to be signcrypted and a nil error. Otherwise, returns nil and the initialization error.

ephemeralKeyCreator should be the last argument; it's the 2nd one to preserve the public API.

func NewSigncryptSealStream Uses

func NewSigncryptSealStream(ciphertext io.Writer, ephemeralKeyCreator EphemeralKeyCreator, sender SigningSecretKey, receiverBoxKeys []BoxPublicKey, receiverSymmetricKeys []ReceiverSymmetricKey) (io.WriteCloser, error)

NewSigncryptSealStream creates a stream that consumes plaintext data. It will write out signed and encrypted data to the io.Writer passed in as ciphertext. The encryption is from the specified sender, and is encrypted for the given receivers.

ephemeralKeyCreator should be the last argument; it's the 2nd one to preserve the public API.

If initialization succeeds, returns an io.WriteCloser that accepts plaintext data to be encrypted and a nil error. Otherwise, returns nil and the initialization error.

func PublicKeyEqual Uses

func PublicKeyEqual(k1, k2 BasePublicKey) bool

PublicKeyEqual returns true if the two public keys are equal.

func Seal Uses

func Seal(version Version, plaintext []byte, sender BoxSecretKey, receivers []BoxPublicKey) (out []byte, err error)

Seal a plaintext from the given sender, for the specified receiver groups. Returns a ciphertext, or an error if something bad happened.

func Sign Uses

func Sign(version Version, plaintext []byte, signer SigningSecretKey) ([]byte, error)

Sign creates an attached signature message of plaintext from signer.

func SignArmor62 Uses

func SignArmor62(version Version, plaintext []byte, signer SigningSecretKey, brand string) (string, error)

SignArmor62 creates an attached armored signature message of plaintext from signer.

Code:

var err error

// Make a new Keyring, initialized to be empty
keyring := basic.NewKeyring()

// The test message
msg := []byte("The Magic Words are Squeamish Ossifrage")

// Make a secret key for the sender
var signer saltpack.SigningSecretKey
signer, err = keyring.GenerateSigningKey()
if err != nil {
    return
}

var signed string
signed, err = saltpack.SignArmor62(saltpack.CurrentVersion(), msg, signer, "")
if err != nil {
    return
}

// The verified message should match the input mesasge.
var verifiedMsg []byte
var signingPublicKey saltpack.SigningPublicKey
signingPublicKey, verifiedMsg, _, err = saltpack.Dearmor62Verify(saltpack.CheckKnownMajorVersion, signed, keyring)
if err != nil {
    return
}

if saltpack.PublicKeyEqual(signingPublicKey, signer.GetPublicKey()) {
    fmt.Println("The right key")
}

fmt.Println(string(verifiedMsg))

Output:

The right key
The Magic Words are Squeamish Ossifrage

func SignDetached Uses

func SignDetached(version Version, plaintext []byte, signer SigningSecretKey) ([]byte, error)

SignDetached returns a detached signature of plaintext from signer.

func SignDetachedArmor62 Uses

func SignDetachedArmor62(version Version, plaintext []byte, signer SigningSecretKey, brand string) (string, error)

SignDetachedArmor62 returns a detached armored signature of plaintext from signer.

func SigncryptArmor62Seal Uses

func SigncryptArmor62Seal(plaintext []byte, ephemeralKeyCreator EphemeralKeyCreator, sender SigningSecretKey, receiverBoxKeys []BoxPublicKey, receiverSymmetricKeys []ReceiverSymmetricKey, brand string) (string, error)

SigncryptArmor62Seal is the non-streaming version of NewSigncryptArmor62SealStream, which inputs a plaintext (in bytes) and output a ciphertext (as a string).

ephemeralKeyCreator should be the last argument; it's the 2nd one to preserve the public API.

func SigncryptSeal Uses

func SigncryptSeal(plaintext []byte, ephemeralKeyCreator EphemeralKeyCreator, sender SigningSecretKey, receiverBoxKeys []BoxPublicKey, receiverSymmetricKeys []ReceiverSymmetricKey) (out []byte, err error)

SigncryptSeal a plaintext from the given sender, for the specified receiver groups. Returns a ciphertext, or an error if something bad happened.

ephemeralKeyCreator should be the last argument; it's the 2nd one to preserve the public API.

type BasePublicKey Uses

type BasePublicKey interface {
    // ToKID outputs the "key ID" that corresponds to this key.
    // You can do whatever you'd like here, but probably it makes sense just
    // to output the public key as is.
    ToKID() []byte
}

BasePublicKey types can output a key ID corresponding to the key.

type BoxPrecomputedSharedKey Uses

type BoxPrecomputedSharedKey interface {
    Unbox(nonce Nonce, msg []byte) ([]byte, error)
    Box(nonce Nonce, msg []byte) []byte
}

BoxPrecomputedSharedKey results from a Precomputation below.

type BoxPublicKey Uses

type BoxPublicKey interface {
    BasePublicKey
    // Implement EphemeralKeyCreator to avoid breaking the public API.
    EphemeralKeyCreator

    // ToRawBoxKeyPointer returns this public key as a *[32]byte,
    // for use with nacl.box.Seal
    ToRawBoxKeyPointer() *RawBoxKey

    // HideIdentity returns true if we should hide the identity of this
    // key in our output message format.
    HideIdentity() bool
}

BoxPublicKey is an generic interface to NaCl's public key Box function.

type BoxSecretKey Uses

type BoxSecretKey interface {

    // Box boxes up data, sent from this secret key, and to the receiver
    // specified.
    Box(receiver BoxPublicKey, nonce Nonce, msg []byte) []byte

    // Unbox opens up the box, using this secret key as the receiver key
    // abd the give public key as the sender key.
    Unbox(sender BoxPublicKey, nonce Nonce, msg []byte) ([]byte, error)

    // GetPublicKey gets the public key associated with this secret key.
    GetPublicKey() BoxPublicKey

    // Precompute computes a DH with the given key
    Precompute(peer BoxPublicKey) BoxPrecomputedSharedKey
}

BoxSecretKey is the secret key corresponding to a BoxPublicKey

type EncryptionHeader Uses

type EncryptionHeader struct {
    FormatName      string         `codec:"format_name"`
    Version         Version        `codec:"vers"`
    Type            MessageType    `codec:"type"`
    Ephemeral       []byte         `codec:"ephemeral"`
    SenderSecretbox []byte         `codec:"sendersecretbox"`
    Receivers       []receiverKeys `codec:"rcvrs"`
    // contains filtered or unexported fields
}

EncryptionHeader is the first packet in an encrypted message. It contains the encryptions of the session key, and various message metadata. This same struct is used for the signcryption mode as well, though the key types represented by the []byte arrays are different. (For example in the signcryption mode, the sender secretbox contains a *signing* key instead of an encryption key, and the receiver identifier takes a different form.)

type EphemeralKeyCreator Uses

type EphemeralKeyCreator interface {
    // CreateEmphemeralKey creates a random ephemeral key.
    CreateEphemeralKey() (BoxSecretKey, error)
}

EphemeralKeyCreator is an interface for objects that can create random ephemeral keys.

type ErrBadCiphertext Uses

type ErrBadCiphertext packetSeqno

ErrBadCiphertext is generated when decryption fails due to improper authentication. It specifies which Packet sequence number the bad packet was in.

func (ErrBadCiphertext) Error Uses

func (e ErrBadCiphertext) Error() string

type ErrBadFrame Uses

type ErrBadFrame struct {
    // contains filtered or unexported fields
}

ErrBadFrame shows up when the BEGIN or END frames have issues

func (ErrBadFrame) Error Uses

func (e ErrBadFrame) Error() string

type ErrBadTag Uses

type ErrBadTag packetSeqno

ErrBadTag is generated when a payload hash doesn't match the hash authenticator. It specifies which Packet sequence number the bad packet was in.

func (ErrBadTag) Error Uses

func (e ErrBadTag) Error() string

type ErrBadVersion Uses

type ErrBadVersion struct {
    // contains filtered or unexported fields
}

ErrBadVersion is returned if a packet of an unsupported version is found. Current, only Version1 is supported.

func (ErrBadVersion) Error Uses

func (e ErrBadVersion) Error() string

type ErrInvalidParameter Uses

type ErrInvalidParameter struct {
    // contains filtered or unexported fields
}

ErrInvalidParameter signifies that a function was called with an invalid parameter.

func (ErrInvalidParameter) Error Uses

func (e ErrInvalidParameter) Error() string

type ErrRepeatedKey Uses

type ErrRepeatedKey []byte

ErrRepeatedKey is produced during encryption if a key is repeated; keys must be unique.

func (ErrRepeatedKey) Error Uses

func (e ErrRepeatedKey) Error() string

type ErrWrongMessageType Uses

type ErrWrongMessageType struct {
    // contains filtered or unexported fields
}

ErrWrongMessageType is produced if one packet tag was expected, but a packet of another tag was found.

func (ErrWrongMessageType) Error Uses

func (e ErrWrongMessageType) Error() string

type Frame Uses

type Frame interface {
    // GetHeader() returns the header of the frame associated with this stream, or an error
    GetHeader() (string, error)
    // GetFooter() returns the footer of the frame associated with this stream, or an error
    GetFooter() (string, error)
    // GetBrand() returns the brand contained in this frame's header, or an error
    GetBrand() (string, error)
}

Frame is a way to read the frame out of a Decoder stream.

func NewArmor62DecoderStream Uses

func NewArmor62DecoderStream(r io.Reader, hc HeaderChecker, fc FrameChecker) (io.Reader, Frame, error)

NewArmor62DecoderStream is used to decode input base62-armoring format. It returns a stream you can read from, and also a Frame you can query to see what the open/close frame markers were. hc and fc are optional and can be nil.

type FrameChecker Uses

type FrameChecker func(header, footer string) (string, error)

FrameChecker is a function intended to check the frame of the armor is valid. Optionally, it can return some information about such frame (tipycally the brand). If the frame is invalid, a non nil error should be returned.

type HeaderChecker Uses

type HeaderChecker func(header string) (string, error)

HeaderChecker is a function intended to check that an header (the initial part of an armor before and not including the first punctuation) is valid. Optionally, it can return some information about such frame (tipycally the brand). If the frame is invalid, a non nil error should be returned.

type Keyring Uses

type Keyring interface {
    // Implement EphemeralKeyCreator to avoid breaking the public API.
    EphemeralKeyCreator

    // LookupBoxSecretKey looks in the Keyring for the secret key corresponding
    // to one of the given Key IDs.  Returns the index and the key on success,
    // or -1 and nil on failure.
    LookupBoxSecretKey(kids [][]byte) (int, BoxSecretKey)

    // LookupBoxPublicKey returns a public key given the specified key ID.
    // For most cases, the key ID will be the key itself.
    LookupBoxPublicKey(kid []byte) BoxPublicKey

    // GetAllSecretKeys returns all keys, needed if we want to support
    // "hidden" receivers via trial and error
    GetAllBoxSecretKeys() []BoxSecretKey

    // ImportEphemeralKey imports the ephemeral key into
    // BoxPublicKey format. This key has never been seen before, so
    // will be ephemeral.
    ImportBoxEphemeralKey(kid []byte) BoxPublicKey
}

Keyring is an interface used with decryption; it is called to recover public or private keys during the decryption process. Calls can block on network action.

type MessageKeyInfo Uses

type MessageKeyInfo struct {
    // These fields are cryptographically verified
    SenderKey      BoxPublicKey
    SenderIsAnon   bool
    ReceiverKey    BoxSecretKey
    ReceiverIsAnon bool

    // These fields are not cryptographically verified, and are just repeated from what
    // we saw in the incoming message.
    NamedReceivers   [][]byte
    NumAnonReceivers int
}

MessageKeyInfo conveys all of the data about the keys used in this encrypted message.

func Dearmor62DecryptOpen Uses

func Dearmor62DecryptOpen(versionValidator VersionValidator, ciphertext string, kr Keyring) (*MessageKeyInfo, []byte, string, error)

Dearmor62DecryptOpen takes an armor62'ed, encrypted ciphertext and attempts to dearmor and decrypt it, using the provided keyring. Checks that the frames in the armor are as expected. Returns the MessageKeyInfo recovered during message processing, the plaintext (if decryption succeeded), the armor branding, and maybe an error if there was a failure.

func NewDearmor62DecryptStream Uses

func NewDearmor62DecryptStream(versionValidator VersionValidator, ciphertext io.Reader, kr Keyring) (*MessageKeyInfo, io.Reader, string, error)

NewDearmor62DecryptStream makes a new stream that dearmors and decrypts the given Reader stream. Pass it a keyring so that it can lookup private and public keys as necessary. Returns the MessageKeyInfo recovered during header processing, an io.Reader stream from which you can read the plaintext, the armor branding, and maybe an error if there was a failure.

func NewDecryptStream Uses

func NewDecryptStream(versionValidator VersionValidator, r io.Reader, keyring Keyring) (mki *MessageKeyInfo, plaintext io.Reader, err error)

NewDecryptStream starts a streaming decryption. It synchronously ingests and parses the given Reader's encryption header. It consults the passed keyring for the decryption keys needed to decrypt the message. On failure, it returns a null Reader and an error message. On success, it returns a Reader with the plaintext stream, and a nil error. In either case, it will return a `MessageKeyInfo` which tells about who the sender was, and which of the Receiver's keys was used to decrypt the message.

Note that the caller has an opportunity not to ingest the plaintext if he doesn't trust the sender revealed in the MessageKeyInfo.

func Open Uses

func Open(versionValidator VersionValidator, ciphertext []byte, keyring Keyring) (i *MessageKeyInfo, plaintext []byte, err error)

Open simply opens a ciphertext given the set of keys in the specified keyring. It returns a plaintext on success, and an error on failure. It returns the header's MessageKeyInfo in either case.

type MessageType Uses

type MessageType int

MessageType is an int used to describe what "type" of message it is.

const MessageTypeAttachedSignature MessageType = 1

MessageTypeAttachedSignature is a packet type to describe an attached signature.

const MessageTypeDetachedSignature MessageType = 2

MessageTypeDetachedSignature is a packet type to describe a detached signature.

const MessageTypeEncryption MessageType = 0

MessageTypeEncryption is a packet type to describe an encryption message.

const MessageTypeSigncryption MessageType = 3

MessageTypeSigncryption is a packet type to describe a signcrypted message.

const MessageTypeUnknown MessageType = -1

MessageTypeUnknown is used by the decoding functions to indicate an unknown message type or a decoding error. This is NOT a constant in the saltpack spec, and is specific to this library implementation.

func (MessageType) String Uses

func (m MessageType) String() string

type Nonce Uses

type Nonce [nonceBytes]byte

Nonce is a NaCl-style nonce, with 24 bytes of data, some of which can be counter values, and some of which can be random-ish values.

type RawBoxKey Uses

type RawBoxKey [32]byte

RawBoxKey is the raw byte-representation of what a box key should look like, a static 32-byte buffer. Used for NaCl Box.

type ReceiverSymmetricKey Uses

type ReceiverSymmetricKey struct {
    // In practice these identifiers will be KBFS TLF keys.
    Key SymmetricKey
    // In practice these identifiers will be KBFS TLF pseudonyms.
    Identifier []byte
}

ReceiverSymmetricKey is a symmetric key paired with an identifier.

type SigKeyring Uses

type SigKeyring interface {
    // LookupSigningPublicKey returns a public signing key for the specified key ID.
    LookupSigningPublicKey(kid []byte) SigningPublicKey
}

SigKeyring is an interface used during verification to find the public key for the signer of a message.

type SignatureHeader Uses

type SignatureHeader struct {
    FormatName   string      `codec:"format_name"`
    Version      Version     `codec:"vers"`
    Type         MessageType `codec:"type"`
    SenderPublic []byte      `codec:"sender_public"`
    Nonce        []byte      `codec:"nonce"`
    // contains filtered or unexported fields
}

SignatureHeader is the first packet in a signed message.

type SigncryptKeyring Uses

type SigncryptKeyring interface {
    Keyring
    SigKeyring
}

SigncryptKeyring is a combination of the Keyring and SigKeyring interfaces.

type SigncryptionHeader Uses

type SigncryptionHeader EncryptionHeader

The SigncryptionHeader has exactly the same structure as the EncryptionHeader, though the byte slices represent different types of keys.

type SigningPublicKey Uses

type SigningPublicKey interface {
    BasePublicKey

    // Verify verifies that signature is a valid signature of message for
    // this public key.
    Verify(message []byte, signature []byte) error
}

SigningPublicKey is a public NaCl key that can verify signatures.

func Dearmor62SigncryptOpen Uses

func Dearmor62SigncryptOpen(ciphertext string, keyring SigncryptKeyring, resolver SymmetricKeyResolver) (SigningPublicKey, []byte, string, error)

Dearmor62SigncryptOpen takes an armor62'ed, encrypted ciphertext and attempts to dearmor and decrypt it, using the provided keyring. Checks that the frames in the armor are as expected. Returns the sender key recovered during message processing, the plaintext (if decryption succeeded), the armor branding, and maybe an error if there was a failure.

func Dearmor62Verify Uses

func Dearmor62Verify(versionValidator VersionValidator, signedMsg string, keyring SigKeyring) (skey SigningPublicKey, verifiedMsg []byte, brand string, err error)

Dearmor62Verify checks the signature in signedMsg. It returns the signer's public key and a verified message. It expects signedMsg to be armor62-encoded.

func Dearmor62VerifyDetached Uses

func Dearmor62VerifyDetached(versionValidator VersionValidator, message []byte, signature string, keyring SigKeyring) (skey SigningPublicKey, brand string, err error)

Dearmor62VerifyDetached verifies that signature is a valid armor62-encoded signature for message, and that the public key for the signer is in keyring. It returns the signer's public key.

func Dearmor62VerifyDetachedReader Uses

func Dearmor62VerifyDetachedReader(versionValidator VersionValidator, r io.Reader, signature string, keyring SigKeyring) (skey SigningPublicKey, brand string, err error)

Dearmor62VerifyDetachedReader verifies that signature is a valid armor62-encoded signature for entire message read from Reader, and that the public key for the signer is in keyring. It returns the signer's public key.

func NewDearmor62SigncryptOpenStream Uses

func NewDearmor62SigncryptOpenStream(ciphertext io.Reader, keyring SigncryptKeyring, resolver SymmetricKeyResolver) (SigningPublicKey, io.Reader, string, error)

NewDearmor62SigncryptOpenStream makes a new stream that dearmors and decrypts the given Reader stream. Pass it a keyring so that it can lookup private and public keys as necessary. Returns the MessageKeyInfo recovered during header processing, an io.Reader stream from which you can read the plaintext, the armor branding, and maybe an error if there was a failure.

func NewDearmor62VerifyStream Uses

func NewDearmor62VerifyStream(versionValidator VersionValidator, r io.Reader, keyring SigKeyring) (skey SigningPublicKey, vs io.Reader, brand string, err error)

NewDearmor62VerifyStream creates a stream that consumes data from reader r. It returns the signer's public key and a reader that only contains verified data. If the signer's key is not in keyring, it will return an error. It expects the data it reads from r to be armor62-encoded.

func NewSigncryptOpenStream Uses

func NewSigncryptOpenStream(r io.Reader, keyring SigncryptKeyring, resolver SymmetricKeyResolver) (senderPub SigningPublicKey, plaintext io.Reader, err error)

NewSigncryptOpenStream starts a streaming verification and decryption. It synchronously ingests and parses the given Reader's encryption header. It consults the passed keyring for the decryption keys needed to decrypt the message. On failure, it returns a null Reader and an error message. On success, it returns a Reader with the plaintext stream, and a nil error. In either case, it will return a `MessageKeyInfo` which tells about who the sender was, and which of the Receiver's keys was used to decrypt the message.

Note that the caller has an opportunity not to ingest the plaintext if he doesn't trust the sender revealed in the MessageKeyInfo.

func NewVerifyStream Uses

func NewVerifyStream(versionValidator VersionValidator, r io.Reader, keyring SigKeyring) (skey SigningPublicKey, vs io.Reader, err error)

NewVerifyStream creates a stream that consumes data from reader r. It returns the signer's public key and a reader that only contains verified data. If the signer's key is not in keyring, it will return an error.

func SigncryptOpen Uses

func SigncryptOpen(ciphertext []byte, keyring SigncryptKeyring, resolver SymmetricKeyResolver) (senderPub SigningPublicKey, plaintext []byte, err error)

SigncryptOpen simply opens a ciphertext given the set of keys in the specified keyring. It returns a plaintext on sucess, and an error on failure. It returns the header's MessageKeyInfo in either case.

func Verify Uses

func Verify(versionValidator VersionValidator, signedMsg []byte, keyring SigKeyring) (skey SigningPublicKey, verifiedMsg []byte, err error)

Verify checks the signature in signedMsg. It returns the signer's public key and a verified message.

func VerifyDetached Uses

func VerifyDetached(versionValidator VersionValidator, message, signature []byte, keyring SigKeyring) (skey SigningPublicKey, err error)

VerifyDetached verifies that signature is a valid signature for message, and that the public key for the signer is in keyring. It returns the signer's public key.

func VerifyDetachedReader Uses

func VerifyDetachedReader(versionValidator VersionValidator, message io.Reader, signature []byte, keyring SigKeyring) (skey SigningPublicKey, err error)

VerifyDetachedReader verifies that signature is a valid signature for entire message read from message Reader, and that the public key for the signer is in keyring. It returns the signer's public key.

type SigningSecretKey Uses

type SigningSecretKey interface {
    // Sign signs message with this secret key.
    Sign(message []byte) ([]byte, error)

    // GetPublicKey gets the public key associated with this secret key.
    GetPublicKey() SigningPublicKey
}

SigningSecretKey is a secret NaCl key that can sign messages.

type SymmetricKey Uses

type SymmetricKey [32]byte

SymmetricKey is a template for a symmetric key, a 32-byte static buffer. Used for NaCl SecretBox.

type SymmetricKeyResolver Uses

type SymmetricKeyResolver interface {
    ResolveKeys(identifiers [][]byte) ([]*SymmetricKey, error)
}

SymmetricKeyResolver is an interface for resolving identifiers to keys.

type Version Uses

type Version struct {
    Major int `codec:"major"`
    Minor int `codec:"minor"`
    // contains filtered or unexported fields
}

Version is a major.minor pair that shows the version of the whole file

func CurrentVersion Uses

func CurrentVersion() Version

CurrentVersion returns the Version for the currently-used Saltpack version.

func KnownVersions Uses

func KnownVersions() []Version

KnownVersions returns all known Saltpack versions.

func Version1 Uses

func Version1() Version

Version1 returns the Version for Saltpack V1.

func Version2 Uses

func Version2() Version

Version2 returns the Version for Saltpack V2.

func (Version) String Uses

func (v Version) String() string

type VersionValidator Uses

type VersionValidator func(version Version) error

VersionValidator is a function that takes a version and returns nil if it's a valid version, and an error otherwise.

func SingleVersionValidator Uses

func SingleVersionValidator(desiredVersion Version) VersionValidator

SingleVersionValidator returns a VersionValidator that returns nil if its given version is equal to desiredVersion.

Directories

PathSynopsis
basicPackage basic is a basic implementation of a saltpack key/keyring configuration.
encoding/basex

Package saltpack imports 19 packages (graph) and is imported by 9 packages. Updated 2018-08-29. Refresh now. Tools for package owners.