README
¶
keys.pub
☢ This project is in development and has not been audited or reviewed. Use at your own risk. ☢
Documentation
Visit keys.pub.
Repositories
| Repo | Description |
|---|---|
| keys-pub/keys | Key management, signing and encryption, including keys/saltpack and keys/keyring. |
| keys-pub/keys-ext | Extensions: Service (gRPC), command line client, DB, Firestore, HTTP API/Client/Server, Git, Wormhole, etc. |
| keys-pub/app | Desktop app. |
Documentation
¶
Index ¶
- Constants
- Variables
- func BoxOpen(encrypted []byte, sender *X25519PublicKey, recipient *X25519Key) ([]byte, error)
- func BoxSeal(b []byte, recipient *X25519PublicKey, sender *X25519Key) []byte
- func Bytes16(b []byte) *[16]byte
- func Bytes24(b []byte) *[24]byte
- func Bytes32(b []byte) *[32]byte
- func Bytes64(b []byte) *[64]byte
- func CryptoBoxSeal(b []byte, publicKey *X25519PublicKey) []byte
- func CryptoBoxSealOpen(b []byte, key *X25519Key) ([]byte, error)
- func DecryptWithPassword(encrypted []byte, password string) ([]byte, error)
- func EncodeSSHKey(key Key, password string) (string, error)
- func EncryptWithPassword(b []byte, password string) []byte
- func HKDFSHA256(secret []byte, len int, salt []byte, info []byte) []byte
- func HMACSHA256(key []byte, msg []byte) []byte
- func IDsToString(ids []ID, delim string) string
- func IDsToStrings(ids []ID) []string
- func IsTemporaryError(err error) bool
- func IsValidID(s string) bool
- func KeyForPassword(password string, salt []byte) (*[32]byte, error)
- func NewErrNotFound(id string) error
- func Rand16() *[16]byte
- func Rand24() *[24]byte
- func Rand32() *[32]byte
- func RandBase62(numBytes int) string
- func RandBytes(length int) []byte
- func RandDigits(length int) string
- func RandFileName() string
- func RandHex(numBytes int) string
- func RandPassword(length int, opt ...PasswordOption) string
- func RandPhrase() string
- func RandTempPath() string
- func RandUsername(length int) string
- func RandWords(numWords int) string
- func RetryE(fn func() error) error
- func RetrySE(fn func() (string, error)) (string, error)
- func SecretBoxOpen(encrypted []byte, secretKey *[32]byte) ([]byte, error)
- func SecretBoxSeal(b []byte, secretKey *[32]byte) []byte
- func SetLogger(l Logger)
- func SigchainHash(st *Statement) (*[32]byte, error)
- func StatementID(kid ID, seq int) string
- func X25519Match(expected ID, kid ID) bool
- type Address
- type CertificateKey
- type EdX25519Key
- func (k *EdX25519Key) EncodeToSSH(password []byte) ([]byte, error)
- func (k *EdX25519Key) Equal(o *EdX25519Key) bool
- func (k *EdX25519Key) ID() ID
- func (k *EdX25519Key) MarshalText() ([]byte, error)
- func (k *EdX25519Key) PaperKey() string
- func (k *EdX25519Key) Private() []byte
- func (k *EdX25519Key) PrivateKey() *[ed25519.PrivateKeySize]byte
- func (k *EdX25519Key) Public() []byte
- func (k *EdX25519Key) PublicKey() *EdX25519PublicKey
- func (k *EdX25519Key) SSHSigner() ssh.Signer
- func (k *EdX25519Key) Seed() *[ed25519.SeedSize]byte
- func (k *EdX25519Key) Sign(b []byte) []byte
- func (k *EdX25519Key) SignDetached(b []byte) []byte
- func (k *EdX25519Key) Signer() crypto.Signer
- func (k *EdX25519Key) String() string
- func (k *EdX25519Key) Type() KeyType
- func (k *EdX25519Key) UnmarshalText(s []byte) error
- func (k *EdX25519Key) X25519Key() *X25519Key
- type EdX25519PublicKey
- func (k *EdX25519PublicKey) Bytes() []byte
- func (k *EdX25519PublicKey) EncodeToSSHAuthorized() []byte
- func (k *EdX25519PublicKey) ID() ID
- func (k *EdX25519PublicKey) Private() []byte
- func (k *EdX25519PublicKey) Public() []byte
- func (k *EdX25519PublicKey) String() string
- func (k *EdX25519PublicKey) Type() KeyType
- func (k *EdX25519PublicKey) Verify(b []byte) ([]byte, error)
- func (k *EdX25519PublicKey) VerifyDetached(sig []byte, b []byte) error
- func (k *EdX25519PublicKey) X25519PublicKey() *X25519PublicKey
- type ErrNotFound
- type ID
- type IDSet
- type Key
- type KeyType
- type LogLevel
- type Logger
- type PasswordOption
- type PasswordOptions
- type RSAKey
- type RSAPublicKey
- type Sigchain
- func (s *Sigchain) Add(st *Statement) error
- func (s *Sigchain) AddAll(statements []*Statement) error
- func (s *Sigchain) FindAll(typ string) []*Statement
- func (s *Sigchain) FindLast(typ string) *Statement
- func (s *Sigchain) IsRevoked(seq int) bool
- func (s *Sigchain) KID() ID
- func (s *Sigchain) Last() *Statement
- func (s *Sigchain) LastSeq() int
- func (s *Sigchain) Length() int
- func (s *Sigchain) Revoke(revoke int, sk *EdX25519Key) (*Statement, error)
- func (s *Sigchain) Spew() *bytes.Buffer
- func (s *Sigchain) Statements() []*Statement
- func (s *Sigchain) VerifyStatement(st *Statement, prev *Statement) error
- type Sigchains
- func (s *Sigchains) Delete(kid ID) (bool, error)
- func (s *Sigchains) Exists(kid ID) (bool, error)
- func (s *Sigchains) Index(key Key) error
- func (s *Sigchains) KIDs() ([]ID, error)
- func (s *Sigchains) Lookup(kid ID) (ID, error)
- func (s *Sigchains) Save(sc *Sigchain) error
- func (s *Sigchains) SetClock(clock tsutil.Clock)
- func (s *Sigchains) Sigchain(kid ID) (*Sigchain, error)
- type Statement
- func (s *Statement) Bytes() ([]byte, error)
- func (s *Statement) BytesToSign() []byte
- func (s *Statement) MarshalJSON() ([]byte, error)
- func (s *Statement) Sign(signKey *EdX25519Key) error
- func (s *Statement) URL() string
- func (s *Statement) UnmarshalJSON(b []byte) error
- func (s *Statement) Verify() error
- func (s *Statement) VerifySpecific(bytesToSign []byte) error
- type StatementPublicKey
- type X25519Key
- func (k *X25519Key) BoxOpen(b []byte, nonce *[24]byte, sender *X25519PublicKey) ([]byte, bool)
- func (k *X25519Key) BoxSeal(b []byte, nonce *[24]byte, recipient *X25519PublicKey) []byte
- func (k *X25519Key) Bytes32() *[32]byte
- func (k *X25519Key) ID() ID
- func (k *X25519Key) Private() []byte
- func (k *X25519Key) PrivateKey() *[32]byte
- func (k *X25519Key) Public() []byte
- func (k *X25519Key) PublicKey() *X25519PublicKey
- func (k *X25519Key) Type() KeyType
- type X25519PublicKey
Examples ¶
Constants ¶
const SignOverhead = sign.Overhead
SignOverhead alias for (nacl) sign.Overhead.
Variables ¶
var ErrVerifyFailed = errors.New("verify failed")
ErrVerifyFailed if key verify failed.
Functions ¶
func BoxOpen ¶
func BoxOpen(encrypted []byte, sender *X25519PublicKey, recipient *X25519Key) ([]byte, error)
BoxOpen uses nacl.box to decrypt.
func BoxSeal ¶
func BoxSeal(b []byte, recipient *X25519PublicKey, sender *X25519Key) []byte
BoxSeal uses nacl.box to encrypt.
Example ¶
package main
import (
"fmt"
"log"
"github.com/keys-pub/keys"
)
func main() {
ak := keys.GenerateX25519Key()
bk := keys.GenerateX25519Key()
msg := "Hey bob, it's alice. The passcode is 12345."
encrypted := keys.BoxSeal([]byte(msg), bk.PublicKey(), ak)
out, err := keys.BoxOpen(encrypted, ak.PublicKey(), bk)
if err != nil {
log.Fatal(err)
}
fmt.Printf("%s\n", string(out))
}
Output: Hey bob, it's alice. The passcode is 12345.
func CryptoBoxSeal ¶ added in v0.1.18
func CryptoBoxSeal(b []byte, publicKey *X25519PublicKey) []byte
CryptoBoxSeal implements libsodium crypto_box_seal.
func CryptoBoxSealOpen ¶ added in v0.1.18
CryptoBoxSealOpen implements libsodium crypto_box_seal_open.
func DecryptWithPassword ¶
DecryptWithPassword decrypts bytes using a password. It assumes a 16 byte salt before the encrypted bytes.
func EncodeSSHKey ¶ added in v0.1.1
EncodeSSHKey encodes key to SSH.
Example ¶
package main
import (
"log"
"github.com/keys-pub/keys"
)
func main() {
sk := keys.GenerateEdX25519Key()
privateKey, err := keys.EncodeSSHKey(sk, "testpassword")
if err != nil {
log.Fatal(err)
}
log.Printf("%s\n", privateKey)
publicKey, err := keys.EncodeSSHKey(sk.PublicKey(), "")
if err != nil {
log.Fatal(err)
}
log.Printf("%s\n", publicKey)
}
Output:
func EncryptWithPassword ¶
EncryptWithPassword encrypts bytes with a password. Uses argon2.IDKey(password, salt, 1, 64*1024, 4, 32) with 16 byte salt. The salt bytes are prepended to the encrypted bytes. This uses nacl.secretbox, so the bytes/message should be small. If you need to encrypt large amounts of data, use Saltpack instead (TODO: More details here).
func HKDFSHA256 ¶
HKDFSHA256 uses HKDF with SHA256. The `len` for output byte length. The `salt` is non-secret salt, optional (can be nil), recommended: hash-length random value. The `info` is non-secret context info, optional (can be empty).
func HMACSHA256 ¶
HMACSHA256 does a HMAC-SHA256 on msg with key.
func IDsToString ¶
IDsToString returns string for joined Ikeys.
func IsTemporaryError ¶
IsTemporaryError returns true if the error has Temporary() function and that returns true
func KeyForPassword ¶
KeyForPassword generates a key from a password and salt.
func RandBase62 ¶ added in v0.1.21
RandBase62 returns random base62.
func RandDigits ¶ added in v0.1.20
RandDigits returns string of random digits of length. RandDigits(6) => "745566"
func RandFileName ¶
func RandFileName() string
RandFileName returns a unique random file name. RandFileName() => CTGMMOLLZCXMGP7VR4BHKAI7PE
func RandPassword ¶
func RandPassword(length int, opt ...PasswordOption) string
RandPassword returns a random password. It will contain an uppercase (A-Z), lowercase (a-z), number (0-9) and symbol. It will not to repeat characters.
Example ¶
package main
import (
"log"
"github.com/keys-pub/keys"
)
func main() {
pw := keys.RandPassword(16)
log.Println(pw)
pwNoSymbols := keys.RandPassword(16, keys.NoSymbols())
log.Println(pwNoSymbols)
}
Output:
func RandPhrase ¶
func RandPhrase() string
RandPhrase creates random phrase (BIP39 encoded random 32 bytes).
func RandTempPath ¶
func RandTempPath() string
RandTempPath returns a unique random file name in os.TempDir. RandTempPath() => "/tmp/CTGMMOLLZCXMGP7VR4BHKAI7PE"
func RandUsername ¶
RandUsername returns random lowercase string of length.
func RetryE ¶
RetryE will retry the fn (error) if the error is temporary (such as a temporary net.Error)
func RetrySE ¶
RetrySE will retry the fn (string, error) if the error is temporary (such as a temporary net.Error)
func SecretBoxOpen ¶
SecretBoxOpen decrypt using a key. It assumes a 24 byte nonce before the encrypted bytes.
func SecretBoxSeal ¶
SecretBoxSeal encrypts using a key. It prepends a 24 byte nonce to the the encrypted bytes.
func SigchainHash ¶
SigchainHash returns hash for Sigchain Statement.
func StatementID ¶ added in v0.1.18
StatementID returns and identifier for a Statement as kid-seq. If seq is <= 0, returns kid. The idenfifier looks like "kex1a4yj333g68pvd6hfqvufqkv4vy54jfe6t33ljd3kc9rpfty8xlgsfte2sn-000000000000001".
func X25519Match ¶ added in v0.1.18
X25519Match returns true if key IDs are equal or if either key matches their X25519 counterpart.
Types ¶
type Address ¶
type Address struct {
// contains filtered or unexported fields
}
Address is a canonical list of IDs.
func NewAddress ¶
NewAddress returns an Address from a list of IDs.
func ParseAddress ¶
ParseAddress returns address from a string.
type CertificateKey ¶
type CertificateKey struct {
// contains filtered or unexported fields
}
CertificateKey with is a PEM encoded X.509v3 certificate (public key) and a PEM encoded EC private key.
func GenerateCertificateKey ¶
func GenerateCertificateKey(commonName string, isCA bool, parent *x509.Certificate) (*CertificateKey, error)
GenerateCertificateKey creates a certificate key.
func NewCertificateKey ¶
func NewCertificateKey(private string, public string) (*CertificateKey, error)
NewCertificateKey from PEM encoded X.509v3 certificate data and PEM encoded EC private key ASN.1, DER format
func (CertificateKey) Private ¶
func (c CertificateKey) Private() string
Private returns a PEM encoded EC private key ASN.1, DER format.
func (CertificateKey) Public ¶
func (c CertificateKey) Public() string
Public returns a PEM encoded X.509v3 certificate.
func (CertificateKey) TLSCertificate ¶
func (c CertificateKey) TLSCertificate() tls.Certificate
TLSCertificate returns a tls.Certificate.
func (CertificateKey) X509Certificate ¶
func (c CertificateKey) X509Certificate() (*x509.Certificate, error)
X509Certificate returns a x509.Certificate.
type EdX25519Key ¶
type EdX25519Key struct {
// contains filtered or unexported fields
}
EdX25519Key is a EdX25519 key capable of signing and encryption (converted to a X25519 key).
func GenerateEdX25519Key ¶
func GenerateEdX25519Key() *EdX25519Key
GenerateEdX25519Key generates a EdX25519Key (EdX25519).
Example ¶
package main
import (
"fmt"
"github.com/keys-pub/keys"
)
func main() {
alice := keys.GenerateEdX25519Key()
fmt.Printf("Alice: %s\n", alice.ID())
}
Output:
func NewEdX25519KeyFromPaperKey ¶ added in v0.1.22
func NewEdX25519KeyFromPaperKey(paperKey string) (*EdX25519Key, error)
NewEdX25519KeyFromPaperKey constructs EdX25519Key from a paper key.
func NewEdX25519KeyFromPrivateKey ¶
func NewEdX25519KeyFromPrivateKey(privateKey *[ed25519.PrivateKeySize]byte) *EdX25519Key
NewEdX25519KeyFromPrivateKey constructs EdX25519Key from a private key. The public key is derived from the private key.
func NewEdX25519KeyFromSeed ¶
func NewEdX25519KeyFromSeed(seed *[ed25519.SeedSize]byte) *EdX25519Key
NewEdX25519KeyFromSeed constructs EdX25519Key from an ed25519 seed. The private key is derived from this seed and the public key is derived from the private key.
func (*EdX25519Key) EncodeToSSH ¶
func (k *EdX25519Key) EncodeToSSH(password []byte) ([]byte, error)
EncodeToSSH encodes a EdX25519Key for SSH.
func (*EdX25519Key) Equal ¶
func (k *EdX25519Key) Equal(o *EdX25519Key) bool
Equal returns true if equal to key.
func (*EdX25519Key) MarshalText ¶
func (k *EdX25519Key) MarshalText() ([]byte, error)
MarshalText for encoding.TextMarshaler interface.
func (*EdX25519Key) PaperKey ¶ added in v0.1.21
func (k *EdX25519Key) PaperKey() string
func (*EdX25519Key) PrivateKey ¶
func (k *EdX25519Key) PrivateKey() *[ed25519.PrivateKeySize]byte
PrivateKey returns private key part.
func (*EdX25519Key) PublicKey ¶
func (k *EdX25519Key) PublicKey() *EdX25519PublicKey
PublicKey returns public part.
func (*EdX25519Key) Seed ¶
func (k *EdX25519Key) Seed() *[ed25519.SeedSize]byte
Seed returns information on how to generate this key from ed25519 package seed.
func (*EdX25519Key) Sign ¶
func (k *EdX25519Key) Sign(b []byte) []byte
Sign bytes with the (sign) private key.
Example ¶
package main
import (
"fmt"
"log"
"github.com/keys-pub/keys"
)
func main() {
alice := keys.GenerateEdX25519Key()
msg := "I'm alice 🤓"
sig := alice.Sign([]byte(msg))
out, err := alice.PublicKey().Verify(sig)
if err != nil {
log.Fatal(err)
}
fmt.Printf("%s\n", string(out))
}
Output: I'm alice 🤓
func (*EdX25519Key) SignDetached ¶
func (k *EdX25519Key) SignDetached(b []byte) []byte
SignDetached sign bytes detached.
func (*EdX25519Key) String ¶
func (k *EdX25519Key) String() string
func (*EdX25519Key) UnmarshalText ¶
func (k *EdX25519Key) UnmarshalText(s []byte) error
UnmarshalText for encoding.TextUnmarshaler interface.
func (*EdX25519Key) X25519Key ¶
func (k *EdX25519Key) X25519Key() *X25519Key
X25519Key converts EdX25519Key to X25519Key.
type EdX25519PublicKey ¶
type EdX25519PublicKey struct {
// contains filtered or unexported fields
}
EdX25519PublicKey is the public part of EdX25519 key pair.
func NewEdX25519PublicKey ¶
func NewEdX25519PublicKey(b *[ed25519.PublicKeySize]byte) *EdX25519PublicKey
NewEdX25519PublicKey creates a EdX25519PublicKey.
func NewEdX25519PublicKeyFromID ¶
func NewEdX25519PublicKeyFromID(id ID) (*EdX25519PublicKey, error)
NewEdX25519PublicKeyFromID creates a EdX25519PublicKey from an ID.
func (*EdX25519PublicKey) EncodeToSSHAuthorized ¶
func (k *EdX25519PublicKey) EncodeToSSHAuthorized() []byte
EncodeToSSHAuthorized encodes a EdX25519PublicKey for SSH.
func (*EdX25519PublicKey) Private ¶ added in v0.1.18
func (k *EdX25519PublicKey) Private() []byte
Private returns nil.
func (*EdX25519PublicKey) Public ¶ added in v0.1.18
func (k *EdX25519PublicKey) Public() []byte
Public ...
func (*EdX25519PublicKey) String ¶
func (k *EdX25519PublicKey) String() string
func (*EdX25519PublicKey) Verify ¶
func (k *EdX25519PublicKey) Verify(b []byte) ([]byte, error)
Verify verifies a message and signature with public key and returns the signed bytes without the signature.
func (*EdX25519PublicKey) VerifyDetached ¶
func (k *EdX25519PublicKey) VerifyDetached(sig []byte, b []byte) error
VerifyDetached verifies a detached message.
func (*EdX25519PublicKey) X25519PublicKey ¶
func (k *EdX25519PublicKey) X25519PublicKey() *X25519PublicKey
X25519PublicKey converts the ed25519 public key to a x25519 public key.
type ErrNotFound ¶
type ErrNotFound struct {
ID string
}
ErrNotFound describes a key not found error when a key is required.
func (ErrNotFound) Error ¶
func (e ErrNotFound) Error() string
type ID ¶
type ID string
ID is a bech32 encoded string.
func MustID ¶
MustID returns a (bech32) ID with HRP (human readable part) and bytes, or panics if invalid.
func (ID) IsEdX25519 ¶
IsEdX25519 returns true if ID represents a EdX25519 key.
type IDSet ¶
type IDSet struct {
// contains filtered or unexported fields
}
IDSet is a set of strings.
type Key ¶
type Key interface {
// ID for the key.
ID() ID
// Type of key.
Type() KeyType
// Private key data.
Private() []byte
// Public key data.
Public() []byte
}
Key with id, type and private and/or public data.
func DecodeSSHKey ¶ added in v0.1.18
DecodeSSHKey decodes SSH key.
Example ¶
package main
import (
"fmt"
"log"
"github.com/keys-pub/keys"
)
func main() {
pk, err := keys.DecodeSSHKey("ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqI4910CfGV/VLbLTy6XXLKZwm/HZQSG/N0iAG0D29c", "")
if err != nil {
log.Fatal(err)
}
fmt.Printf("%s\n", pk.ID())
}
Output: kex132yw8ht5p8cetl2jmvknewjawt9xwzdlrk2pyxlnwjyqrdq0dawqqph077
func ParseSSHKey ¶
ParseSSHKey parses a SSH private key.
func ParseSSHPublicKey ¶
ParseSSHPublicKey parses a SSH public key.
type KeyType ¶
type KeyType string
KeyType ...
const EdX25519 KeyType = "edx25519"
EdX25519 key type.
const RSA KeyType = "rsa"
RSA key type.
const X25519 KeyType = "x25519"
X25519 key type.
type Logger ¶
type Logger interface {
Debugf(format string, args ...interface{})
Infof(format string, args ...interface{})
Warningf(format string, args ...interface{})
Errorf(format string, args ...interface{})
Fatalf(format string, args ...interface{})
}
Logger interface used in this package.
type PasswordOption ¶ added in v0.1.20
type PasswordOption func(*PasswordOptions)
PasswordOption ...
type PasswordOptions ¶ added in v0.1.20
type PasswordOptions struct {
NoSymbols bool
}
PasswordOptions for RandPassword.
type RSAKey ¶ added in v0.1.18
type RSAKey struct {
// contains filtered or unexported fields
}
RSAKey implements Key interface for RSA.
func GenerateRSAKey ¶ added in v0.1.18
func GenerateRSAKey() *RSAKey
GenerateRSAKey generates a RSA key.
func NewRSAKey ¶ added in v0.1.18
func NewRSAKey(k *rsa.PrivateKey) *RSAKey
NewRSAKey from rsa.PrivateKey.
func NewRSAKeyFromBytes ¶ added in v0.1.18
NewRSAKeyFromBytes constructs RSA from a private key (PKCS1).
func (*RSAKey) PublicKey ¶ added in v0.1.18
func (k *RSAKey) PublicKey() *RSAPublicKey
PublicKey ...
type RSAPublicKey ¶ added in v0.1.18
type RSAPublicKey struct {
// contains filtered or unexported fields
}
RSAPublicKey is the public part of RSA key pair.
func NewRSAPublicKey ¶ added in v0.1.18
func NewRSAPublicKey(pk *rsa.PublicKey) *RSAPublicKey
NewRSAPublicKey returns RSA public key.
func NewRSAPublicKeyFromBytes ¶ added in v0.1.18
func NewRSAPublicKeyFromBytes(publicKey []byte) (*RSAPublicKey, error)
NewRSAPublicKeyFromBytes returns RSA public key from PKC1 bytes.
func (*RSAPublicKey) Bytes ¶ added in v0.1.18
func (k *RSAPublicKey) Bytes() []byte
Bytes for public key (PKCS1).
func (*RSAPublicKey) Private ¶ added in v0.1.18
func (k *RSAPublicKey) Private() []byte
Private returns nil.
func (*RSAPublicKey) Public ¶ added in v0.1.18
func (k *RSAPublicKey) Public() []byte
Public key data.
type Sigchain ¶
type Sigchain struct {
// contains filtered or unexported fields
}
Sigchain is a chain of signed statements by a sign key.
func NewSigchain ¶
NewSigchain creates an empty Sigchain.
Example ¶
package main
import (
"log"
"github.com/keys-pub/keys"
"github.com/keys-pub/keys/tsutil"
)
func main() {
clock := tsutil.NewTestClock()
alice := keys.GenerateEdX25519Key()
sc := keys.NewSigchain(alice.ID())
// Create root statement
st, err := keys.NewSigchainStatement(sc, []byte("hi! 🤓"), alice, "example", clock.Now())
if err != nil {
log.Fatal(err)
}
if err := sc.Add(st); err != nil {
log.Fatal(err)
}
// Add 2nd statement
st2, err := keys.NewSigchainStatement(sc, []byte("2nd message"), alice, "example", clock.Now())
if err != nil {
log.Fatal(err)
}
if err := sc.Add(st2); err != nil {
log.Fatal(err)
}
// Revoke 2nd statement
_, err = sc.Revoke(2, alice)
if err != nil {
log.Fatal(err)
}
// Spew
spew := sc.Spew()
log.Println(spew.String())
}
Output:
func (*Sigchain) FindLast ¶
FindLast search from the last statement to the first, returning after If type is specified, we will search for that statement type. If we found a statement and it was revoked, we return nil.
func (*Sigchain) LastSeq ¶
LastSeq returns last signed statment seq (or 0 if no signed statements exist).
func (*Sigchain) Revoke ¶
func (s *Sigchain) Revoke(revoke int, sk *EdX25519Key) (*Statement, error)
Revoke a signed statement in the Sigchain.
func (*Sigchain) Statements ¶
Statements returns all the signed statements.
type Sigchains ¶ added in v0.1.2
type Sigchains struct {
// contains filtered or unexported fields
}
Sigchains stores sigchains.
func NewSigchains ¶ added in v0.1.2
NewSigchains creates a Sigchains from Documents.
func (*Sigchains) Index ¶ added in v0.1.2
Index key. Adds reverse key lookup for EdX25519 to X25519 public key.
func (*Sigchains) Lookup ¶ added in v0.1.2
Lookup key. Returns key associated with the specified key.
type Statement ¶
type Statement struct {
// Sig is the signature bytes.
Sig []byte
// KID is the key that signed.
KID ID
// Data (optional).
Data []byte
// Seq in a sigchain (1 is root, optional).
Seq int
// Prev is a hash of the previous item in the sigchain (optional).
Prev []byte
// Revoke refers to a previous signed seq to revoke (optional).
Revoke int
// Type (optional).
Type string
// Timestamp (optional).
Timestamp time.Time
// Nonce (optional).
Nonce []byte
}
Statement with signature. Use NewSigchainStatement to create a signed Sigchain Statement.
Example ¶
sk := keys.NewEdX25519KeyFromSeed(testSeed(0x01))
st := &keys.Statement{
KID: sk.ID(),
Data: bytes.Repeat([]byte{0x01}, 16),
Type: "test",
}
if err := st.Sign(sk); err != nil {
log.Fatal(err)
}
data := st.BytesToSign()
fmt.Printf("%s\n", string(data))
b, err := st.Bytes()
if err != nil {
log.Fatal(err)
}
fmt.Printf("%s\n", string(b))
b, err = json.Marshal(st)
if err != nil {
log.Fatal(err)
}
fmt.Printf("%s\n", string(b))
Output: {".sig":"","data":"AQEBAQEBAQEBAQEBAQEBAQ==","kid":"kex132yw8ht5p8cetl2jmvknewjawt9xwzdlrk2pyxlnwjyqrdq0dawqqph077","type":"test"} {".sig":"CFD9cK9gIB3sAEqpDwmZM0JFFO4/+RpX9uoAD25G3F1o8Af+pTk6pI4GPqAZ5FhEw1rUDfL02Qnohtx05LQxAg==","data":"AQEBAQEBAQEBAQEBAQEBAQ==","kid":"kex132yw8ht5p8cetl2jmvknewjawt9xwzdlrk2pyxlnwjyqrdq0dawqqph077","type":"test"} {".sig":"CFD9cK9gIB3sAEqpDwmZM0JFFO4/+RpX9uoAD25G3F1o8Af+pTk6pI4GPqAZ5FhEw1rUDfL02Qnohtx05LQxAg==","data":"AQEBAQEBAQEBAQEBAQEBAQ==","kid":"kex132yw8ht5p8cetl2jmvknewjawt9xwzdlrk2pyxlnwjyqrdq0dawqqph077","type":"test"}
func NewRevokeStatement ¶
func NewRevokeStatement(sc *Sigchain, revoke int, sk *EdX25519Key) (*Statement, error)
NewRevokeStatement creates a revoke Statement.
func NewSigchainStatement ¶
func NewSigchainStatement(sc *Sigchain, b []byte, sk *EdX25519Key, typ string, ts time.Time) (*Statement, error)
NewSigchainStatement creates a signed Statement to be added to the Sigchain.
func (*Statement) BytesToSign ¶ added in v0.1.18
BytesToSign returns bytes to sign.
func (*Statement) MarshalJSON ¶
MarshalJSON marshals statement to JSON.
func (*Statement) Sign ¶ added in v0.1.18
func (s *Statement) Sign(signKey *EdX25519Key) error
Sign the statement. Returns an error if already signed.
func (*Statement) URL ¶
URL returns path string for a Statement in the HTTP API. If Seq is not set, then there is no path. Path looks like "/kex1a4yj333g68pvd6hfqvufqkv4vy54jfe6t33ljd3kc9rpfty8xlgsfte2sn/1".
func (*Statement) UnmarshalJSON ¶
UnmarshalJSON unmarshals a statement from JSON.
func (*Statement) VerifySpecific ¶ added in v0.1.18
VerifySpecific and check that bytesToSign match the statement's BytesToSign, to verify the original bytes match the specific serialization.
type StatementPublicKey ¶
type StatementPublicKey interface {
ID() ID
Verify(b []byte) ([]byte, error)
VerifyDetached(sig []byte, b []byte) error
}
StatementPublicKey describes a public key for a Statement.
func StatementPublicKeyFromID ¶
func StatementPublicKeyFromID(id ID) (StatementPublicKey, error)
StatementPublicKeyFromID converts ID to StatementPublicKey. TODO: Support other key types.
type X25519Key ¶
type X25519Key struct {
// contains filtered or unexported fields
}
X25519Key is a X25519 assymmetric encryption key.
func GenerateX25519Key ¶
func GenerateX25519Key() *X25519Key
GenerateX25519Key creates a new X25519Key.
Example ¶
package main
import (
"fmt"
"github.com/keys-pub/keys"
)
func main() {
alice := keys.GenerateX25519Key()
fmt.Printf("Alice: %s\n", alice.ID())
}
Output:
func NewX25519KeyFromPrivateKey ¶
NewX25519KeyFromPrivateKey creates a X25519Key from private key bytes.
func NewX25519KeyFromSeed ¶
NewX25519KeyFromSeed from seed.
func (*X25519Key) BoxSeal ¶ added in v0.1.18
func (k *X25519Key) BoxSeal(b []byte, nonce *[24]byte, recipient *X25519PublicKey) []byte
BoxSeal encrypts message with nacl.box Seal.
func (*X25519Key) PrivateKey ¶
PrivateKey returns private part of this X25519Key.
func (*X25519Key) PublicKey ¶
func (k *X25519Key) PublicKey() *X25519PublicKey
PublicKey returns public part of this X25519Key.
type X25519PublicKey ¶
type X25519PublicKey struct {
// contains filtered or unexported fields
}
X25519PublicKey is the public key part of a x25519 key.
func NewX25519PublicKey ¶
func NewX25519PublicKey(b *[32]byte) *X25519PublicKey
NewX25519PublicKey creates X25519PublicKey. Metadata is optional.
func NewX25519PublicKeyFromID ¶
func NewX25519PublicKeyFromID(id ID) (*X25519PublicKey, error)
NewX25519PublicKeyFromID converts ID to X25519PublicKey.
func (*X25519PublicKey) Private ¶ added in v0.1.18
func (k *X25519PublicKey) Private() []byte
Private returns nil.
func (*X25519PublicKey) Public ¶ added in v0.1.18
func (k *X25519PublicKey) Public() []byte
Public ...
Source Files
¶
Directories
¶
| Path | Synopsis |
|---|---|
|
Package api provides a standard key format for serialization to JSON or msgpack, and conversions to and from specific key types.
|
Package api provides a standard key format for serialization to JSON or msgpack, and conversions to and from specific key types. |
|
Package bech32 is a modified version of the reference implementation of BIP173.
|
Package bech32 is a modified version of the reference implementation of BIP173. |
|
Package dstore describes a document store.
|
Package dstore describes a document store. |
|
events
Package events provides an event log.
|
Package events provides an event log. |
|
Package encoding provides encoding and decoding of different formats like Base62, Saltpack, BIP39.
|
Package encoding provides encoding and decoding of different formats like Base62, Saltpack, BIP39. |
|
Package env provides paths on different platforms.
|
Package env provides paths on different platforms. |
|
Package http provides an http client for use with checking remote signed statements.
|
Package http provides an http client for use with checking remote signed statements. |
|
Package json provides a simpler JSON marshaller for strings and ints only.
|
Package json provides a simpler JSON marshaller for strings and ints only. |
|
Package keyring provides a cross-platform secure keyring.
|
Package keyring provides a cross-platform secure keyring. |
|
Package noise integrates keys with the Noise protocol.
|
Package noise integrates keys with the Noise protocol. |
|
Package saltpack integrates keys with Saltpack (saltpack.org).
|
Package saltpack integrates keys with Saltpack (saltpack.org). |
|
Package tsutil provides timestamp and time utilities.
|
Package tsutil provides timestamp and time utilities. |
|
Package user defines user statements, store and search.
|
Package user defines user statements, store and search. |
|
services
Package services defines services capable of linking a key to a user.
|
Package services defines services capable of linking a key to a user. |