`import "golang.org/x/crypto/xts"`

Package xts implements the XTS cipher mode as specified in IEEE P1619/D16.

XTS mode is typically used for disk encryption, which presents a number of novel problems that make more common modes inapplicable. The disk is conceptually an array of sectors and we must be able to encrypt and decrypt a sector in isolation. However, an attacker must not be able to transpose two sectors of plaintext by transposing their ciphertext.

XTS wraps a block cipher with Rogaway's XEX mode in order to build a tweakable block cipher. This allows each sector to have a unique tweak and effectively create a unique key for each sector.

XTS does not provide any authentication. An attacker can manipulate the ciphertext and randomise a block (16 bytes) of the plaintext. This package does not implement ciphertext-stealing so sectors must be a multiple of 16 bytes.

Note that XTS is usually not appropriate for any use besides disk encryption. Most users should use an AEAD mode like GCM (from crypto/cipher.NewGCM) instead.

❖

```
type Cipher struct {
// contains filtered or unexported fields
}
```

Cipher contains an expanded key structure. It is safe for concurrent use if the underlying block cipher is safe for concurrent use.

NewCipher creates a Cipher given a function for creating the underlying block cipher (which must have a block size of 16 bytes). The key must be twice the length of the underlying cipher's key.

Decrypt decrypts a sector of ciphertext and puts the result into plaintext. Plaintext and ciphertext must overlap entirely or not at all. Sectors must be a multiple of 16 bytes and less than 2²⁴ bytes.

Encrypt encrypts a sector of plaintext and puts the result into ciphertext. Plaintext and ciphertext must overlap entirely or not at all. Sectors must be a multiple of 16 bytes and less than 2²⁴ bytes.

Package xts imports 5 packages (graph) and is imported by 4 packages. Updated 2020-10-17. Refresh now. Tools for package owners.