Documentation
¶
Overview ¶
Package crypto provides AES-256-GCM encryption for the scratchpad.
The key is a 256-bit random value stored as a raw file. The nonce is 12 bytes of random data prepended to the ciphertext. Each write re-encrypts the entire file.
Index ¶
Constants ¶
View Source
const KeySize = 32
KeySize is the required key length in bytes (256 bits).
View Source
const NonceSize = 12
NonceSize is the GCM nonce length in bytes.
Variables ¶
This section is empty.
Functions ¶
func Decrypt ¶
Decrypt decrypts AES-256-GCM ciphertext produced by Encrypt.
Parameters:
- key: 32-byte AES-256 key (must match the key used for encryption)
- ciphertext: Nonce-prefixed ciphertext as produced by Encrypt
Returns:
- []byte: Decrypted plaintext
- error: Non-nil if key is wrong, ciphertext is too short, or authentication fails
func Encrypt ¶
Encrypt encrypts plaintext with AES-256-GCM.
The returned ciphertext is formatted as:
[12-byte nonce][ciphertext + 16-byte GCM tag]
Parameters:
- key: 32-byte AES-256 key
- plaintext: Data to encrypt
Returns:
- []byte: Nonce-prefixed ciphertext
- error: Non-nil if key is wrong size or encryption fails
func GenerateKey ¶
GenerateKey returns a new 256-bit random key.
Returns:
- []byte: A 32-byte random key
- error: Non-nil if the system random source fails
Types ¶
This section is empty.
Click to show internal directories.
Click to hide internal directories.