age

package

v1.0.0-beta3 Latest Latest Go to latest Published: May 19, 2020 License: BSD-3-Clause Imports: 15 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/aead/age

Documentation ¶

Overview ¶

Package age implements file encryption according to age-encryption.org/v1.

Index ¶

Variables
func Decrypt(src io.Reader, identities ...Identity) (io.Reader, error)
func Encrypt(dst io.Writer, recipients ...Recipient) (io.WriteCloser, error)
type Identity
type IdentityMatcher
type Recipient
type ScryptIdentity
- func NewScryptIdentity(password string) (*ScryptIdentity, error)
type ScryptRecipient
- func NewScryptRecipient(password string) (*ScryptRecipient, error)
type X25519Identity
type X25519Recipient
- func NewX25519Recipient(publicKey []byte) (*X25519Recipient, error)
- func ParseX25519Recipient(s string) (*X25519Recipient, error)

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrIncorrectIdentity = errors.New("incorrect identity for recipient block")

Functions ¶

func Decrypt ¶

func Decrypt(src io.Reader, identities ...Identity) (io.Reader, error)

Decrypt returns a Reader reading the decrypted plaintext of the age file read from src. All identities will be tried until one successfully decrypts the file.

func Encrypt ¶

func Encrypt(dst io.Writer, recipients ...Recipient) (io.WriteCloser, error)

Encrypt returns a WriteCloser. Writes to the returned value are encrypted and written to dst as an age file. Every recipient will be able to decrypt the file.

The caller must call Close on the returned value when done for the last chunk to be encrypted and flushed to dst.

Types ¶

type Identity ¶

type Identity interface {
	Type() string
	Unwrap(block *format.Recipient) (fileKey []byte, err error)
}

An Identity is a private key or other value that can decrypt an opaque file key from a recipient stanza.

Unwrap must return ErrIncorrectIdentity for recipient blocks that don't match the identity, any other error might be considered fatal.

type IdentityMatcher ¶

type IdentityMatcher interface {
	Identity
	Match(block *format.Recipient) error
}

IdentityMatcher can be optionally implemented by an Identity that can communicate whether it can decrypt a recipient stanza without decrypting it.

If an Identity implements IdentityMatcher, its Unwrap method will only be invoked on blocks for which Match returned nil. Match must return ErrIncorrectIdentity for recipient blocks that don't match the identity, any other error might be considered fatal.

type Recipient ¶

type Recipient interface {
	Type() string
	Wrap(fileKey []byte) (*format.Recipient, error)
}

A Recipient is a public key or other value that can encrypt an opaque file key to a recipient stanza.

type ScryptIdentity ¶

type ScryptIdentity struct {
	// contains filtered or unexported fields
}

ScryptIdentity is a password-based identity.

func NewScryptIdentity ¶

func NewScryptIdentity(password string) (*ScryptIdentity, error)

NewScryptIdentity returns a new ScryptIdentity with the provided password.

func (*ScryptIdentity) SetMaxWorkFactor ¶

func (i *ScryptIdentity) SetMaxWorkFactor(logN int)

SetMaxWorkFactor sets the maximum accepted scrypt work factor to 2^logN. It must be called before Unwrap.

This caps the amount of work that Decrypt might have to do to process received files. If SetMaxWorkFactor is not called, a fairly high default is used, which might not be suitable for systems processing untrusted files.

func (*ScryptIdentity) Type ¶

func (*ScryptIdentity) Type() string

func (*ScryptIdentity) Unwrap ¶

func (i *ScryptIdentity) Unwrap(block *format.Recipient) ([]byte, error)

type ScryptRecipient ¶

type ScryptRecipient struct {
	// contains filtered or unexported fields
}

ScryptRecipient is a password-based recipient.

If a ScryptRecipient is used, it must be the only recipient for the file: it can't be mixed with other recipient types and can't be used multiple times for the same file.

Its use is not recommended for automated systems, which should prefer X25519Recipient.

func NewScryptRecipient ¶

func NewScryptRecipient(password string) (*ScryptRecipient, error)

NewScryptRecipient returns a new ScryptRecipient with the provided password.

func (*ScryptRecipient) SetWorkFactor ¶

func (r *ScryptRecipient) SetWorkFactor(logN int)

SetWorkFactor sets the scrypt work factor to 2^logN. It must be called before Wrap.

If SetWorkFactor is not called, a reasonable default is used.

func (*ScryptRecipient) Type ¶

func (*ScryptRecipient) Type() string

func (*ScryptRecipient) Wrap ¶

func (r *ScryptRecipient) Wrap(fileKey []byte) (*format.Recipient, error)

type X25519Identity ¶

type X25519Identity struct {
	// contains filtered or unexported fields
}

X25519Identity is the standard age private key, based on a Curve25519 scalar.

func GenerateX25519Identity ¶

func GenerateX25519Identity() (*X25519Identity, error)

GenerateX25519Identity generates a fresh X25519Identity.

func NewX25519Identity ¶

func NewX25519Identity(secretKey []byte) (*X25519Identity, error)

NewX25519Identity returns a new X25519Identity from a raw Curve25519 scalar.

func ParseX25519Identity ¶

func ParseX25519Identity(s string) (*X25519Identity, error)

ParseX25519Identity returns a new X25519Recipient from a Bech32 private key encoding with the "AGE-SECRET-KEY-1" prefix.

func (*X25519Identity) Recipient ¶

func (i *X25519Identity) Recipient() *X25519Recipient

Recipient returns the public X25519Recipient value corresponding to i.

func (*X25519Identity) String ¶

func (i *X25519Identity) String() string

String returns the Bech32 private key encoding of i.

func (*X25519Identity) Type ¶

func (*X25519Identity) Type() string

func (*X25519Identity) Unwrap ¶

func (i *X25519Identity) Unwrap(block *format.Recipient) ([]byte, error)

type X25519Recipient ¶

type X25519Recipient struct {
	// contains filtered or unexported fields
}

X25519Recipient is the standard age public key, based on a Curve25519 point.

func NewX25519Recipient ¶

func NewX25519Recipient(publicKey []byte) (*X25519Recipient, error)

NewX25519Recipient returns a new X25519Recipient from a raw Curve25519 point.

func ParseX25519Recipient ¶

func ParseX25519Recipient(s string) (*X25519Recipient, error)

ParseX25519Recipient returns a new X25519Recipient from a Bech32 public key encoding with the "age1" prefix.

func (*X25519Recipient) String ¶

func (r *X25519Recipient) String() string

String returns the Bech32 public key encoding of r.

func (*X25519Recipient) Type ¶

func (*X25519Recipient) Type() string

func (*X25519Recipient) Wrap ¶

func (r *X25519Recipient) Wrap(fileKey []byte) (*format.Recipient, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL