gcrypt

package module

v0.0.0-...-e59381f Latest Latest Go to latest Published: Aug 16, 2016 License: Apache-2.0 Imports: 8 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/andrewromanenco/gcrypt

Links

Open Source Insights

README ¶

gcrypt

Utility for GoLang to simplify data encryption.

Supported features

Key derivation from a user provided password (256 bit)
AES 256 Data encryption with HMAC (Encrypt-and-Mac)
Data decryption with HMAC validation

Key generation and salt

Key has to have a size of 256 bits. Derivation function creates a key based on user input and random salt (either generated as well or provided). If this is a first time user, key is generated with salt. Salt has to be saved and used in key derivation for next session. Salt is not a secured piece of information; but it's is crucial to keep it persistent. If salt is lot, the key is lost as well.

Encryption/Decryption

Encrypt function uses recommended process of encrypting a message first and applying mac calculation after. HMAC has 256 bit and is appended to encrypted data. Decrypt checks HMAC first and decrypts the data if the mac is valid.

Example

    // first session
    key, salt, _ := gcrypt.DerivateKey256("password")
    // salt must be stored
    // returning session, salt is read from a storage
    // key, salt, _ := gcrypt.DerivateKey256WithSalt("password, salt")
    data := []byte("data")
    fmt.Println(data)
    ct, _ := gcrypt.Encrypt(key, data)
    fmt.Println(ct)
    plain, _ := gcrypt.Decrypt(key, ct)
    fmt.Println(plain)

Documentation ¶

Overview ¶

Package gcrypt is an util to work with aes 256 encryption. It supports key derivation from user a provided password. The derivation either generates a new salt or uses a provided one.

Salt must be unique for each password.

Encrypt uses 256 bit key (probably derivated from a user provided password) and uses aes 256 with CFB mode. After a data is encrypted, HMAC is calculated and appended to encrypted data.

Decrypt checks if HMAC is valid; return error if it is not.

Index ¶

func Decrypt(key, data []byte) ([]byte, error)
func DerivateKey256(password string) ([]byte, []byte, error)
func DerivateKey256WithSalt(password string, salt []byte) ([]byte, error)
func Encrypt(key, data []byte) ([]byte, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Decrypt ¶

func Decrypt(key, data []byte) ([]byte, error)

Decrypt validates mac and returns decoded data.

func DerivateKey256 ¶

func DerivateKey256(password string) ([]byte, []byte, error)

DerivateKey256 creates 256 bit key based on a password. Random salt is returned with the key.

func DerivateKey256WithSalt ¶

func DerivateKey256WithSalt(password string, salt []byte) ([]byte, error)

DerivateKey256WithSalt creates 256 bit key from provided password and salt.

func Encrypt ¶

func Encrypt(key, data []byte) ([]byte, error)

Encrypt encrypts data with aes 256 and adds HMAC(EnM). Fails if key is not 256 bit or it data is empty.

Types ¶

This section is empty.

Source Files ¶

View all Source files

gcrypt.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL