box

package

v0.7.0 Latest Latest Go to latest Published: Dec 18, 2025 License: AGPL-3.0 Imports: 7 Imported by: 0

Details

View Source

const KeySize = chacha20poly1305.KeySize

View Source

var (
	ErrInvalidKeySize = errors.New("key must be exactly 32 bytes")
	ErrUnwrapFailed   = errors.New("unwrapped data is not a valid key")
)

func Decrypt(ciphertext, nonce []byte, senderPub *ecdh.PublicKey, recipientPriv *ecdh.PrivateKey) ([]byte, error)

Decrypt decrypts data using recipient's private key and sender's public key pair.

func Encrypt(plaintext []byte, senderPriv *ecdh.PrivateKey, recipientPub *ecdh.PublicKey) ([]byte, []byte, error)

Encrypt encrypts data using sernder's private key and recipient's public key pair.

func LoadPublicKey(pubBytes []byte) (*ecdh.PublicKey, error)

LoadPublicKey converts raw bytes back into a Public Key object.

func Seal(plaintext []byte, recipientPub *ecdh.PublicKey) ([]byte, []byte, error)

Seal encrypts a message anonymously. It generates an temporary key pair, so the sender does not need an identity.

Output Structure: [EphemeralPublicKey (32 bytes)] + [VaultBlob (Nonce + Ciphertext)]

func Unseal(encBlob, nonce []byte, recipientPriv *ecdh.PrivateKey) ([]byte, error)

Unseal decrypts an anonymously encrypted message. It extracts the temprorary public key from the header and uses it to derive the decryption key.

func UnwrapKey(wrappedBlob, nonce []byte, myPriv *ecdh.PrivateKey) ([]byte, error)

UnwrapKey decrypts a wrapped key using your private key.

func WrapKey(keyToShare []byte, recipientPub *ecdh.PublicKey) ([]byte, []byte, error)

WrapKey encrypts a symmetric key for a recipient.

type KeyPair struct {
	Public  *ecdh.PublicKey
	Private *ecdh.PrivateKey
}

func GenerateKeyPair() (*KeyPair, error)

GenerateKeyPair creates a fresh X25519 identity for encryption.

func LoadPrivateKey(privBytes []byte) (*KeyPair, error)

LoadPrivateKey converts raw bytes into a usable Key Pair object.

func (k *KeyPair) Bytes() ([]byte, []byte)

Bytes returns the raw 32-byte keys.