Documentation ¶
Overview ¶
Package veil implements the Veil hybrid cryptosystem.
Veil is an incredibly experimental hybrid cryptosystem for sending and receiving confidential, authentic multi-recipient messages which are indistinguishable from random noise by an attacker. Unlike e.g. GPG messages, Veil messages contain no metadata or format details which are not encrypted. As a result, a global passive adversary would be unable to gain any information from a Veil message beyond traffic analysis. Messages can be padded with random bytes to disguise their true length, and fake recipients can be added to disguise their true number from other recipients.
You should not use this.
Example ¶
// Alice generates a secret key. alice, err := NewSecretKey() if err != nil { panic(err) } // Alice derives a private key with the ID "/friends/bea", generates a public key from that, and // shares the public key with Bea. aliceBeaPriv := alice.PrivateKey("/friends/bea") aliceBeaPub := aliceBeaPriv.PublicKey() // Bea generates a secret key. bea, err := NewSecretKey() if err != nil { panic(err) } // Bea derives a private key with the ID "/friends/alice", generates a public key from that, and // shares the public key with Alice. beaAlicePriv := bea.PrivateKey("/friends/alice") beaAlicePub := beaAlicePriv.PublicKey() // Alice writes a message. message := bytes.NewReader([]byte("one two three four I declare a thumb war")) encrypted := bytes.NewBuffer(nil) // Alice encrypts the message for herself, Bea, and 98 fake recipients, adding random padding to // disguise its true length. She uses the "/friends/bea" private key to encrypt the message // because it corresponds with the public key she sent Bea. _, err = aliceBeaPriv.Encrypt(encrypted, message, []*PublicKey{aliceBeaPub, beaAlicePub}, 98, 4829) if err != nil { panic(err) } // Alice sends the message to Bea. received := bytes.NewReader(encrypted.Bytes()) decrypted := bytes.NewBuffer(nil) // Bea decrypts the message. She uses the "/friends/alice" private key because it corresponds // with the public key she sent Alice. _, err = beaAlicePriv.Decrypt(decrypted, received, aliceBeaPub) if err != nil { panic(err) } // Bea views the decrypted message. fmt.Println(decrypted.String())
Output: one two three four I declare a thumb war
Index ¶
- Variables
- type PBEParams
- type PrivateKey
- func (pk *PrivateKey) Decrypt(dst io.Writer, src io.Reader, sender *PublicKey) (int64, error)
- func (pk *PrivateKey) Derive(subKeyID string) *PrivateKey
- func (pk *PrivateKey) Encrypt(dst io.Writer, src io.Reader, recipients []*PublicKey, fakes, padding int) (int64, error)
- func (pk *PrivateKey) PublicKey() *PublicKey
- func (pk *PrivateKey) Sign(src io.Reader) (*Signature, error)
- type PublicKey
- func (pk *PublicKey) Derive(subKeyID string) *PublicKey
- func (pk *PublicKey) MarshalBinary() (data []byte, err error)
- func (pk *PublicKey) MarshalText() (text []byte, err error)
- func (pk *PublicKey) String() string
- func (pk *PublicKey) UnmarshalBinary(data []byte) error
- func (pk *PublicKey) UnmarshalText(text []byte) error
- func (pk *PublicKey) Verify(src io.Reader, sig *Signature) error
- type SecretKey
- type Signature
Examples ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrInvalidCiphertext is returned when a ciphertext cannot be decrypted, either due to an // incorrect key or tampering. ErrInvalidCiphertext = internal.ErrInvalidCiphertext // ErrInvalidSignature is returned when a signature, public key, and message do not match. ErrInvalidSignature = errors.New("invalid signature") )
Functions ¶
This section is empty.
Types ¶
type PBEParams ¶
type PBEParams struct {
Time, Space uint32 // The time and space parameters.
}
PBEParams contains the parameters of the passphrase-based KDF.
type PrivateKey ¶
type PrivateKey struct {
// contains filtered or unexported fields
}
PrivateKey is a private key derived from a SecretKey, used to decrypt and sign messages.
func (*PrivateKey) Decrypt ¶
Decrypt decrypts the data in src if originally encrypted by the given public key. Returns the number of decrypted bytes written, and the first reported error, if any.
N.B.: Because Veil messages are streamed, it is possible that this may write some decrypted data to dst before it can discover that the ciphertext is invalid. If Decrypt returns an error, all output written to dst should be discarded, as it cannot be ascertained to be authentic.
func (*PrivateKey) Derive ¶
func (pk *PrivateKey) Derive(subKeyID string) *PrivateKey
Derive derives a PrivateKey from the receiver with the given sub-key ID.
func (*PrivateKey) Encrypt ¶
func (pk *PrivateKey) Encrypt( dst io.Writer, src io.Reader, recipients []*PublicKey, fakes, padding int, ) (int64, error)
Encrypt encrypts the data from src such that all recipients will be able to decrypt and authenticate it and writes the results to dst. Returns the number of bytes copied and the first error reported while encrypting, if any.
func (*PrivateKey) PublicKey ¶
func (pk *PrivateKey) PublicKey() *PublicKey
PublicKey returns the corresponding PublicKey for the receiver.
type PublicKey ¶
type PublicKey struct {
// contains filtered or unexported fields
}
PublicKey is a key that's used to verify and encrypt messages.
It can be marshalled and unmarshalled as a base58 string for human consumption.
func (*PublicKey) MarshalBinary ¶
MarshalBinary encodes the public key into a 32-byte slice.
func (*PublicKey) MarshalText ¶
MarshalText encodes the public key into base58 text and returns the result.
func (*PublicKey) UnmarshalBinary ¶
UnmarshalBinary decodes the public key from a 32-byte slice.
func (*PublicKey) UnmarshalText ¶
UnmarshalText decodes the results of MarshalText and updates the receiver to contain the decoded public key.
type SecretKey ¶
type SecretKey struct {
// contains filtered or unexported fields
}
SecretKey is a key that's used to derive PrivateKey instances (and thus PublicKey instances).
It should never be serialized in plaintext. Use EncryptSecretKey to encrypt it using a passphrase.
func DecryptSecretKey ¶
DecryptSecretKey decrypts the given secret key with the given passphrase. Returns the decrypted secret key.
func (*SecretKey) Encrypt ¶
Encrypt encrypts the secret key with the given passphrase and optional PBE parameters. Returns the encrypted key.
func (*SecretKey) PrivateKey ¶
func (sk *SecretKey) PrivateKey(keyID string) *PrivateKey
PrivateKey returns a private key for the given key ID.
type Signature ¶
type Signature struct {
// contains filtered or unexported fields
}
Signature is a digital signature of a message, created by the holder of a secret key, which can be verified by anyone with the corresponding public key.
func (*Signature) MarshalBinary ¶
MarshalBinary encodes the signature into bytes.
func (*Signature) MarshalText ¶
MarshalText encodes the signature into base58 text and returns the result.
func (*Signature) UnmarshalBinary ¶
UnmarshalBinary decodes the signature from bytes.
func (*Signature) UnmarshalText ¶
UnmarshalText decodes the results of MarshalText and updates the receiver to contain the decoded signature.
Directories ¶
Path | Synopsis |
---|---|
Package internal contains various helper functions for writing STROBE protocols.
|
Package internal contains various helper functions for writing STROBE protocols. |
hpke
Package hpke provides the underlying STROBE protocol for Veil's authenticated hybrid public key encryption system.
|
Package hpke provides the underlying STROBE protocol for Veil's authenticated hybrid public key encryption system. |
mres
Package mres provides the underlying STROBE protocol for Veil's multi-recipient encryption system.
|
Package mres provides the underlying STROBE protocol for Veil's multi-recipient encryption system. |
pbenc
Package pbenc implements memory-hard password-based encryption via STROBE using balloon hashing.
|
Package pbenc implements memory-hard password-based encryption via STROBE using balloon hashing. |
scaldf
Package scaldf provides the underlying STROBE protocols for Veil's scalar derivation functions, which derive ristretto255 scalars from other pieces of data.
|
Package scaldf provides the underlying STROBE protocols for Veil's scalar derivation functions, which derive ristretto255 scalars from other pieces of data. |
schnorr
Package schnorr provides the underlying STROBE protocol for Veil's Schnorr signatures.
|
Package schnorr provides the underlying STROBE protocol for Veil's Schnorr signatures. |