veil

package
v0.0.0-...-5d1c50d Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 12, 2021 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Overview

Package veil implements the Veil hybrid cryptosystem.

Veil is an incredibly experimental hybrid cryptosystem for sending and receiving confidential, authentic multi-recipient messages which are indistinguishable from random noise by an attacker. Unlike e.g. GPG messages, Veil messages contain no metadata or format details which are not encrypted. As a result, a global passive adversary would be unable to gain any information from a Veil message beyond traffic analysis. Messages can be padded with random bytes to disguise their true length, and fake recipients can be added to disguise their true number from other recipients.

You should not use this.

Example 
// Alice generates a secret key.
alice, err := NewSecretKey()
if err != nil {
	panic(err)
}

// Alice derives a private key with the ID "/friends/bea", generates a public key from that, and
// shares the public key with Bea.
aliceBeaPriv := alice.PrivateKey("/friends/bea")
aliceBeaPub := aliceBeaPriv.PublicKey()

// Bea generates a secret key.
bea, err := NewSecretKey()
if err != nil {
	panic(err)
}

// Bea derives a private key with the ID "/friends/alice", generates a public key from that, and
// shares the public key with Alice.
beaAlicePriv := bea.PrivateKey("/friends/alice")
beaAlicePub := beaAlicePriv.PublicKey()

// Alice writes a message.
message := bytes.NewReader([]byte("one two three four I declare a thumb war"))
encrypted := bytes.NewBuffer(nil)

// Alice encrypts the message for herself, Bea, and 98 fake recipients, adding random padding to
// disguise its true length. She uses the "/friends/bea" private key to encrypt the message
// because it corresponds with the public key she sent Bea.
_, err = aliceBeaPriv.Encrypt(encrypted, message, []*PublicKey{aliceBeaPub, beaAlicePub}, 98, 4829)
if err != nil {
	panic(err)
}

// Alice sends the message to Bea.
received := bytes.NewReader(encrypted.Bytes())
decrypted := bytes.NewBuffer(nil)

// Bea decrypts the message. She uses the "/friends/alice" private key because it corresponds
// with the public key she sent Alice.
_, err = beaAlicePriv.Decrypt(decrypted, received, aliceBeaPub)
if err != nil {
	panic(err)
}

// Bea views the decrypted message.
fmt.Println(decrypted.String())

Output:

one two three four I declare a thumb war

Index

Examples

Constants

This section is empty.

Variables

View Source 
var (
	// ErrInvalidCiphertext is returned when a ciphertext cannot be decrypted, either due to an
	// incorrect key or tampering.
	ErrInvalidCiphertext = internal.ErrInvalidCiphertext

	// ErrInvalidSignature is returned when a signature, public key, and message do not match.
	ErrInvalidSignature = errors.New("invalid signature")
)

Functions

This section is empty.

Types

type PBEParams 

type PBEParams struct {
	Time, Space uint32 // The time and space parameters.
}

PBEParams contains the parameters of the passphrase-based KDF.

type PrivateKey 

type PrivateKey struct {
	// contains filtered or unexported fields
}

PrivateKey is a private key derived from a SecretKey, used to decrypt and sign messages.

func (*PrivateKey) Decrypt 

func (pk *PrivateKey) Decrypt(dst io.Writer, src io.Reader, sender *PublicKey) (int64, error)

Decrypt decrypts the data in src if originally encrypted by the given public key. Returns the number of decrypted bytes written, and the first reported error, if any.

N.B.: Because Veil messages are streamed, it is possible that this may write some decrypted data to dst before it can discover that the ciphertext is invalid. If Decrypt returns an error, all output written to dst should be discarded, as it cannot be ascertained to be authentic.

func (*PrivateKey) Derive 

func (pk *PrivateKey) Derive(subKeyID string) *PrivateKey

Derive derives a PrivateKey from the receiver with the given sub-key ID.

func (*PrivateKey) Encrypt 

func (pk *PrivateKey) Encrypt(
	dst io.Writer, src io.Reader, recipients []*PublicKey, fakes, padding int,
) (int64, error)

Encrypt encrypts the data from src such that all recipients will be able to decrypt and authenticate it and writes the results to dst. Returns the number of bytes copied and the first error reported while encrypting, if any.

func (*PrivateKey) PublicKey 

func (pk *PrivateKey) PublicKey() *PublicKey

PublicKey returns the corresponding PublicKey for the receiver.

func (*PrivateKey) Sign 

func (pk *PrivateKey) Sign(src io.Reader) (*Signature, error)

Sign returns a signature of the contents of src.

type PublicKey 

type PublicKey struct {
	// contains filtered or unexported fields
}

PublicKey is a key that's used to verify and encrypt messages.

It can be marshalled and unmarshalled as a base58 string for human consumption.

func (*PublicKey) Derive 

func (pk *PublicKey) Derive(subKeyID string) *PublicKey

Derive derives a PublicKey from the receiver with the given sub-key ID.

func (*PublicKey) MarshalBinary 

func (pk *PublicKey) MarshalBinary() (data []byte, err error)

MarshalBinary encodes the public key into a 32-byte slice.

func (*PublicKey) MarshalText 

func (pk *PublicKey) MarshalText() (text []byte, err error)

MarshalText encodes the public key into base58 text and returns the result.

func (*PublicKey) String 

func (pk *PublicKey) String() string

String returns the public key as base58 text.

func (*PublicKey) UnmarshalBinary 

func (pk *PublicKey) UnmarshalBinary(data []byte) error

UnmarshalBinary decodes the public key from a 32-byte slice.

func (*PublicKey) UnmarshalText 

func (pk *PublicKey) UnmarshalText(text []byte) error

UnmarshalText decodes the results of MarshalText and updates the receiver to contain the decoded public key.

func (*PublicKey) Verify 

func (pk *PublicKey) Verify(src io.Reader, sig *Signature) error

Verify returns nil if the given signature was created by the owner of the given public key for the contents of src, otherwise ErrInvalidSignature.

type SecretKey 

type SecretKey struct {
	// contains filtered or unexported fields
}

SecretKey is a key that's used to derive PrivateKey instances (and thus PublicKey instances).

It should never be serialized in plaintext. Use EncryptSecretKey to encrypt it using a passphrase.

func DecryptSecretKey 

func DecryptSecretKey(passphrase, ciphertext []byte) (*SecretKey, error)

DecryptSecretKey decrypts the given secret key with the given passphrase. Returns the decrypted secret key.

func NewSecretKey 

func NewSecretKey() (*SecretKey, error)

NewSecretKey creates a new secret key.

func (*SecretKey) Encrypt 

func (sk *SecretKey) Encrypt(passphrase []byte, params *PBEParams) ([]byte, error)

Encrypt encrypts the secret key with the given passphrase and optional PBE parameters. Returns the encrypted key.

func (*SecretKey) PrivateKey 

func (sk *SecretKey) PrivateKey(keyID string) *PrivateKey

PrivateKey returns a private key for the given key ID.

func (*SecretKey) PublicKey 

func (sk *SecretKey) PublicKey(keyID string) *PublicKey

PublicKey returns a public key for the given key ID.

func (*SecretKey) String 

func (sk *SecretKey) String() string

String returns a safe identifier for the key.

type Signature 

type Signature struct {
	// contains filtered or unexported fields
}

Signature is a digital signature of a message, created by the holder of a secret key, which can be verified by anyone with the corresponding public key.

func (*Signature) MarshalBinary 

func (s *Signature) MarshalBinary() (data []byte, err error)

MarshalBinary encodes the signature into bytes.

func (*Signature) MarshalText 

func (s *Signature) MarshalText() (text []byte, err error)

MarshalText encodes the signature into base58 text and returns the result.

func (*Signature) String 

func (s *Signature) String() string

String returns the signature as base58 text.

func (*Signature) UnmarshalBinary 

func (s *Signature) UnmarshalBinary(data []byte) error

UnmarshalBinary decodes the signature from bytes.

func (*Signature) UnmarshalText 

func (s *Signature) UnmarshalText(text []byte) error

UnmarshalText decodes the results of MarshalText and updates the receiver to contain the decoded signature.

Source Files

View all Source files

Directories

Path Synopsis
Package internal contains various helper functions for writing STROBE protocols.
 Package internal contains various helper functions for writing STROBE protocols.
hpke
Package hpke provides the underlying STROBE protocol for Veil's authenticated hybrid public key encryption system.
 Package hpke provides the underlying STROBE protocol for Veil's authenticated hybrid public key encryption system.
mres
Package mres provides the underlying STROBE protocol for Veil's multi-recipient encryption system.
 Package mres provides the underlying STROBE protocol for Veil's multi-recipient encryption system.
pbenc
Package pbenc implements memory-hard password-based encryption via STROBE using balloon hashing.
 Package pbenc implements memory-hard password-based encryption via STROBE using balloon hashing.
protocol
scaldf
Package scaldf provides the underlying STROBE protocols for Veil's scalar derivation functions, which derive ristretto255 scalars from other pieces of data.
 Package scaldf provides the underlying STROBE protocols for Veil's scalar derivation functions, which derive ristretto255 scalars from other pieces of data.
schnorr
Package schnorr provides the underlying STROBE protocol for Veil's Schnorr signatures.
 Package schnorr provides the underlying STROBE protocol for Veil's Schnorr signatures.
schnorr/sigio

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.