README
¶
cryptobox/strongbox This is a NaCL-like implementation of a cryptographic system using FIPS-compliant ciphers. strongbox provides 50-year security using AES-256 in CTR mode with HMAC-SHA-384, assuming keys are not compromised.
Documentation
¶
Overview ¶
strongbox is used to authenticate and secure small messages. It provides an interface similar to NaCL, but uses AES-256 with HMAC-SHA-384 for securing messages.
Messages should be secured using the Seal function, and recovered using the Open function. A box (or authenticated and encrypted message) will be Overhead bytes longer than the message it came from; this package will not obscure the length of the message. Keys, if they are not generated using the GenerateKey function, should be KeySize bytes long. The KeyIsSuitable function may be used to test a key is the proper length.
The boxes used in this package are suitable for 50-year security, assuming the keys are not compromised.
Index ¶
Constants ¶
const KeySize = cryptKeySize + tagKeySize
KeySize is the number of bytes a valid key should be.
const Overhead = aes.BlockSize + sha512.Size384
Overhead is the number of bytes of overhead when boxing a message.
const VersionString = "2.0.0"
Variables ¶
var PRNG = rand.Reader
The default source for random data is the crypto/rand package's Reader.
Functions ¶
func KeyIsSuitable ¶
IsKeySuitable returns true if the byte slice represents a valid secretbox key.
func Open ¶
Open authenticates and decrypts a sealed message, also returning whether the message was successfully opened. If this is false, the message must be discarded. The returned message will be Overhead bytes shorter than the box.
Source Files