Documentation
¶
Overview ¶
Package denygo implements the deny.sh deniable encryption algorithm.
Algorithm-compatible with the TypeScript and Python reference implementations. Ciphertext produced by any SDK can be decrypted by any other.
Algorithm:
ENCRYPT:
- Derive AES-256 key from password1 + password2 via scrypt
- Prepend 4-byte LE plaintext length to plaintext (inside encrypted zone)
- XOR (length + plaintext) with control data
- AES-256-CTR encrypt the result
- Prepend: salt (32 bytes) + IV (16 bytes) as unencrypted header
DECRYPT:
- Extract salt + IV from header
- Re-derive AES-256 key from passwords + salt
- AES-256-CTR decrypt payload
- XOR with control data
- Read 4-byte length prefix, trim plaintext to that length
DENIABLE DECRYPTION:
Given ciphertext + passwords + desired fake plaintext: 1. AES decrypt to get intermediate (= length+plaintext XOR controlData) 2. Construct fake payload = 4-byte-length(fake) + fake plaintext + random padding 3. New control data = intermediate XOR fake payload 4. Now decrypting with new control file produces the fake plaintext
Index ¶
- Constants
- func Decrypt(ciphertext []byte, password1, password2 string, controlData []byte) ([]byte, error)
- func DeriveKey(password1, password2 string, salt []byte) []byte
- func Encrypt(plaintext []byte, password1, password2 string, controlData []byte) ([]byte, []byte, error)
- func GenerateControlData(size int) []byte
- func GenerateDeniableControl(ciphertext []byte, password1, password2 string, desiredPlaintext []byte) ([]byte, error)
Constants ¶
const ( SaltLength = 32 IVLength = 16 KeyLength = 32 // AES-256 HeaderLength = SaltLength + IVLength // 48 bytes LengthPrefix = 4 // 4-byte LE length prefix )
Constants matching the TypeScript/Python reference implementations.
Variables ¶
This section is empty.
Functions ¶
func DeriveKey ¶
DeriveKey derives an AES-256 key from two passwords and a salt using scrypt. Combines both passwords via SHA-256 hashing to avoid length ambiguities.
func Encrypt ¶
func Encrypt(plaintext []byte, password1, password2 string, controlData []byte) ([]byte, []byte, error)
Encrypt encrypts plaintext using dual passwords and control data.
If controlData is nil, random control data is generated automatically. Returns (ciphertext, controlData, error). Ciphertext format: salt(32) + iv(16) + AES-256-CTR(payload XOR controlData).
func GenerateControlData ¶
GenerateControlData generates cryptographically secure random control data.
func GenerateDeniableControl ¶
func GenerateDeniableControl(ciphertext []byte, password1, password2 string, desiredPlaintext []byte) ([]byte, error)
GenerateDeniableControl generates new control data that makes existing ciphertext decrypt to a completely different plaintext.
Given:
- Original ciphertext (encrypted with password1 + password2 + originalControlData)
- The same passwords
- A desired fake plaintext
Returns new control data such that Decrypt(ciphertext, pw1, pw2, newControl) = desiredPlaintext.
Types ¶
This section is empty.