crypto

package

v0.1.4 Latest Latest Go to latest Published: Apr 22, 2026 License: MIT Imports: 11 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/ekristen/cryptkey

Links

Open Source Insights

Documentation ¶

Overview ¶

Package crypto provides cryptographic primitives for cryptkey: HKDF-SHA256 key derivation and AES-256-GCM authenticated encryption of Shamir shares.

Index ¶

func ConfigHMAC(masterKey, data []byte) ([]byte, error)
func DecryptShare(providerSecret, aad []byte, es *EncryptedShare) ([]byte, error)
func DeriveOutputKey(masterKey, salt []byte, info string, length int) ([]byte, error)
func VerifyConfigHMAC(masterKey, data, expected []byte) (bool, error)
func WipeBytes(b []byte)
type EncryptedShare
- func EncryptShare(providerSecret, share, aad []byte) (*EncryptedShare, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ConfigHMAC ¶

func ConfigHMAC(masterKey, data []byte) ([]byte, error)

ConfigHMAC computes an HMAC-SHA256 over data using a key derived from the master key. Used to detect config tampering without storing the master key.

func DecryptShare ¶

func DecryptShare(providerSecret, aad []byte, es *EncryptedShare) ([]byte, error)

DecryptShare decrypts a Shamir share using a provider's 32-byte secret. The aad must match the value used during encryption.

func DeriveOutputKey ¶

func DeriveOutputKey(masterKey, salt []byte, info string, length int) ([]byte, error)

DeriveOutputKey stretches a reconstructed master key through HKDF-SHA256 into a final output key of the requested length. salt and info provide per-profile domain separation.

func VerifyConfigHMAC ¶

func VerifyConfigHMAC(masterKey, data, expected []byte) (bool, error)

VerifyConfigHMAC checks a config HMAC against expected.

func WipeBytes ¶

func WipeBytes(b []byte)

WipeBytes zeroes a byte slice and uses runtime.KeepAlive to discourage the compiler from optimizing the zeroing away. This is a best-effort mitigation: Go's garbage collector may copy heap objects during compaction, leaving prior copies in freed pages that are not wiped. For true memory-forensic resistance, an mlock/madvise approach or a non-GC language would be required. Use this for all secret material cleanup regardless — it raises the bar meaningfully.

Types ¶

type EncryptedShare ¶

type EncryptedShare struct {
	Ciphertext []byte // AES-256-GCM ciphertext (includes GCM tag)
	Nonce      []byte // GCM nonce
	Salt       []byte // HKDF salt used to derive the AES key
}

EncryptedShare holds the ciphertext and parameters needed to decrypt a Shamir share given the originating provider's 32-byte secret.

func EncryptShare ¶

func EncryptShare(providerSecret, share, aad []byte) (*EncryptedShare, error)

EncryptShare encrypts a Shamir share using a provider's 32-byte secret. The aad parameter binds the ciphertext to context (e.g. provider type and ID).

Flow: HKDF-SHA256(secret, random_salt, info) → 32-byte AES key → AES-256-GCM(share, aad).

Source Files ¶

View all Source files

envelope.go

Directories ¶

Path	Synopsis
hkdfinfo Package hkdfinfo is the central registry of HKDF info strings used throughout cryptkey.	Package hkdfinfo is the central registry of HKDF info strings used throughout cryptkey.
keyformat Package keyformat converts raw 32-byte derived keys into structured cryptographic key formats (age identities, OpenSSH ed25519 keys).	Package keyformat converts raw 32-byte derived keys into structured cryptographic key formats (age identities, OpenSSH ed25519 keys).
shamir Package shamir implements Shamir's Secret Sharing over GF(256).	Package shamir implements Shamir's Secret Sharing over GF(256).

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL