crypto

package

v0.2.0 Latest Latest Go to latest Published: May 1, 2026 License: MIT Imports: 5 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/jmcleod/ironhand

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func DeriveMUK(secretKey []byte, passphrase string, opts ...DeriveMUKOption) ([]byte, error)
func ValidateArgon2idParams(p Argon2idParams) error
type Argon2idParams
- func Argon2idProfile(name string) (Argon2idParams, error)
- func DefaultArgon2idParams() Argon2idParams
type DeriveMUKOption
type KeyPair
- func GenerateX25519Keypair() (KeyPair, error)
type SecretKey
- func NewSecretKey() (SecretKey, error)
- func ParseSecretKey(str string) (SecretKey, error)

Constants ¶

View Source

const (
	KDFProfileInteractive = util.KDFProfileInteractive // sub-second, dev/testing
	KDFProfileModerate    = util.KDFProfileModerate    // production default
	KDFProfileSensitive   = util.KDFProfileSensitive   // high-value secrets
)

Named KDF profiles for different deployment scenarios.

Variables ¶

This section is empty.

Functions ¶

func DeriveMUK ¶

func DeriveMUK(secretKey []byte, passphrase string, opts ...DeriveMUKOption) ([]byte, error)

DeriveMUK derives a Master Unlock Key using the two-secret-key scheme (Argon2id + HKDF + XOR of passphrase-derived and secret-key-derived keys).

func ValidateArgon2idParams ¶

func ValidateArgon2idParams(p Argon2idParams) error

ValidateArgon2idParams checks that the given parameters meet the minimum acceptable thresholds.

Types ¶

type Argon2idParams ¶

type Argon2idParams = util.Argon2idParams

Argon2idParams configures Argon2id key derivation.

func Argon2idProfile ¶

func Argon2idProfile(name string) (Argon2idParams, error)

Argon2idProfile returns the Argon2idParams for a named profile.

func DefaultArgon2idParams ¶

func DefaultArgon2idParams() Argon2idParams

DefaultArgon2idParams returns the default Argon2id parameters (moderate profile).

type DeriveMUKOption ¶

type DeriveMUKOption func(*deriveMUKOptions)

DeriveMUKOption is a functional option for DeriveMUK.

func WithArgonParams ¶

func WithArgonParams(params Argon2idParams) DeriveMUKOption

WithArgonParams sets the Argon2id parameters.

func WithInfo ¶

func WithInfo(info []byte) DeriveMUKOption

WithInfo sets the info parameter for HKDF.

func WithSaltPass ¶

func WithSaltPass(salt []byte) DeriveMUKOption

WithSaltPass sets the salt used for passphrase derivation.

func WithSaltSecret ¶

func WithSaltSecret(salt []byte) DeriveMUKOption

WithSaltSecret sets the salt used for secret key derivation.

type KeyPair ¶

type KeyPair = util.KeyPair

KeyPair holds an X25519 public/private key pair.

func GenerateX25519Keypair ¶

func GenerateX25519Keypair() (KeyPair, error)

GenerateX25519Keypair generates a new X25519 key pair for member identity.

type SecretKey ¶

type SecretKey interface {
	fmt.Stringer
	Version() int
	ID() string
	Bytes() []byte
}

SecretKey represents a versioned, formatted secret key used as one of the two inputs to the MUK derivation scheme.

func NewSecretKey ¶

func NewSecretKey() (SecretKey, error)

NewSecretKey generates a new random secret key.

func ParseSecretKey ¶

func ParseSecretKey(str string) (SecretKey, error)

ParseSecretKey parses a secret key from its formatted string representation.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL