Documentation ¶
Index ¶
- func Decrypt(w io.Writer, r io.Reader, header []byte, key *SymmetricKey) error
- func Encrypt(w io.Writer, r io.Reader, header []byte, key *SymmetricKey) error
- type Ciphertext
- type Header
- type KeyScheme
- type PublicKey
- type SecretKey
- type SymmetricKey
- func Decapsulate(h *Header, sk *SecretKey) (*SymmetricKey, error)
- func Encapsulate(rand io.Reader, pk *PublicKey) (header []byte, key *SymmetricKey, err error)
- func PassphraseHeader(rand io.Reader, passphrase []byte, time, memory uint32) (header []byte, key *SymmetricKey, err error)
- func PassphraseKey(h *Header, passphrase []byte) (*SymmetricKey, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Ciphertext ¶
type Ciphertext = [ntrup.CiphertextSize]byte
Ciphertext is a type alias for a properly-sized byte array to represent the ciphertext of a Streamlined NTRU Prime 4591^761 encapsulated key.
type Header ¶
type Header struct { Bytes []byte Scheme KeyScheme // For StreamlinedNTRUPrime4591761Scheme Ciphertext *Ciphertext // For Argon2idScheme Salt []byte Time uint32 Memory uint32 Threads uint8 Tag [16]byte }
Header represents a parsed stream header. It records the keying scheme for the stream symmetric key, as well as parameters needed to derive the key given the specific scheme. The Bytes field records the raw bytes of the full header, which must be passed to Decrypt for authentication.
type KeyScheme ¶
type KeyScheme byte
KeyScheme describes the keying scheme used for message encryption. It is recorded in the stream header, and decrypters must first parse the scheme from the header before deriving or recovering the encryption key.
type PublicKey ¶
type PublicKey = [ntrup.PublicKeySize]byte
PublicKey is a type alias for a properly-sized byte array to represent a Streamlined NTRU Prime 4591^761 public key.
type SecretKey ¶
type SecretKey = [ntrup.PrivateKeySize]byte
SecretKey is a type alias for a properly-sized byte array to represent a Streamlined NTRU Prime 4591^761 secret key.
type SymmetricKey ¶
type SymmetricKey = [chacha20poly1305.KeySize]byte
SymmetricKey is a type alias for a properly-sized byte array for a ChaCha20-Poly1305 symmetric encryption key.
func Decapsulate ¶
func Decapsulate(h *Header, sk *SecretKey) (*SymmetricKey, error)
Decapsulate decrypts a PKI encrypted symmetric key from the header. The scheme must be for PKI encryption.
func Encapsulate ¶
Encapsulate creates the header beginning a PKI encryption stream. It derives an ephemeral ChaCha20-Poly1305 symmetric key and encapsulates (encrypts) the key for the public key pk, recording the key ciphertext in the header. Cryptographically-secure randomness is read from rand.
func PassphraseHeader ¶
func PassphraseHeader(rand io.Reader, passphrase []byte, time, memory uint32) (header []byte, key *SymmetricKey, err error)
PassphraseHeader creates the header beginning a passphrase-protected encryption stream. The time and memory parameters describe Argon2id difficulty parameters, where memory is measured in KiB. Cryptographically-secure randomness is read from rand.
func PassphraseKey ¶
func PassphraseKey(h *Header, passphrase []byte) (*SymmetricKey, error)
PassphraseKey derives a symmetric key from a passphrase. The header scheme must be for symmetric passphrase encryption.