Bencrypt

package
v1.4.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 16, 2026 License: MIT Imports: 27 Imported by: 2

README

Bencrypt

현재 표준 권장 알고리즘보다 더 높은 보안 여유를 지원하는 암호화 모듈입니다. 메모리 마스킹으로 유휴시간 동안의 평문 키 노출을 줄일 수 있습니다.

Encryption module that supports higher security margin than currently recommended standard algorithms. You can reduce plaintext key exposure during idle time through memory masking.

options

  • Hash: sha3, pbk2, arg2
  • Symmetric: gcm1, gcmx1
  • Asymmetric: rsa1, rsa2, ecc1, pqc1
python
class HashMaster:
    def __init__(algo: str, hashSize: int = 32, keySize: int = 44) -> None
    def KDF(pw: bytes, salt: bytes) -> (bytes, bytes)
    
class SymMaster:
    def __init__(algo: str, key: bytes) -> None
    def AfterSize(size: int) -> int
    def Processed() -> int
    def EnBin(data: bytes) -> bytes
    def DeBin(data: bytes) -> bytes
    def EnFile(src: io.IOBase, size: int, dst: io.IOBase) -> None
    def DeFile(src: io.IOBase, size: int, dst: io.IOBase) -> None

class AsymMaster:
    def __init__(algo: str) -> None
    def Genkey() -> (bytes, bytes)
    def Loadkey(public: bytes | None, private: bytes | None)
    def Encrypt(data: bytes) -> bytes
    def Decrypt(data: bytes) -> bytes
    def Sign(data: bytes) -> bytes
    def Verify(data: bytes, signature: bytes) -> bool

class Masker:
    def XOR(data: bytes) -> bytes

def Random(size: int) -> bytes
def SHA3256(data: bytes) -> bytes
def SHA3512(data: bytes) -> bytes
javascript
class HashMaster {
    constructor(algo: string, hashSize: number = 32, keySize: number = 44)
    async function KDF(pw, salt): Promise<[Uint8Array, Uint8Array]>
}

class SymMaster {
    constructor(algo: string, key: Uint8Array)
    AfterSize(size: number): number
    Processed(): number
    async function EnBin(data): Promise<Uint8Array>
    async function DeBin(data): Promise<Uint8Array>
    async function EnFile(src, size, dst)
    async function DeFile(src, size, dst)
}

class AsymMaster {
    constructor(algo: string)
    async function Genkey(): Promise<[Uint8Array, Uint8Array]>
    async function Loadkey(pub, pri)
    async function Encrypt(data): Promise<Uint8Array>
    async function Decrypt(data): Promise<Uint8Array>
    async function Sign(data): Promise<Uint8Array>
    async function Verify(data, signature): Promise<boolean>
}

class Masker {
    function XOR(data: Uint8Array): Uint8Array
}

function Random(size: number): Uint8Array
function SHA3256(data: Uint8Array | string): Uint8Array
function SHA3512(data: Uint8Array | string): Uint8Array
golang
struct HashMaster {
    func Init(algo string, hashSize int, keySize int) error
    func KDF(pw []byte, salt []byte) ([]byte, []byte, error)
}

struct SymMaster {
    func Init(algo string, key []byte) error
    func AfterSize(size int64) int64
    func Processed() int64
    func EnBin(data []byte) ([]byte, error)
    func DeBin(data []byte) ([]byte, error)
    func EnFile(src io.Reader, size int64, dst io.Writer, chunkSize int) error
    func DeFile(src io.Reader, size int64, dst io.Writer, chunkSize int) error
}

struct AsymMaster {
    func Init(algo string) error
    func Genkey() ([]byte, []byte, error)
    func Loadkey(public []byte, private []byte) error
    func Encrypt(data []byte) ([]byte, error)
    func Decrypt(data []byte) ([]byte, error)
    func Sign(data []byte) ([]byte, error)
    func Verify(data []byte, signature []byte) bool
}

GetMasker(poolSizeMb int) *Masker
type Masker struct {
    func XOR(data []byte) ([]byte, error)
}

func Random(size int) []byte
func SHA3256(data []byte) []byte
func SHA3512(data []byte) []byte
java
class Bencrypt {
    static class HashMaster {
        HashMaster(String algo, int hashSize, int keySize)
        HashMaster(String algo)
        byte[][] KDF(byte[] pw, byte[] salt)
    }
    
    static class SymMaster {
        SymMaster(String algo, byte[] key)
        long AfterSize(long size)
        long Processed()
        byte[] EnBin(byte[] data)
        byte[] DeBin(byte[] data)
        void EnFile(InputStream src, long size, OutputStream dst)
        void DeFile(InputStream src, long size, OutputStream dst)
    }

    static class AsymMaster {
        AsymMaster(String algo)
        byte[][] Genkey()
        void Loadkey(byte[] pubBytes, byte[] priBytes)
        byte[] Encrypt(byte[] data)
        byte[] Decrypt(byte[] data)
        byte[] Sign(byte[] data)
        boolean Verify(byte[] data, byte[] signature)
    }

    static class Masker {
        Masker GetMasker()
        byte[] XOR(byte[] data)
    }

    // Basic Functions
    byte[] Random(int size)
    static byte[] SHA3256(byte[] data)
    static byte[] SHA3512(byte[] data)
}

Usage

Memory Masker
  • The purpose of masking is to reduce the attack surface where critical memory is exposed to swap
  • Mask long-lived byte arrays in memory
  • Using plaintext for short-lived variables like local variables with wiping is allowed
Hash Functions
  • Used for data validation and key derivation
  • Password (Low Entropy) + Salt (Stored for deterministic behavior) --(Hash/KDF)-> Master Secret (High Entropy) --(HMAC with different labels)-> Password Storage Hash, Session Key
Symmetric Encryption
  • Used for large object encryption
  • AES-256 is considered safe even in the era of quantum computers
Asymmetric Encryption
  • Used for communication between users
  • Use PQC algorithms for data used after year 2040 or for long-term storage
  • You may use ECC for non-stored short-term data

Format Standard

SHA3
  • Supports SHA3-256/512. HashMaster and HMAC genkey is based on SHA3-512
  • It can be used for linking subsystems, not directly hashing raw password
  • Method sha3 parameter: single SHA3-512
PBKDF2
  • classic key derivation function
  • Method pbk2 parameter: Hash=SHA-512, Iter=1000000, Outsize=64B
Argon2id
  • Modern key derivation function
  • Method arg2 parameter: Time=3, Memory=262144, Parallel=4, Outsize=48B, requires 256MiB
AES-GCM
  • 44B integrated key: [iv 12B][key 32B]
  • Method gcm1 format: [CipherText][Tag 16B]
  • Method gcmx1 format: [CipherText 0][Tag 0 16B][CipherText 1][Tag 1 16B]..., Divides input into 1MiB chunks and applies independent IVs (Base IV[4:12] XOR counter).
  • Each Message Must Have Their Own Key: Do not use same key twice, derive key from random source or use random salt (use Opsec layer)
RSA
  • Legacy asymmetric algorithm
  • Method rsa1 is RSA-2048 and rsa2 is RSA-4096
  • Key format: PKIX-DER for public key and PKCS8-DER for private key
  • OAEP-SHA-512 for encryption and PKCS#1 v1.5 SHA-256 for signature
ECC
  • Modern asymmetric algorithm using Curve448, which is independent from NSA issues
  • Key format: [X448 56B][Ed448 57B] for both public and private key
  • Encryption: [KeyLen 1B][TempKey][CipherText][Tag 16B]
  • Signature: raw bytes using ECDSA Ed448
PQC1
  • Hybrid model using both Curve448 and NIST FIPS 203/204
  • Safe after post-quantum attacks
  • Public Key: [ECC-X448 56B][ECC-Ed448 57B][ML-KEM1024 1568B][ML-DSA87 2592B] (4273B)
  • Private Key: [ECC-X448 56B][ECC-Ed448 57B][ML-KEM1024 3168B][ML-DSA87 4896B] (8177B)
  • Encryption: [Temp ECC-X448 56B][Temp ML-KEM1024 1568B][CipherText][Tag 16B] with HMAC(ECDH + ML-SSV)
  • Signature: [ECC-Ed448 114B][ML-DSA87 4627B] (4741B), both parts are verified

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Argon2 added in v1.1.1 

func Argon2(pw []byte, salt []byte) []byte

func Argon2Hash 

func Argon2Hash(pw []byte, salt []byte) string

func Argon2Verify 

func Argon2Verify(hashed string, pw []byte) bool

func Genkey 

func Genkey(data []byte, lbl string, size int) ([]byte, error)

make key using HMAC-SHA3-512

func Pbkdf2 

func Pbkdf2(pw []byte, salt []byte, iter int, outsize int) []byte

========== Hash Functions ==========

func Random 

func Random(size int) []byte

========== Basic Functions ==========

func SHA3256 added in v1.0.1 

func SHA3256(data []byte) []byte

func SHA3512 added in v1.0.1 

func SHA3512(data []byte) []byte

Types

type AES1 

type AES1 struct {
	// contains filtered or unexported fields
}

========== AES Encryption ==========

func (*AES1) DeAESGCM 

func (a *AES1) DeAESGCM(key []byte, data []byte) ([]byte, error)

AES-GCM decryption, 44B key (12B IV + 32B AES Key)

func (*AES1) DeAESGCMx 

func (a *AES1) DeAESGCMx(key []byte, src io.Reader, size int64, dst io.Writer, chunkSize int) error

AES-GCM extended, 44B key (12B IV + 32B AES Key), default chunkSize=1048576

func (*AES1) EnAESGCM 

func (a *AES1) EnAESGCM(key []byte, data []byte) ([]byte, error)

AES-GCM encryption, 44B key (12B IV + 32B AES Key)

func (*AES1) EnAESGCMx 

func (a *AES1) EnAESGCMx(key []byte, src io.Reader, size int64, dst io.Writer, chunkSize int) error

AES-GCM extended, 44B key (12B IV + 32B AES Key), default chunkSize=1048576

func (*AES1) Init 

func (a *AES1) Init()

func (*AES1) Processed 

func (a *AES1) Processed() int64

type AsymMaster added in v0.2.0 

type AsymMaster struct {
	Algo string // algo: "rsa1", "rsa2", "ecc1", "pqc1"
	// contains filtered or unexported fields
}

========== Asymetric Encryption Master ==========

func (*AsymMaster) Decrypt added in v0.2.0 

func (am *AsymMaster) Decrypt(data []byte) ([]byte, error)

func (*AsymMaster) Encrypt added in v0.2.0 

func (am *AsymMaster) Encrypt(data []byte) ([]byte, error)

func (*AsymMaster) Genkey added in v0.2.0 

func (am *AsymMaster) Genkey() ([]byte, []byte, error)

Generate key pair

func (*AsymMaster) Init added in v0.2.0 

func (am *AsymMaster) Init(algo string) error

func (*AsymMaster) Loadkey added in v0.2.0 

func (am *AsymMaster) Loadkey(public []byte, private []byte) error

func (*AsymMaster) Sign added in v0.2.0 

func (am *AsymMaster) Sign(data []byte) ([]byte, error)

func (*AsymMaster) Verify added in v0.2.0 

func (am *AsymMaster) Verify(data []byte, signature []byte) bool

type ECC1 

type ECC1 struct {
	// X448 Keys (Encryption)
	PrivX *x448.Key
	PubX  *x448.Key

	// Ed448 Keys (Signing)
	PrivEd ed448.PrivateKey
	PubEd  ed448.PublicKey
}

========== ECC Encryption ==========

func (*ECC1) Decrypt 

func (e *ECC1) Decrypt(data []byte) ([]byte, error)

Decrypt data using private key (Hybrid: ECDH + AES-GCM)

func (*ECC1) Encrypt 

func (e *ECC1) Encrypt(data []byte) ([]byte, error)

Encrypt data using public key (Hybrid: ECDH + AES-GCM)

func (*ECC1) Genkey 

func (e *ECC1) Genkey() ([]byte, []byte, error)

Generates keys: [X448 56B][Ed448 57B], (public bytes, private bytes, error)

func (*ECC1) Loadkey 

func (e *ECC1) Loadkey(public []byte, private []byte) error

Load keys. Public must be 113B, Private must be 113B.

func (*ECC1) Sign 

func (e *ECC1) Sign(data []byte) ([]byte, error)

Ed448 Sign (empty context is default)

func (*ECC1) Verify 

func (e *ECC1) Verify(data []byte, signature []byte) bool

Ed448 Verify

type HashMaster added in v1.1.1 

type HashMaster struct {
	// contains filtered or unexported fields
}

========== Hash Function Master ==========

func (*HashMaster) Init added in v1.1.1 

func (hm *HashMaster) Init(algo string, hashSize int, keySize int) error

func (*HashMaster) KDF added in v1.1.1 

func (hm *HashMaster) KDF(pw []byte, salt []byte) ([]byte, []byte, error)

type Masker added in v1.4.2 

type Masker struct {
	// contains filtered or unexported fields
}

func GetMasker added in v1.4.2 

func GetMasker(poolSizeMb int) *Masker

Get singleton instance

func (*Masker) XOR added in v1.4.2 

func (m *Masker) XOR(data []byte) ([]byte, error)

XOR Masking

type PQC1 added in v1.1.1 

type PQC1 struct {
	// ECC Keys
	PubX   *x448.Key
	PrivX  *x448.Key
	PubEd  ed448.PublicKey
	PrivEd ed448.PrivateKey

	// PQC Key Bytes (Raw Bytes Storage)
	PubKEM  []byte
	PrivKEM []byte
	PubDSA  []byte
	PrivDSA []byte
	// contains filtered or unexported fields
}

========== PQC1 Encryption ==========

func (*PQC1) Decrypt added in v1.1.1 

func (p *PQC1) Decrypt(data []byte) ([]byte, error)

func (*PQC1) Encrypt added in v1.1.1 

func (p *PQC1) Encrypt(data []byte) ([]byte, error)

func (*PQC1) Genkey added in v1.1.1 

func (p *PQC1) Genkey() ([]byte, []byte, error)

func (*PQC1) Loadkey added in v1.1.1 

func (p *PQC1) Loadkey(public []byte, private []byte) error

func (*PQC1) Sign added in v1.1.1 

func (p *PQC1) Sign(data []byte) ([]byte, error)

func (*PQC1) Verify added in v1.1.1 

func (p *PQC1) Verify(data []byte, signature []byte) bool

type RSA1 

type RSA1 struct {
	Private *rsa.PrivateKey
	Public  *rsa.PublicKey
}

========== RSA Encryption ==========

func (*RSA1) Decrypt 

func (r *RSA1) Decrypt(data []byte) ([]byte, error)

OAEP-SHA-512

func (*RSA1) Encrypt 

func (r *RSA1) Encrypt(data []byte) ([]byte, error)

OAEP-SHA-512

func (*RSA1) Genkey 

func (r *RSA1) Genkey(bits int) ([]byte, []byte, error)

DER(PKIX, PKCS8) format, returns (public, private, error)

func (*RSA1) Loadkey 

func (r *RSA1) Loadkey(public []byte, private []byte) error

Load keys from DER(PKIX, PKCS8) format bytes. Pass nil to skip.

func (*RSA1) Sign 

func (r *RSA1) Sign(data []byte) ([]byte, error)

PKCS1 v1.5 + SHA256

func (*RSA1) Verify 

func (r *RSA1) Verify(data []byte, signature []byte) bool

PKCS1 v1.5 + SHA256, returns true if valid

type SymMaster added in v0.2.0 

type SymMaster struct {
	Algo string
	Key  []byte
	// contains filtered or unexported fields
}

========== Master Class ==========

func (*SymMaster) AfterSize added in v0.2.0 

func (sm *SymMaster) AfterSize(size int64) int64

func (*SymMaster) DeBin added in v0.2.0 

func (sm *SymMaster) DeBin(data []byte) ([]byte, error)

func (*SymMaster) DeFile added in v0.2.0 

func (sm *SymMaster) DeFile(src io.Reader, size int64, dst io.Writer) error

func (*SymMaster) EnBin added in v0.2.0 

func (sm *SymMaster) EnBin(data []byte) ([]byte, error)

func (*SymMaster) EnFile added in v0.2.0 

func (sm *SymMaster) EnFile(src io.Reader, size int64, dst io.Writer) error

func (*SymMaster) Init added in v0.2.0 

func (sm *SymMaster) Init(algo string, key []byte) error

func (*SymMaster) Processed added in v0.2.0 

func (sm *SymMaster) Processed() int64

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.