Documentation ¶
Index ¶
- func SetLogger(l Logger)
- type BoxKey
- func (k BoxKey) Box(receiver ksaltpack.BoxPublicKey, nonce ksaltpack.Nonce, msg []byte) []byte
- func (k BoxKey) GetPublicKey() ksaltpack.BoxPublicKey
- func (k BoxKey) Precompute(peer ksaltpack.BoxPublicKey) ksaltpack.BoxPrecomputedSharedKey
- func (k BoxKey) Unbox(sender ksaltpack.BoxPublicKey, nonce ksaltpack.Nonce, msg []byte) ([]byte, error)
- type BoxPublicKey
- type ContextLogger
- type LogLevel
- type Logger
- type Mode
- type Saltpack
- func (s *Saltpack) ArmorBrand() string
- func (s *Saltpack) Armored() bool
- func (s *Saltpack) CreateEphemeralKey() (ksaltpack.BoxSecretKey, error)
- func (s *Saltpack) Decrypt(b []byte) ([]byte, keyup.ID, error)
- func (s *Saltpack) Encrypt(b []byte, sender keyup.Key, recipients ...keyup.PublicKey) ([]byte, error)
- func (s *Saltpack) GetAllBoxSecretKeys() []ksaltpack.BoxSecretKey
- func (s *Saltpack) ImportBoxEphemeralKey(kid []byte) ksaltpack.BoxPublicKey
- func (s *Saltpack) LookupBoxPublicKey(kid []byte) ksaltpack.BoxPublicKey
- func (s *Saltpack) LookupBoxSecretKey(kids [][]byte) (int, ksaltpack.BoxSecretKey)
- func (s *Saltpack) LookupSigningPublicKey(b []byte) ksaltpack.SigningPublicKey
- func (s *Saltpack) Mode() Mode
- func (s *Saltpack) NewDecryptStream(r io.Reader) (io.Reader, keyup.ID, error)
- func (s *Saltpack) NewEncryptStream(w io.Writer, sender keyup.Key, recipients ...keyup.PublicKey) (io.WriteCloser, error)
- func (s *Saltpack) NewOpenStream(r io.Reader) (io.Reader, keyup.ID, error)
- func (s *Saltpack) NewSealStream(w io.Writer, sender keyup.Key, recipients ...keyup.PublicKey) (io.WriteCloser, error)
- func (s *Saltpack) NewSignStream(w io.Writer, key keyup.Key, detached bool) (io.WriteCloser, error)
- func (s *Saltpack) NewSigncryptOpenStream(r io.Reader) (io.Reader, keyup.ID, error)
- func (s *Saltpack) NewSigncryptStream(w io.Writer, sender keyup.Key, recipients ...keyup.PublicKey) (io.WriteCloser, error)
- func (s *Saltpack) NewVerifyArmoredStream(r io.Reader) (io.Reader, keyup.ID, error)
- func (s *Saltpack) NewVerifyStream(r io.Reader) (io.Reader, keyup.ID, error)
- func (s *Saltpack) Open(b []byte) ([]byte, keyup.ID, error)
- func (s *Saltpack) Seal(b []byte, sender keyup.Key, recipients ...keyup.PublicKey) ([]byte, error)
- func (s *Saltpack) SetArmorBrand(brand string)
- func (s *Saltpack) SetArmored(b bool)
- func (s *Saltpack) SetMode(m Mode)
- func (s *Saltpack) Sign(b []byte, key keyup.Key) ([]byte, error)
- func (s *Saltpack) SignDetached(b []byte, key keyup.Key) ([]byte, error)
- func (s *Saltpack) Signcrypt(b []byte, sender keyup.Key, recipients ...keyup.PublicKey) ([]byte, error)
- func (s *Saltpack) SigncryptOpen(b []byte) ([]byte, keyup.ID, error)
- func (s *Saltpack) Verify(b []byte) ([]byte, keyup.ID, error)
- func (s *Saltpack) VerifyDetached(sig []byte, b []byte) (keyup.ID, error)
- type SignKey
- type SignPublicKey
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type BoxKey ¶
type BoxKey struct { ksaltpack.BoxSecretKey // contains filtered or unexported fields }
BoxKey is a wrapper for keyup.BoxKey to support a ksaltpack.BoxKey.
func (BoxKey) GetPublicKey ¶
func (k BoxKey) GetPublicKey() ksaltpack.BoxPublicKey
GetPublicKey (for ksaltpack.BoxSecretKey)
func (BoxKey) Precompute ¶
func (k BoxKey) Precompute(peer ksaltpack.BoxPublicKey) ksaltpack.BoxPrecomputedSharedKey
Precompute (for ksaltpack.BoxSecretKey)
type BoxPublicKey ¶
type BoxPublicKey struct { ksaltpack.BoxPublicKey // contains filtered or unexported fields }
BoxPublicKey is a wrapper for keyup.BoxPublicKey to support a ksaltpack.BoxPublicKey.
func NewBoxPublicKey ¶
func NewBoxPublicKey(id keyup.ID, pk keyup.BoxPublicKey) *BoxPublicKey
NewBoxPublicKey from byte array.
func (*BoxPublicKey) CreateEphemeralKey ¶
func (p *BoxPublicKey) CreateEphemeralKey() (ksaltpack.BoxSecretKey, error)
CreateEphemeralKey (for ksaltpack.BoxPublicKey)
func (*BoxPublicKey) HideIdentity ¶
func (p *BoxPublicKey) HideIdentity() bool
HideIdentity (for ksaltpack.BoxPublicKey)
func (*BoxPublicKey) ToKID ¶
func (p *BoxPublicKey) ToKID() []byte
ToKID (for ksaltpack.BoxPublicKey)
func (*BoxPublicKey) ToRawBoxKeyPointer ¶
func (p *BoxPublicKey) ToRawBoxKeyPointer() *ksaltpack.RawBoxKey
ToRawBoxKeyPointer (for ksaltpack.BoxPublicKey)
type ContextLogger ¶ added in v0.4.13
type ContextLogger interface { Debugf(ctx context.Context, format string, args ...interface{}) Infof(ctx context.Context, format string, args ...interface{}) Warningf(ctx context.Context, format string, args ...interface{}) Errorf(ctx context.Context, format string, args ...interface{}) }
ContextLogger interface used in this package with request context.
func NewContextLogger ¶ added in v0.4.13
func NewContextLogger(lev LogLevel) ContextLogger
NewContextLogger ...
type Logger ¶
type Logger interface { Debugf(format string, args ...interface{}) Infof(format string, args ...interface{}) Warningf(format string, args ...interface{}) Errorf(format string, args ...interface{}) }
Logger interface used in this package.
type Mode ¶ added in v0.4.13
type Mode string
Mode for encyption (signcrypt, encrypt)
const ( // SigncryptMode https://saltpack.org/signcryption-format. // Recipients can't forge the message (non-repudiability). SigncryptMode Mode = "signcrypt" // EncryptMode see https://saltpack.org/encryption-format-v2. // Recipients can forge the message (repudiability). EncryptMode Mode = "encrypt" )
type Saltpack ¶
type Saltpack struct {
// contains filtered or unexported fields
}
Saltpack provider.
func NewSaltpack ¶
NewSaltpack creates a new keyup.CryptoProvider using Saltpack. The default mode is Signcryption, see https://saltpack.org/signcryption-format.
Example ¶
package main import ( "bytes" "fmt" "io/ioutil" "log" "testing" "github.com/keyup-app/keyup" "github.com/keyup-app/keyup/keyring" "github.com/stretchr/testify/require" ) const aliceID = keyup.ID("ZoxBoAcN3zUr5A11Uyq1J6pscwKFo2oZSFbwfT7DztXg") const bobID = keyup.ID("6d35v6U3GfePrTjFwtak5yTUpkEyWA7tQQ2gDzZdX89x") const aliceSeed = "stairs portion summer trade mask nut ostrich hope subway gap daughter sword empty jungle comfort fiscal liberty stadium hint lonely tired found elegant clump" const bobSeed = "patient property kitten adapt lunar symptom flag system gun mandate high ice increase disorder party maze earth profit reward lift wool smile test economy" func testEncrypt(t *testing.T, mode Mode) { ksAlice := keyup.NewMemKeystore() alice, aliceErr := keyup.NewKeyFromSeedPhrase(aliceSeed, false) require.NoError(t, aliceErr) saveErr := ksAlice.SaveKey(alice, false) require.NoError(t, saveErr) spAlice := NewSaltpack(ksAlice) spAlice.SetMode(mode) ksBob := keyup.NewMemKeystore() spBob := NewSaltpack(ksBob) spBob.SetMode(mode) bob, bobErr := keyup.NewKeyFromSeedPhrase(bobSeed, false) require.NoError(t, bobErr) saveErr2 := ksBob.SaveKey(bob, false) require.NoError(t, saveErr2) message := []byte("hi bob") encrypted, sealErr := spAlice.Seal(message, alice, bob.PublicKey()) require.NoError(t, sealErr) out, sender, openErr := spBob.Open(encrypted) require.NoError(t, openErr) require.Equal(t, message, out) require.Equal(t, alice.ID(), sender) _, sealErr2 := spAlice.Seal(message, alice, nil) require.EqualError(t, sealErr2, "nil recipient") } func testEncryptStream(t *testing.T, mode Mode) { ksAlice := keyup.NewMemKeystore() alice, aliceErr := keyup.NewKeyFromSeedPhrase(aliceSeed, false) require.NoError(t, aliceErr) saveErr := ksAlice.SaveKey(alice, false) require.NoError(t, saveErr) spAlice := NewSaltpack(ksAlice) spAlice.SetMode(mode) ksBob := keyup.NewMemKeystore() spBob := NewSaltpack(ksBob) spBob.SetMode(mode) bob, bobErr := keyup.NewKeyFromSeedPhrase(bobSeed, false) require.NoError(t, bobErr) saveErr2 := ksBob.SaveKey(bob, false) require.NoError(t, saveErr2) message := []byte("hi bob") var buf bytes.Buffer encrypted, sealErr := spAlice.NewSealStream(&buf, alice, bob.PublicKey()) require.NoError(t, sealErr) n, writeErr := encrypted.Write(message) require.NoError(t, writeErr) require.Equal(t, len(message), n) encrypted.Close() stream, sender, streamErr := spBob.NewOpenStream(&buf) require.NoError(t, streamErr) require.Equal(t, alice.ID(), sender) out, readErr := ioutil.ReadAll(stream) require.NoError(t, readErr) require.Equal(t, message, out) } func testOpenError(t *testing.T, mode Mode) { ksAlice := keyup.NewMemKeystore() alice, aliceErr := keyup.NewKeyFromSeedPhrase(aliceSeed, false) require.NoError(t, aliceErr) saveErr := ksAlice.SaveKey(alice, false) require.NoError(t, saveErr) spAlice := NewSaltpack(ksAlice) spAlice.SetMode(mode) ksBob := keyup.NewMemKeystore() spBob := NewSaltpack(ksBob) spBob.SetMode(mode) encrypted, sealErr := spAlice.Seal([]byte("alice's message"), alice, alice.PublicKey()) require.NoError(t, sealErr) _, _, openErr := spBob.Open(encrypted) require.EqualError(t, openErr, "no decryption key found for message") } func main() { alice := keyup.GenerateKey() bob := keyup.GenerateKey() // Sigchain store scs := keyup.NewSigchainStore(keyup.NewMem()) // Alice's keystore, save alice's key ksa := keyup.NewKeystore() ksa.SetKeyring(keyring.NewMem()) ksa.SetSigchainStore(scs) if err := ksa.SaveKey(alice, true); err != nil { log.Fatal(err) } spa := NewSaltpack(ksa) msg := []byte("Hey bob, it's alice. The passcode is 12345.") // Alice encrypts encrypted, sealErr := spa.Seal(msg, alice, bob.PublicKey()) if sealErr != nil { log.Fatal(sealErr) } // Bob's keystore, save bob's key and alice's public key ksb := keyup.NewKeystore() ksb.SetKeyring(keyring.NewMem()) ksb.SetSigchainStore(scs) spb := NewSaltpack(ksb) if err := ksb.SaveKey(bob, true); err != nil { log.Fatal(err) } // Bob decrypts out, sender, openErr := spb.Open(encrypted) if openErr != nil { log.Fatal(openErr) } if sender != alice.ID() { log.Fatalf("Sender not alice") } fmt.Printf("%s\n", string(out)) }
Output: Hey bob, it's alice. The passcode is 12345.
func (*Saltpack) ArmorBrand ¶ added in v0.4.13
ArmorBrand ...
func (*Saltpack) CreateEphemeralKey ¶
func (s *Saltpack) CreateEphemeralKey() (ksaltpack.BoxSecretKey, error)
CreateEphemeralKey creates a random ephemeral key.
func (*Saltpack) Encrypt ¶ added in v0.4.13
func (s *Saltpack) Encrypt(b []byte, sender keyup.Key, recipients ...keyup.PublicKey) ([]byte, error)
Encrypt ...
func (*Saltpack) GetAllBoxSecretKeys ¶
func (s *Saltpack) GetAllBoxSecretKeys() []ksaltpack.BoxSecretKey
GetAllBoxSecretKeys returns all keys, needed if we want to support "hidden" receivers via trial and error.
func (*Saltpack) ImportBoxEphemeralKey ¶
func (s *Saltpack) ImportBoxEphemeralKey(kid []byte) ksaltpack.BoxPublicKey
ImportBoxEphemeralKey imports the ephemeral key into BoxPublicKey format. This key has never been seen before, so will be ephemeral.
func (*Saltpack) LookupBoxPublicKey ¶
func (s *Saltpack) LookupBoxPublicKey(kid []byte) ksaltpack.BoxPublicKey
LookupBoxPublicKey returns a public key given the specified key ID. For most cases, the key ID will be the key itself.
func (*Saltpack) LookupBoxSecretKey ¶
func (s *Saltpack) LookupBoxSecretKey(kids [][]byte) (int, ksaltpack.BoxSecretKey)
LookupBoxSecretKey looks in the Keyring for the secret key corresponding to one of the given Key IDs. Returns the index and the key on success, or -1 and nil on failure.
func (*Saltpack) LookupSigningPublicKey ¶
func (s *Saltpack) LookupSigningPublicKey(b []byte) ksaltpack.SigningPublicKey
LookupSigningPublicKey (for ksaltpack.SigKeyring)
func (*Saltpack) NewDecryptStream ¶ added in v0.4.13
NewDecryptStream ...
func (*Saltpack) NewEncryptStream ¶ added in v0.4.13
func (s *Saltpack) NewEncryptStream(w io.Writer, sender keyup.Key, recipients ...keyup.PublicKey) (io.WriteCloser, error)
NewEncryptStream ...
func (*Saltpack) NewOpenStream ¶
NewOpenStream returns a io.Reader capable of decrypting data.
func (*Saltpack) NewSealStream ¶
func (s *Saltpack) NewSealStream(w io.Writer, sender keyup.Key, recipients ...keyup.PublicKey) (io.WriteCloser, error)
NewSealStream returns an io.Writer capable of encrypting data.
func (*Saltpack) NewSignStream ¶
NewSignStream ...
func (*Saltpack) NewSigncryptOpenStream ¶ added in v0.4.13
NewSigncryptOpenStream ...
func (*Saltpack) NewSigncryptStream ¶ added in v0.4.13
func (s *Saltpack) NewSigncryptStream(w io.Writer, sender keyup.Key, recipients ...keyup.PublicKey) (io.WriteCloser, error)
NewSigncryptStream ...
func (*Saltpack) NewVerifyArmoredStream ¶
NewVerifyArmoredStream ...
func (*Saltpack) NewVerifyStream ¶
NewVerifyStream ...
func (*Saltpack) SetArmorBrand ¶
SetArmorBrand sets the armor brand (if armored).
func (*Saltpack) SetArmored ¶
SetArmored to set whether data is armored.
func (*Saltpack) SignDetached ¶
SignDetached (for keyup.CryptoProvider)
func (*Saltpack) Signcrypt ¶ added in v0.4.13
func (s *Saltpack) Signcrypt(b []byte, sender keyup.Key, recipients ...keyup.PublicKey) ([]byte, error)
Signcrypt ...
func (*Saltpack) SigncryptOpen ¶ added in v0.4.13
SigncryptOpen ...
type SignKey ¶
type SignKey struct { ksaltpack.SigningSecretKey // contains filtered or unexported fields }
SignKey is a wrapper for
func NewSignKey ¶
NewSignKey creates SigningSecretKey from a keyup.SignKey.
func (*SignKey) GetPublicKey ¶
func (k *SignKey) GetPublicKey() ksaltpack.SigningPublicKey
GetPublicKey (for ksaltpack.SigningSecretKey)
type SignPublicKey ¶
type SignPublicKey struct { ksaltpack.SigningPublicKey // contains filtered or unexported fields }
SignPublicKey is a wrapper for keyup.SignPublicKey.
func NewSignPublicKey ¶
func NewSignPublicKey(pk keyup.SignPublicKey) *SignPublicKey
NewSignPublicKey creates SignPublicKey for keyup.SignPublicKey.
func (SignPublicKey) ToKID ¶
func (k SignPublicKey) ToKID() []byte
ToKID (for ksaltpack.SigningPublicKey)