crypto

package

v0.17.0 Latest Latest Go to latest Published: Apr 16, 2024 License: Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kopia/kopia

Links

Open Source Insights

Documentation ¶

Overview ¶

Package crypto implements common symmetric-encryption and key-derivation functions.

Index ¶

Constants
func AllowedKeyDerivationAlgorithms() []string
func DecryptAes256Gcm(data, masterKey, salt []byte) ([]byte, error)
func DeriveKeyFromMasterKey(masterKey, salt, purpose []byte, length int) []byte
func DeriveKeyFromPassword(password string, salt []byte, algorithm string) ([]byte, error)
func EncryptAes256Gcm(data, masterKey, salt []byte) ([]byte, error)
func RecommendedSaltLength(algorithm string) (int, error)
func RegisterKeyDerivers(name string, keyDeriver KeyDeriver)
type KeyDeriver

Constants ¶

View Source

const (

	// ScryptAlgorithm is the key for the scrypt algorithm.
	ScryptAlgorithm = "scrypt-65536-8-1"

	// Legacy hash version salt length.
	V1SaltLength = 32

	// Legacy hash version system translates to KeyDerivationAlgorithm.
	HashVersion1 = 1 // this translates to Scrypt KeyDerivationAlgorithm

)

The recommended minimum size for a salt to be used for scrypt. Currently set to 16 bytes (128 bits).

TBD: A good rule of thumb is to use a salt that is the same size as the output of the hash function. For example, the output of SHA256 is 256 bits (32 bytes), so the salt should be at least 32 random bytes. Scrypt uses a SHA256 hash function. https://crackstation.net/hashing-security.htm

View Source

const DefaultKeyDerivationAlgorithm = ScryptAlgorithm

DefaultKeyDerivationAlgorithm is the key derivation algorithm for new configurations.

View Source

const (
	// MasterKeyLength describes the length of the master key.
	MasterKeyLength = 32
)

View Source

const (

	// Pbkdf2Algorithm is the key for the pbkdf algorithm.
	Pbkdf2Algorithm = "pbkdf2"
)

Variables ¶

This section is empty.

Functions ¶

func AllowedKeyDerivationAlgorithms ¶ added in v0.17.0

func AllowedKeyDerivationAlgorithms() []string

AllowedKeyDerivationAlgorithms returns a slice of the allowed key derivation algorithms.

func DecryptAes256Gcm ¶

func DecryptAes256Gcm(data, masterKey, salt []byte) ([]byte, error)

DecryptAes256Gcm encrypts data with AES 256 GCM.

func DeriveKeyFromMasterKey ¶

func DeriveKeyFromMasterKey(masterKey, salt, purpose []byte, length int) []byte

DeriveKeyFromMasterKey computes a key for a specific purpose and length using HKDF based on the master key.

func DeriveKeyFromPassword ¶

func DeriveKeyFromPassword(password string, salt []byte, algorithm string) ([]byte, error)

DeriveKeyFromPassword derives encryption key using the provided password and per-repository unique ID.

func EncryptAes256Gcm ¶

func EncryptAes256Gcm(data, masterKey, salt []byte) ([]byte, error)

EncryptAes256Gcm encrypts data with AES 256 GCM.

func RecommendedSaltLength ¶ added in v0.17.0

func RecommendedSaltLength(algorithm string) (int, error)

RecommendedSaltLength returns the recommended salt length of a given key derivation algorithm.

func RegisterKeyDerivers ¶ added in v0.17.0

func RegisterKeyDerivers(name string, keyDeriver KeyDeriver)

RegisterKeyDerivers registers various key derivation functions.

Types ¶

type KeyDeriver ¶ added in v0.17.0

type KeyDeriver interface {
	DeriveKeyFromPassword(password string, salt []byte) ([]byte, error)
	RecommendedSaltLength() int
}

KeyDeriver is an interface that contains methods for deriving a key from a password.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL