streamcrypt

package
v0.0.0-...-cc8504f Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 13, 2026 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Overview

Package streamcrypt provides streaming symmetric encryption using XChaCha20 or AES256-CTR for encryption, SHAKE256 for message authentication, and Argon2 for key derivation.

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrBadChecksum = errors.New("bad checksum")
	ErrClosed      = errors.New("already closed")
)
View Source 
var (
	ErrUnsupportedMode        = errors.New("incorrect or unsupported encryption mode")
	ErrHeaderParamsOutOfRange = errors.New("header params out of range")
)

Functions

func Decrypt 

func Decrypt(ciphertext []byte, passFunc PasswordFunc, options ...Option) ([]byte, error)

func Encrypt 

func Encrypt(
	plaintext []byte,
	password []byte,
	options ...Option,
) []byte

Types

type Decryptor 

type Decryptor struct {
	// contains filtered or unexported fields
}

Decryptor is returned by NewDecryptor. See it's documentation for details.

Decryptor implements io.ReadCloser.

func NewDecryptor 

func NewDecryptor(
	src io.Reader,
	passFunc PasswordFunc,
	options ...Option,
) *Decryptor

NewDecryptor returns a Decryptor which is an io.ReadCloser that reads ciphertext from src and retrieves the plaintext.

The encryption password is retrieved using passFunc during the first read. The []byte that passFunc returns is zeroed after use, so return a copy of it if it's in use elsewhere.

The authentication of the ciphertext is checked upon reaching EOF or calling Decryptor.Close. Therefore, calling Close after reaching EOF is unnecessary.

After either reaching EOF or calling Close, calls to Read will result in an ErrClosed error, and calls to Close will be a no-op.

The following options can be used to configure the decryption behavior:

func (*Decryptor) Close 

func (d *Decryptor) Close() error

func (*Decryptor) Read 

func (d *Decryptor) Read(b []byte) (int, error)

type Encryptor 

type Encryptor struct {
	// contains filtered or unexported fields
}

Encryptor is returned by NewEncryptor. See it's documentation for details.

Encryptor implements io.WriteCloser.

func NewEncryptor 

func NewEncryptor(
	dest io.Writer,
	password []byte,
	options ...Option,
) *Encryptor

NewEncryptor returns an Encryptor which is an io.WriteCloser that encrypts plaintext and writes the ciphertext to dest.

Encryptor.Close must be called after all writes are concluded in order to write the authentication bytes to dest.

The password is not retained by this function.

The following options can be used to configure the encryption behavior:

func (*Encryptor) Close 

func (e *Encryptor) Close() error

func (*Encryptor) Write 

func (e *Encryptor) Write(plaintext []byte) (int, error)

type Mode 

type Mode uint8
const (

	////
	ModeXChaCha20 Mode
	ModeAES256CTR
)

func (Mode) String 

func (m Mode) String() string

type Option 

type Option func(*config)

func WithArgonMemory 

func WithArgonMemory(mem uint32) Option

func WithArgonMemoryMax 

func WithArgonMemoryMax(mem uint32) Option

func WithArgonThreads 

func WithArgonThreads(n uint8) Option

func WithArgonThreadsMax 

func WithArgonThreadsMax(n uint8) Option

func WithArgonTime 

func WithArgonTime(time uint32) Option

func WithArgonTimeMax 

func WithArgonTimeMax(time uint32) Option

func WithMode 

func WithMode(mode Mode) Option

type PasswordFunc 

type PasswordFunc func() ([]byte, error)

PasswordFunc is used by NewDecryptor. See it's documentation for details.

The returned []byte is zeroed after use, so return a copy of it if it's in use elsewhere.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.