Documentation
¶
Index ¶
- func Decrypt(data []byte, identity age.Identity) ([]byte, error)
- func Encrypt(data []byte, recipient age.Recipient) ([]byte, error)
- func GenerateIdentity() (*age.X25519Identity, error)
- func LoadIdentity(keyPath string) (id *age.X25519Identity, warnCount int, err error)
- func SaveIdentity(keyPath string, identity *age.X25519Identity) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GenerateIdentity ¶
func GenerateIdentity() (*age.X25519Identity, error)
GenerateIdentity creates a new age X25519 identity (keypair).
func LoadIdentity ¶
func LoadIdentity(keyPath string) (id *age.X25519Identity, warnCount int, err error)
LoadIdentity reads an age identity from the given key file path. The file should contain a Bech32-encoded age secret key line.
The key file must not grant any permission bits to group or other — concretely, the check is `mode & 0o077 == 0`. Modes 0400, 0500, 0600 (which SaveIdentity itself writes), and 0700 are accepted; stricter modes just remove access lsm doesn't need. Group/other-readable modes (0640, 0644, 0660, etc.) are rejected rather than loaded, because a private key readable by other users is a key disclosure waiting to happen and that must be corrected explicitly, not used silently.
If the file holds more than one identity, the first is used and the extra count is returned via warnCount so callers can surface a warning (the crypto package is a library and does not write to stderr itself). warnCount is the number of additional identities beyond the first; it is 0 in the normal single-identity case.
func SaveIdentity ¶
func SaveIdentity(keyPath string, identity *age.X25519Identity) error
SaveIdentity writes an age identity to the given path with a comment header.
Types ¶
This section is empty.