Documentation ¶
Overview ¶
keysmanager stores secret keys encrypted with a password. It creates its own directory with the 3 different files that it needs
keys: the keys encrypted with scrypt(userPassword, saltK). userPassword is the same for every different key, it's just the salt that changes salts: the salts, stored in clear text passwordhash: contains the password hash. It's just a utility to be able to tell whether the user gave the right password when he tries to log in. It doesn't make the system any more secure (we could let the user go through, and he would just wrongly decrypt the keys)
Index ¶
- Variables
- type Keys
- type KeysManager
- func (km *KeysManager) ChangePassword(newpassword []byte) error
- func (km *KeysManager) HasSignedUp() bool
- func (km *KeysManager) LoadKeys() (Keys, error)
- func (km *KeysManager) Login(password []byte) error
- func (km *KeysManager) RemovePrivroot() error
- func (km *KeysManager) SignUp(password []byte) error
- type SM
Constants ¶
This section is empty.
Variables ¶
var ErrAlreadyLoaded = errors.New("already loaded")
ErrAlreadyLoaded is a multi purpose tagging error used to indicate when an action that should have been done only once was executed mulitple times. For example, you will get this error if you try to login or load keys more than once for example
var ErrNoSaltsFile = fmt.Errorf("no salts file (%w)", ErrPrivCorrupted)
ErrNoSaltsFile is returned when the salt file isn't found in the private directory
var ErrNotLoggedIn = errors.New("please login first")
ErrNotLoggedIn is returned when an action requires login in
var ErrPrivCorrupted = errors.New("priv directory corrupted")
ErrPrivCorrupted is tag error which indicates that the priv directory isn't right (missing file, altered keys, etc...)
var ErrWrongPassword = errors.New("wrong password")
ErrWrongPassword is returned when the hash store hashpasswordfile doesn't match with the hash of the typed password. See Login function
Functions ¶
This section is empty.
Types ¶
type Keys ¶
type Keys struct {
Encryption, MAC []byte
}
Keys contains the *decrypted* keys
type KeysManager ¶
type KeysManager struct {
// contains filtered or unexported fields
}
KeysManager loads the different keys from a file (keysfile) and decrypts them using the password. It can also generate new keys in place of the old ones
func NewKeysManager ¶
func NewKeysManager(privroot string) *KeysManager
NewKeysManager create a new KeysManager with some sane default
func (*KeysManager) ChangePassword ¶
func (km *KeysManager) ChangePassword(newpassword []byte) error
ChangePassword changes the user's password. Note that the user must already be logged in. If it isn't case, use set password
func (*KeysManager) HasSignedUp ¶
func (km *KeysManager) HasSignedUp() bool
HasSignedUp returns true of the privroot directory exists, even if we can't read from it. That's because if the user doesn't have the permission for example, he won't be able to create his priv directory by signing up. So, we let .Login report the error, because it will know best what to do based (whereas this function is just general-purposed)
func (*KeysManager) LoadKeys ¶
func (km *KeysManager) LoadKeys() (Keys, error)
LoadKeys loads the keys from the keys file. Errors: ErrPrivCorrupted, ErrNotLoggedIn
FIXME: do something so that we ensure that we only load the keys once
func (*KeysManager) Login ¶
func (km *KeysManager) Login(password []byte) error
Login creates the block cipher from the password, which will then be used to decrypt the keys from the file. It can return ErrAlreadyLoaded (already logged in), ErrPrivCorrupted, ErrWrongPassword or err (internal error)
func (*KeysManager) RemovePrivroot ¶
func (km *KeysManager) RemovePrivroot() error
RemovePrivroot removes permanantely the private folder. If you run that, you loose your keys (ie. you won't be able to decrypt your files anymore)
func (*KeysManager) SignUp ¶
func (km *KeysManager) SignUp(password []byte) error
SignUp makes the priv directory, creates the salts, password hash file and generates new keys. Returns ErrAlreadyLoaded (already signed up), err
type SM ¶
type SM struct {
// contains filtered or unexported fields
}
func NewSaltsManager ¶
NewSaltsManager will store in clear n salts of length size byte in file
func (*SM) GenerateNew ¶
GenerateNew will generate some new salts (in place of the current ones if they do exist)