Documentation
¶
Index ¶
- func Decrypt(ciphertext []byte, passphrase string) ([]byte, error)
- func DerivePassphrase(passphrase string, keyfileContent []byte) (string, error)
- func Encrypt(plaintext []byte, passphrase string) ([]byte, error)
- func KeyfileFingerprint(content []byte) string
- func ReadPassphrase(prompt string) (string, error)
- func ReadPassphraseConfirm(prompt ...string) (string, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DerivePassphrase ¶
DerivePassphrase combines a passphrase with keyfile content using HKDF-SHA256, returning a hex-encoded 32-byte derived key suitable for use as an age passphrase.
func KeyfileFingerprint ¶
KeyfileFingerprint returns the SHA-256 fingerprint of keyfile content.
func ReadPassphrase ¶
ReadPassphrase prompts the user and reads a passphrase with echo disabled. When stdin is not a terminal (e.g. piped input), the passphrase is read from /dev/tty instead, matching the behavior of GPG and SSH.
func ReadPassphraseConfirm ¶
ReadPassphraseConfirm prompts for a passphrase twice and verifies they match. An optional prompt can be provided for the first prompt; defaults to "Enter passphrase: ".
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.