README
¶
SEAM - Simple Encrypted Authenticated Messaging
⚠️ WARNING: THIS IS ALPHA SOFTWARE AND HAS NOT BEEN AUDITED. USE AT YOUR OWN RISK. ⚠️
The SEAM library implements a small encoding standard for exchanging messages signed and encrypted with TweetNaCl (and compatible) constructions: sign, box, and secretbox.
SEAM is designed to enable two messaging modes.
- In direct message (or "DM") mode, messages are encrypted with the
boxconstruction (x25519-xsalsa20-poly1305) using the recipient's public key and an ephemeral private key (the "transit" key).
{
"mode": "direct",
"body": "(base64-encoded encrypted bytes)",
"destination": "(opaque string)",
"nonce": "(base64-encoded nonce bytes)",
"timestamp": 2234567890,
"transitIdentity": "(base64-encoded X25519 public key)"
}
- In shared message (or "thread") mode, messages are encrypted with the
secretboxconstruction (xsalsa20-poly1305) using a shared key.
{
"mode": "shared",
"body": "(base64-encoded encrypted bytes)",
"destination": "(opaque string)",
"nonce": "(base64-encoded nonce bytes)",
"timestamp": 2234567890
}
All messages are encoded as JSON, digested with SHA512, signed with the sign construction (ed25519), and wrapped in an envelope with the signing user's public key.
{
"author": "(base64-encoded ed25519 public key)",
"message": "(message JSON)",
"signature": "(base64-encoded ed25519 signature of SHA-512 hash of message JSON)"
}
See GoDoc for full usage.
License
Released under The MIT License (see LICENSE.txt).
Copyright 2020 Duncan Smith
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type DMIdentity32 ¶
type DMIdentity32 [32]byte
DMIdentity32 is a 32-byte public key used to encrypt direct messages
type DMKeyPair ¶
type DMKeyPair struct {
PrivateKey *DMSecret32 `json:"privateKey,omitempty"`
PublicKey *DMIdentity32 `json:"publicKey,omitempty"`
}
DMKeyPair is a SharedSecret32 paired with its derived DMIdentity32
type DMSecret32 ¶
type DMSecret32 [32]byte
DMSecret32 is a 32-byte secret key used to decrypt direct messages
type DirectMessage32 ¶
type DirectMessage32 struct {
Body []byte `json:"body"`
Destination string `json:"destination"`
Mode string `json:"mode"`
Nonce24 []byte `json:"nonce"`
Timestamp `json:"timestamp"`
TransitIdentity []byte `json:"transitIdentity"`
}
DirectMessage32 represents a message intended for recipients with access to the secret. The body may contain anything and is usually encrypted, but if not the Nonce24 will be all zero bytes.
func NewDirectMessage32 ¶
func NewDirectMessage32(timestamp time.Time, dest string) *DirectMessage32
NewDirectMessage32 returns a DirectMessage32 with the given properties
func (*DirectMessage32) Canonical ¶
func (m *DirectMessage32) Canonical() ([]byte, error)
Canonical returns canonical encoding of the message
func (*DirectMessage32) Open ¶
func (m *DirectMessage32) Open(recipientDMSecret *DMSecret32) ([]byte, error)
Open implements Message using the `box` construction
func (*DirectMessage32) WriteBody ¶
func (m *DirectMessage32) WriteBody(bz []byte, recipientDMIdentity *DMIdentity32, transitKeyPair *DMKeyPair) error
WriteBody encrypts the given bytes using the `box` construction, then attaches the cyphertext and nonce to the Message
type Envelope ¶
type Envelope struct {
Identity32 `json:"-"`
Signature64 `json:"-"`
Message []byte `json:"message"`
IdentityBase64 []byte `json:"author"`
SignatureBase64 []byte `json:"signature"`
}
Envelope is a public key and signature wrapping a blob of bytes
func DirectMessageEnvelope ¶
func DirectMessageEnvelope(body []byte, destination string, ikp *IdentityKeyPair, transitKeyPair *DMKeyPair, recipient *DMIdentity32) (*Envelope, error)
DirectMessageEnvelope takes a body, signing identity, and secret, and returns an Envelope ready to send
func NewEnvelope ¶
NewEnvelope returns an unsigned envelope for the given bytes
func SharedMessageEnvelope ¶
func SharedMessageEnvelope(body []byte, destination string, ikp *IdentityKeyPair, secret *SharedSecret32) (*Envelope, error)
SharedMessageEnvelope takes a body, signing identity, and secret, and returns an Envelope ready to send
func (*Envelope) Sign ¶
func (e *Envelope) Sign(ikp *IdentityKeyPair)
Sign signs the message with the given identity key pair and attaches the author and signature to the Envelope
func (*Envelope) Verify ¶
func (e *Envelope) Verify(ikp *IdentityKeyPair) error
Verify checks the signature against the contents of the envelope
type Identity32 ¶
type Identity32 [32]byte
Identity32 is a 32-byte public key that represents a cryptographic identity
type IdentityKeyPair ¶
type IdentityKeyPair struct {
PrivateKey *SigningSecret64 `json:"privateKey,omitempty"`
PublicKey *Identity32 `json:"publicKey,omitempty"`
}
IdentityKeyPair is a SigningSecret64 paired with its derived Identity32
type SharedMessage32 ¶
type SharedMessage32 struct {
}
SharedMessage32 represents a Message32 intended for recipients with access to a shared secret. The body may contain anything and is usually encrypted, but if not the EncryptionNonce will be all zero bytes.
func NewSharedMessage32 ¶
func NewSharedMessage32(timestamp time.Time, dest string) *SharedMessage32
NewSharedMessage32 returns a SharedMessage32 with the given properties
func (*SharedMessage32) Canonical ¶
func (m *SharedMessage32) Canonical() ([]byte, error)
Canonical returns the canonical encoding of the message
func (*SharedMessage32) Open ¶
func (m *SharedMessage32) Open(secret *SharedSecret32) ([]byte, error)
Open implements Message using the `secretbox` construction
func (*SharedMessage32) WriteBody ¶
func (m *SharedMessage32) WriteBody(bz []byte, secret *SharedSecret32) error
WriteBody encrypts the given bytes, then attaches the cyphertext and nonce to the Message
type SharedSecret32 ¶
type SharedSecret32 [32]byte
SharedSecret32 is a 32-byte secret key used for encryption
type SigningSecret64 ¶
type SigningSecret64 [64]byte
SigningSecret64 is a 64-byte secret key that is used to assume a cryptographic identity
Source Files