Package crypto provides all cryptographic operations needed in restic.
- func Decrypt(ks *Key, plaintext byte, ciphertextWithMac byte) (byte, error)
- func DecryptFrom(ks *Key, rd io.Reader) (io.ReadCloser, error)
- func Encrypt(ks *Key, ciphertext byte, plaintext byte) (byte, error)
- func EncryptTo(ks *Key, wr io.Writer) io.WriteCloser
- type EncryptionKey
- type Key
- type MACKey
const ( Extension = ivSize + macSize )
var ( // ErrUnauthenticated is returned when ciphertext verification has failed. ErrUnauthenticated = errors.New("ciphertext verification failed") // ErrBufferTooSmall is returned when the destination slice is too small // for the ciphertext. ErrBufferTooSmall = errors.New("destination buffer too small") )
ErrInvalidCiphertext is returned when trying to encrypt into the slice that holds the plaintext.
Decrypt verifies and decrypts the ciphertext. Ciphertext must be in the form IV || Ciphertext || MAC. plaintext and ciphertext may point to (exactly) the same slice.
func DecryptFrom ¶
DecryptFrom verifies and decrypts the ciphertext read from rd with ks and makes it available on the returned Reader. Ciphertext must be in the form IV || Ciphertext || MAC. In order to correctly verify the ciphertext, rd is drained, locally buffered and made available on the returned Reader afterwards. If a MAC verification failure is observed, it is returned immediately.
Encrypt encrypts and authenticates data. Stored in ciphertext is IV || Ciphertext || MAC. Encrypt returns the new ciphertext slice, which is extended when necessary. ciphertext and plaintext may not point to (exactly) the same slice or non-intersecting slices.
type EncryptionKey ¶
type EncryptionKey byte
Key holds encryption and message authentication keys for a repository. It is stored encrypted and authenticated as a JSON data structure in the Data field of the Key structure.
KDF derives encryption and message authentication keys from the password using the supplied parameters N, R and P and the Salt.
func NewRandomKey ¶
func NewRandomKey() *Key
NewRandomKey returns new encryption and message authentication keys.