crypt

package
v0.1.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 24, 2026 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DEKSize   = 32 // AES-256
	KEKSize   = 32 // AES-256
	SaltSize  = 16
	PBKDFIter = 100000
)

Variables

This section is empty.

Functions

func ChangePassword 

func ChangePassword(pkmDir, username, oldPassword, newPassword string) error

ChangePassword updates user's password

func DecodeFromStorage 

func DecodeFromStorage(saltB64, nonceB64, encryptedB64 string) (salt, nonce, encrypted []byte, err error)

DecodeFromStorage decodes base64 values back to bytes

func EncodeForStorage 

func EncodeForStorage(salt, nonce, encrypted []byte) (saltB64, nonceB64, encryptedB64 string)

EncodeForStorage encodes salt/nonce/encrypted values to base64

func ExportUser added in v0.1.2 

func ExportUser(pkmDir, username, password string) error

Export user profile from the current host

func ImportUser added in v0.1.2 

func ImportUser(pkmDir, userData string) error

Import user profile to the current host

func InitUser 

func InitUser(pkmDir, username, password string) error

func PromptPassword 

func PromptPassword(prompt string) (string, error)

PromptPassword asks user for password without echoing

func PromptPasswordConfirm 

func PromptPasswordConfirm(prompt string) (string, error)

PromptPasswordConfirm asks twice and verifies they match

func WriteCryptFile 

func WriteCryptFile(cryptPath string, cf *CryptFile) error

WriteCryptFile writes CryptFile to disk

Types

type CryptEntry 

type CryptEntry struct {
	Username     string `json:"username"`
	Salt         string `json:"salt"`          // base64 encoded
	Nonce        string `json:"nonce"`         // base64 encoded
	EncryptedDEK string `json:"encrypted_dek"` // base64 encoded
}

type CryptFile 

type CryptFile struct {
	Version int          `json:"version"`
	Entries []CryptEntry `json:"entries"`
}

func ReadCryptFile 

func ReadCryptFile(cryptPath string) (*CryptFile, error)

ReadCryptFile reads .crypt file or returns empty CryptFile if not exists

func (*CryptFile) AddOrUpdateEntry 

func (cf *CryptFile) AddOrUpdateEntry(entry CryptEntry)

AddOrUpdateEntry adds or updates user entry

func (*CryptFile) FindEntry 

func (cf *CryptFile) FindEntry(username string) *CryptEntry

FindEntry finds user entry in CryptFile

type KeyProvider 

type KeyProvider struct {
	// contains filtered or unexported fields
}

func NewKeyProvider 

func NewKeyProvider(pkmDir string, username string, password string) (*KeyProvider, error)

NewKeyProvider returns a provider

func (*KeyProvider) DEK 

func (kp *KeyProvider) DEK() []byte

DEK returns the data encryption key

func (*KeyProvider) Decrypt 

func (kp *KeyProvider) Decrypt(ciphertext []byte) ([]byte, error)

Decrypt decrypts ciphertext with session DEK

func (*KeyProvider) Encrypt 

func (kp *KeyProvider) Encrypt(plaintext []byte) ([]byte, error)

Encrypt encrypts plaintext with session DEK

func (*KeyProvider) GetDEK 

func (kp *KeyProvider) GetDEK() []byte

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.