README
¶
Go Delphi
Delphi is a package that provides secure, efficient cryptographic operations with a few nice features:
- perfect forward secrecy is provided using X25519 key exchange and ephemeral keys
- all keys are the same length (public, private, encryption, decryption) (32 bytes)
- ed25519 for signatures and verification
- a nice sensible API
Getting Started
$ go get github.com/sean9999/go-delphi@latest
import (
"crypto/rand"
"testing"
"github.com/sean9999/go-delphi"
"github.com/stretchr/testify/assert"
)
func TestExample(t *testing.T) {
// some plain text
sentence := []byte("hello world")
// create two principals
alice := delphi.NewPrincipal(rand.Reader)
bob := delphi.NewPrincipal(rand.Reader)
// create a message for bob, from alice
msg := delphi.NewMessage(rand.Reader, sentence)
msg.Sender = alice.PublicKey()
msg.Recipient = bob.PublicKey()
// add some metadata (this becomes AAD)
msg.Headers.Set("foo", []byte("bar"))
msg.Headers.Set("bing", []byte("bat"))
// encrypt message
err := msg.Encrypt(rand.Reader, alice, nil)
assert.NoError(t, err)
// decrpyt message
err = bob.Decrypt(msg, nil)
assert.NoError(t, err)
// is decrypted text same as plain text?
assert.Equal(t, sentence, msg.PlainText)
// has the metadata survived?
foo, ok := msg.Headers.Get("foo")
assert.True(t, ok)
assert.Equal(t, []byte("bar"), foo)
}
Documentation
¶
Overview ¶
Example ¶
// some plain text
sentence := []byte("hello world")
// create two principals
alice := delphi.NewPrincipal(rand.Reader)
bob := delphi.NewPrincipal(rand.Reader)
// create a message for bob, from alice
msg := delphi.ComposeMessage(rand.Reader, delphi.PlainMessage, sentence)
msg.SenderKey = alice.PublicKey()
// add some metadata (this becomes AAD)
msg.Headers["foo"] = "bar"
msg.Headers["bing"] = "bat"
// encrypt message
err := msg.Encrypt(rand.Reader, alice, bob.PublicKey(), nil)
fmt.Println("should be nil", err)
// decrpyt message
err = bob.Decrypt(msg, nil)
fmt.Println("should be nil", err)
// is decrypted text same as plain text?
diff := slices.Compare(sentence, msg.PlainText)
fmt.Println("should be 0", diff)
// has the metadata survived?
foo, ok := msg.Headers["foo"]
fmt.Println("should be true", ok)
fmt.Println(foo)
Output: should be nil <nil> should be nil <nil> should be 0 0 should be true true bar
Index ¶
- Constants
- Variables
- func NewSubKey(randy io.Reader) subKey
- type Certifier
- type Cipherer
- type CryptOpts
- type Decrypter
- type Encrypter
- type EncrypterOpts
- type KV
- type Key
- func (k Key) Bytes() []byte
- func (k Key) Encryption() subKey
- func (k Key) Equal(j Key) bool
- func (k Key) From(b []byte) Key
- func (k Key) IsZero() bool
- func (k Key) MarshalBinary() ([]byte, error)
- func (k Key) MarshalJSON() ([]byte, error)
- func (k Key) MarshalText() ([]byte, error)
- func (k Key) Signing() subKey
- func (k Key) ToHex() string
- func (k Key) ToInt64() int64
- func (k *Key) UnmarshalBinary(b []byte) error
- func (k *Key) UnmarshalJSON(b []byte) error
- type KeyPair
- type Message
- func (msg *Message) Digest() ([]byte, error)
- func (msg *Message) Encrypt(randy io.Reader, encrypter Encrypter, recipient Peer, opts EncrypterOpts) error
- func (msg *Message) Encrypted() bool
- func (msg *Message) Ephemeral() crypto.PublicKey
- func (msg *Message) FromPEM(p pem.Block) error
- func (msg *Message) Plain() bool
- func (msg *Message) Read(b []byte) (int, error)
- func (msg *Message) RecipientEncryption() crypto.PublicKey
- func (msg *Message) Sender() crypto.PublicKey
- func (msg *Message) Sign(randy io.Reader, signer crypto.Signer) error
- func (msg *Message) Signatory() crypto.PublicKey
- func (msg *Message) String() string
- func (msg *Message) ToPEM() pem.Block
- func (msg *Message) Valid() bool
- func (msg *Message) Verify() bool
- func (msg *Message) Write(b []byte) (int, error)
- type Nonce
- type Peer
- type Principal
- func (p Principal) Assert(randy io.Reader) (*Message, error)
- func (p Principal) ComposeMessage(randy io.Reader, body []byte) *Message
- func (p Principal) Decrypt(msg *Message, _ crypto.DecrypterOpts) error
- func (p Principal) Encrypt(randy io.Reader, msg *Message, recipient Key, _ any) error
- func (p Principal) Equal(p2 crypto.PublicKey) bool
- func (Principal) From(b []byte) (Principal, error)
- func (p Principal) MarshalBinary() ([]byte, error)
- func (p Principal) MarshalPEM() (pem.Block, error)
- func (p Principal) Nickname() string
- func (p Principal) PrivateKey() Key
- func (p Principal) Public() crypto.PublicKey
- func (p Principal) PublicKey() Key
- func (p Principal) Sign(_ io.Reader, digest []byte, _ crypto.SignerOpts) ([]byte, error)
- func (p *Principal) UnmarshalBinary(b []byte) error
- func (p *Principal) UnmarshalPEM(b pem.Block) error
- func (p Principal) Verify(delphiPubKey crypto.PublicKey, digest []byte, sig []byte) bool
- type Subject
- type Verifier
Examples ¶
Constants ¶
View Source
const GLOBAL_SALT = "oracle/v1"
View Source
const Keyspace = "delphi"
the prefix for header keys
View Source
const NonceSize = chacha20poly1305.NonceSize
View Source
const SubKeySize = 32
View Source
const Version = "v1"
Variables ¶
View Source
var ErrBadKey = errors.New("bad key")
View Source
var ErrDecryptionFailed = errors.New("decryption failed")
View Source
var ErrDelphi = errors.New("delphi")
View Source
var ErrEncryptionFailed = errors.New("encryption failed")
View Source
var ErrInvalidMsg = pear.Defer("invalid message")
View Source
var ErrNoEphemeralKey = errors.New("no ephemeral key")
View Source
var ErrNoMsg = pear.Defer("no message")
View Source
var ErrNoNonce = pear.Defer("zero value nonce")
View Source
var ErrNoSender = pear.Defer("no sender")
View Source
var ErrNoSign = pear.Defer("could not sign message")
View Source
var ErrNoValid = pear.Defer("no valid signature")
View Source
var ErrNotImplemented = errors.New("not implemented")
View Source
var UniversalNonce []byte = make([]byte, chacha20poly1305.NonceSize)
Functions ¶
Types ¶
type Certifier ¶
type Certifier interface {
crypto.PrivateKey
crypto.Signer
Verifier
}
a Certifier can produce and verify signatures
type Cipherer ¶
type Cipherer interface {
crypto.PrivateKey
Encrypter
Decrypter
}
a Cipherer can encrypt and decrypt a Message
type Decrypter ¶ added in v0.0.4
type Decrypter interface {
Decrypt(*Message, crypto.DecrypterOpts) error
}
type EncrypterOpts ¶ added in v0.0.4
type EncrypterOpts = any
type KV ¶ added in v0.1.1
a KV is a simple map with some super powers useful to us
func (KV) LexicalOrder ¶ added in v0.2.0
LexicolOrder ranges through a KV in lexical order
func (KV) MarshalBinary ¶ added in v0.2.0
func (*KV) UnmarshalBinary ¶ added in v0.2.0
type Key ¶ added in v0.0.5
type Key [2]subKey
a Key is two (specifically one encryption and one signing) keys
func KeyFromBytes ¶ added in v0.0.3
func KeyFromHex ¶ added in v0.0.5
func (Key) Encryption ¶ added in v0.0.5
func (k Key) Encryption() subKey
func (Key) MarshalBinary ¶ added in v0.3.16
func (Key) MarshalJSON ¶ added in v0.3.16
func (Key) MarshalText ¶ added in v0.1.1
func (*Key) UnmarshalBinary ¶ added in v0.3.16
func (*Key) UnmarshalJSON ¶ added in v0.2.0
type KeyPair ¶ added in v0.0.5
type KeyPair [2]Key
a KeyPair is two [Key]s. One public, one private
func NewKeyPair ¶ added in v0.0.4
NewKeyPair generates valid ed25519 and X25519 keys
type Message ¶
type Message struct {
Subject Subject `msgpack:"subj" json:"subj"`
RecipientKey Key `msgpack:"to" json:"to"`
SenderKey Key `msgpack:"from" json:"from"`
Headers KV `msgpack:"hdrs" json:"hdrs"` // additional authenticated data (AAD)
Eph []byte `msgpack:"eph" json:"eph"`
Nonce Nonce `msgpack:"nonce" json:"nonce"`
CipherText []byte `msgpack:"ciph" json:"ciph"`
PlainText []byte `msgpack:"plain" json:"plain"`
Sig []byte `msgpack:"sig" json:"sig"`
// contains filtered or unexported fields
}
a Message is a message that represents either plain text or cipher text, encapsulating all data and metadata necessary to perform cryptographic operations.
func ComposeMessage ¶ added in v0.3.16
ComposeMessage creates a new Message. If you pass in a source of randomness, it will have a Nonce.
func NewMessage ¶
func NewMessage() *Message
func (*Message) Digest ¶ added in v0.0.3
Digest returns a hash of the Message fields which should be hashed.
func (*Message) Encrypt ¶
func (msg *Message) Encrypt(randy io.Reader, encrypter Encrypter, recipient Peer, opts EncrypterOpts) error
Encrypt encrypts a message to a Peer
func (*Message) RecipientEncryption ¶ added in v0.1.1
RecipientEncryption() returns the recipient as a public encryption key (ECDH)
func (*Message) Sender ¶ added in v0.0.5
Sender() returns the sender as a public encryption key (ECDH)
func (*Message) Signatory ¶ added in v0.0.4
Signatory() returns the public signing key of the sender (X25519)
type Nonce ¶ added in v0.0.3
A Nonce is a random value with a reasonably high chance of being globally unqiue.
func NonceFromBytes ¶ added in v0.3.0
type Peer ¶ added in v0.3.0
type Peer = Key
A Peer is the public portion of a Principal, which is a public-private key pair.
type Principal ¶
type Principal = KeyPair
A Principal contains cryptographic key material and can sign, verify, encrypt, and decrypt [Message]s.
func NewPrincipal ¶
NewPrincipal creates a new Principal
func (Principal) ComposeMessage ¶ added in v0.3.0
func (Principal) Decrypt ¶ added in v0.0.5
func (p Principal) Decrypt(msg *Message, _ crypto.DecrypterOpts) error
Decrypt decrypts a Message
func (Principal) MarshalBinary ¶ added in v0.0.5
func (Principal) Nickname ¶ added in v0.3.0
A Nickname is a very memorable string for humans only. It has weak uniqueness that is good enough for some uses.
func (Principal) PrivateKey ¶ added in v0.0.5
func (*Principal) UnmarshalBinary ¶ added in v0.0.5
func (*Principal) UnmarshalPEM ¶ added in v0.3.0
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.