README
¶
Cryptography
Wrappers around Go cryptographic functions, you should avoid using any cryptographic primitives that are not from this package.
Documentation
¶
Index ¶
- Constants
- Variables
- func AgeDecrypt(recipientPrivateKey string, ciphertext []byte) ([]byte, error)
- func AgeEncrypt(recipientPublicKey string, plaintext []byte) ([]byte, error)
- func AgeKeyExFromImplant(serverPrivateKey string, implantPrivateKey string, ciphertext []byte) ([]byte, error)
- func Decrypt(key [chacha20poly1305.KeySize]byte, ciphertext []byte) ([]byte, error)
- func Encrypt(key [chacha20poly1305.KeySize]byte, plaintext []byte) ([]byte, error)
- func KeyFromBytes(data []byte) ([chacha20poly1305.KeySize]byte, error)
- func MinisignServerPrivateKey() *minisign.PrivateKey
- func MinisignServerPublicKey() string
- func MinisignServerSign(message []byte) string
- func RandomKey() [chacha20poly1305.KeySize]byte
- func TOTPOptions() totp.ValidateOpts
- func TOTPServerSecret() (string, error)
- func ValidateTOTP(code string) (bool, error)
- type AgeKeyPair
- type CipherContext
Constants ¶
const ( // TOTPDigits - Number of digits in the TOTP TOTPDigits = 8 TOTPPeriod = uint(30) TOTPSecretKey = "server.totp" ServerECCKeyPairKey = "server.ecc" )
Variables ¶
Functions ¶
func AgeDecrypt ¶
AgeDecrypt - Decrypt using Curve 25519 + ChaCha20Poly1305
func AgeEncrypt ¶
AgeEncrypt - Encrypt using Nacl Box
func AgeKeyExFromImplant ¶
func AgeKeyExFromImplant(serverPrivateKey string, implantPrivateKey string, ciphertext []byte) ([]byte, error)
AgeKeyPairFromImplant - Decrypt the session key from an implant
func Decrypt ¶
Decrypt - Decrypt using chacha20poly1305 https://pkg.go.dev/golang.org/x/crypto/chacha20poly1305
func Encrypt ¶
Encrypt - Encrypt using chacha20poly1305 https://pkg.go.dev/golang.org/x/crypto/chacha20poly1305
func KeyFromBytes ¶
func KeyFromBytes(data []byte) ([chacha20poly1305.KeySize]byte, error)
KeyFromBytes - Convert to fixed length buffer
func MinisignServerPrivateKey ¶
func MinisignServerPrivateKey() *minisign.PrivateKey
MinisignServerPrivateKey - Get the server's minisign key pair
func MinisignServerPublicKey ¶
func MinisignServerPublicKey() string
MinisignServerPublicKey - Get the server's minisign public key string
func MinisignServerSign ¶
MinisignServerSign - Sign a message with the server's minisign private key
func RandomKey ¶
func RandomKey() [chacha20poly1305.KeySize]byte
RandomKey - Generate random ID of randomIDSize bytes
func TOTPOptions ¶
func TOTPOptions() totp.ValidateOpts
TOTPOptions - Customized totp validation options
func TOTPServerSecret ¶
TOTPServerSecret - Get the server-wide totp secret value, the goal of the totp is for the implant to prove it was generated by this server. To that end we simply use a server-wide secret and ignore issuers/accounts. In order to bypass this check you'd have to extract the totp secret from a binary generated by the server.
func ValidateTOTP ¶
ValidateTOTP - Validate a TOTP code
Types ¶
type AgeKeyPair ¶
AgeKeyPair - Holds the public/private key pair
func ECCServerKeyPair ¶
func ECCServerKeyPair() *AgeKeyPair
ECCServerKeyPair - Get teh server's ECC key pair
func RandomAgeKeyPair ¶
func RandomAgeKeyPair() (*AgeKeyPair, error)
RandomAgeKeyPair - Generate a random Curve 25519 key pair
func (*AgeKeyPair) PrivateKey ¶
func (e *AgeKeyPair) PrivateKey() string
PrivateBase64 - Base64 encoded private key
func (*AgeKeyPair) PublicKey ¶
func (e *AgeKeyPair) PublicKey() *age.X25519Recipient
PublicKey - Return the parsed public key
type CipherContext ¶
type CipherContext struct {
Key [chacha20poly1305.KeySize]byte
// contains filtered or unexported fields
}
CipherContext - Tracks a series of messages encrypted under the same key and detects/prevents replay attacks.
func NewCipherContext ¶
func NewCipherContext(key [chacha20poly1305.KeySize]byte) *CipherContext
NewCipherContext - Wrapper around creating a cipher context from a key
Source Files
Directories