Documentation
¶
Overview ¶
Package secure makes encrypted data can only be decrypted by selected recipients. It allows different types of public keys to secretly exchange data.
How It Works ¶
Suppose we have a opponent X, append 0 to the upper cased letter we get X0, it represents X's private key, similarly X1 represents X's public key. Now we have opponents X and Y, they may have different key types, such as X's is rsa, Y's is ecdsa, we want to encrypt data D with X and decrypt it with Y. X has access to Y1.
Encryption steps:
Generate ephemeral key M that has the same key type and size as Y1. Use Y1 and M0 to generate the shared secret key K. Use K to encrypt the D, it generates E. Only send M1 and E to Y.
Decryption steps:
Use Y0 and M1 to generate the shared secret key K. Use K to decrypt E, we get D.
Index ¶
- Constants
- Variables
- func Belongs(pub, prv []byte, passphrase string) (bool, error)
- func DecryptAES(key, data []byte, guard int) ([]byte, error)
- func DecryptSharedSecret(sharedKey []byte, prv crypto.PrivateKey) ([]byte, error)
- func EncryptAES(key, data []byte, guard int) ([]byte, error)
- func EncryptSharedSecret(sharedKey []byte, pub crypto.PublicKey) ([]byte, error)
- func GenerateKeyFile(deterministic bool, privateKeyPath, comment, passphrase string) error
- func IsAuthErr(err error) bool
- func PublicKeyHash(pub crypto.PublicKey) ([]byte, error)
- func PublicKeyHashByPrivateKey(prv crypto.PrivateKey) ([]byte, error)
- func SSHPrvKey(keyData []byte, passphrase string) (crypto.PrivateKey, error)
- func SSHPubKey(publicKey []byte) (crypto.PublicKey, error)
- type Cipher
- type Signer
- func (s *Signer) Decoder(r io.Reader) (io.ReadCloser, error)
- func (s *Signer) Encoder(w io.Writer) (io.WriteCloser, error)
- func (s *Signer) SigDigest(digest []byte) ([]byte, error)
- func (s *Signer) Sign(data []byte) ([]byte, error)
- func (s *Signer) Verify(data []byte) ([]byte, bool)
- func (s *Signer) VerifyDigest(digest, sign []byte) bool
Constants ¶
const AES_GUARD = 4
const KEY_HASH_SIZE = md5.Size
const PUB_KEY_EXT = ".pub"
Variables ¶
var ErrAlreadyClosed = errors.New("already closed")
var ErrNotRecipient = fmt.Errorf("not a recipient, the data is not encrypted for your public key")
var ErrNotSupportedKey = errors.New("not an supported key")
var ErrSignMismatch = errors.New("sign mismatch")
Functions ¶
func DecryptSharedSecret ¶ added in v0.3.0
func DecryptSharedSecret(sharedKey []byte, prv crypto.PrivateKey) ([]byte, error)
func EncryptSharedSecret ¶ added in v0.3.0
func GenerateKeyFile ¶ added in v0.5.2
GenerateKeyFile generates a new ed25519 ssh key pair. If deterministic is true, the key will be generated based on the passphrase itself, so the same passphrase will always generate the same key, this is useful if you don't want to backup the key, but it's less secure, you must use a strong passphrase.
func PublicKeyHashByPrivateKey ¶ added in v0.3.0
func PublicKeyHashByPrivateKey(prv crypto.PrivateKey) ([]byte, error)
Types ¶
type Cipher ¶ added in v0.0.5
type Cipher struct {
// Default is 16, it can be 16, 24, 32.
// 16 is AES-128, 24 is AES-192, 32 is AES-256.
AESType int
// contains filtered or unexported fields
}
Cipher to encrypt and decrypt data. The cipher will generate a random AES secret, each public key will be used to encrypt the AES secret into a key. The wire format of the output looks like this:
[n][key1][key2][key3]...[encrypted-data].
"n" is the number of keys. "key1" is the encrypted key for the first public key. "key2" is the encrypted key for the second public key. ... "encrypted-data" is the encrypted data by the AES secret.
func NewCipher ¶ added in v0.3.0
NewCipher to encrypt or decrypt data. The index indicates which key in the key list is for the prv to decrypt the data.
func NewCipherBytes ¶ added in v0.3.0
type Signer ¶ added in v0.0.5
type Signer struct {
// contains filtered or unexported fields
}
func NewSigner ¶ added in v0.3.0
func NewSigner(prv crypto.PrivateKey, pub crypto.PrivateKey) *Signer
Source Files