Documentation

Overview

Package afis implements Anti-Forensic Information Splitting

The splitter supports secure data destruction crucial for secure on-disk key management. The key idea is to bloat information and therefor improving the chance of destroying a single bit of it. The information is bloated in such a way, that a single missing bit causes the original information become unrecoverable. The theory behind AFsplitter is presented in TKS1.

The interface is simple. It consists of two functions:

Split(data, stripes)
Merge(data, stripes)

Split operates on data and returns information splitted data. Merge does just the opposite: uses the information stored in data to recover the original splitted data.

References

AFsplitter reference implementation at http://clemens.endorphin.org/AFsplitter

TKS1 paper at http://clemens.endorphin.org/TKS1-draft.pdf

Index

• Variables
• func Merge(data []byte, stripes int) ([]byte, error)
• func MergeHash(data []byte, stripes int, hashFunc func() hash.Hash) ([]byte, error)
• func Split(data []byte, stripes int) ([]byte, error)
• func SplitHash(data []byte, stripes int, hashFunc func() hash.Hash) ([]byte, error)

Examples

• Merge

Constants

This section is empty.

Variables

var (
	ErrMinStripe = errors.New("afis: at least one stripe is required")
	ErrDataLen   = errors.New("afis: data length is not multiple of stripes")
)

Errors.

var DefaultHash = sha1.New

DefaultHash is our default hashing function.

Functions

func Merge

func Merge(data []byte, stripes int) ([]byte, error)

Merge data splitted previously with Split using the default SHA-1 hash.

Example

secretKey := make([]byte, 16) if _, err := io.ReadFull(rand.Reader, secretKey); err != nil { panic(err) } // Split the original data using 4 stripes. scrambled, err := Split(secretKey, 4) if err != nil { panic(err) } // Merge back key, err := Merge(scrambled, 4) if err != nil { panic(err) } if !bytes.Equal(key, secretKey) { panic("merge failed") }

func MergeHash

func MergeHash(data []byte, stripes int, hashFunc func() hash.Hash) ([]byte, error)

MergeHash merges data splitted previously with the selected hash function.

func Split

func Split(data []byte, stripes int) ([]byte, error)

Split data using the default SHA-1 hash.

func SplitHash

func SplitHash(data []byte, stripes int, hashFunc func() hash.Hash) ([]byte, error)

SplitHash splits data using the selected hash function.

Types

This section is empty.