afis · pkg.go.dev

Documentation

Overview ¶

Package afis implements Anti-Forensic Information Splitting

The splitter supports secure data destruction crucial for secure on-disk key management. The key idea is to bloat information and therefor improving the chance of destroying a single bit of it. The information is bloated in such a way, that a single missing bit causes the original information become unrecoverable. The theory behind AFsplitter is presented in TKS1.

The interface is simple. It consists of two functions:

Split(data, stripes)
Merge(data, stripes)

Split operates on data and returns information splitted data. Merge does just the opposite: uses the information stored in data to recover the original splitted data.

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrMinStripe = errors.New("afis: at least one stripe is required")
	ErrDataLen   = errors.New("afis: data length is not multiple of stripes")
)

Errors.

View Source

var DefaultHash = sha1.New

DefaultHash is our default hashing function.

Functions ¶

func Merge ¶

func Merge(data []byte, stripes int) ([]byte, error)

Merge data splitted previously with Split using the default SHA-1 hash.

Example ¶

secretKey := make([]byte, 16)
if _, err := io.ReadFull(rand.Reader, secretKey); err != nil {
	panic(err)
}

// Split the original data using 4 stripes.
scrambled, err := Split(secretKey, 4)
if err != nil {
	panic(err)
}

// Merge back
key, err := Merge(scrambled, 4)
if err != nil {
	panic(err)
}

if !bytes.Equal(key, secretKey) {
	panic("merge failed")
}

Output:

func MergeHash ¶

func MergeHash(data []byte, stripes int, hashFunc func() hash.Hash) ([]byte, error)

MergeHash merges data splitted previously with the selected hash function.

func Split ¶

func Split(data []byte, stripes int) ([]byte, error)

Split data using the default SHA-1 hash.

func SplitHash ¶

func SplitHash(data []byte, stripes int, hashFunc func() hash.Hash) ([]byte, error)

SplitHash splits data using the selected hash function.

Types ¶