Documentation
¶
Index ¶
- Constants
- func InitCipher(secret SharedSecret) (cipher.Block, error)
- type Encrypter
- type EncrypterMarshal
- type EncryptionPrivKeyType
- type EncryptionPubKeyType
- type ISigner
- type IncompatibleKeyPair
- type MarshalledKey
- type SecurityViolation
- type SharedSecret
- type Signature
- type Signer
- func (b *Signer) Encode() SignerMarshal
- func (b *Signer) Generate() *Signer
- func (b *Signer) MarshalPrivate() string
- func (b *Signer) MarshalPublic() string
- func (b *Signer) Sign(data []byte) (Signature, error)
- func (b *Signer) UnmarshalPrivate(marshalled string) (SigningPrivKeyType, error)
- func (b *Signer) UnmarshalPublic(marshalled string) (SigningPubKeyType, error)
- func (b *Signer) Verify(data []byte, signature Signature) bool
- type SignerMarshal
- type SigningPrivKeyType
- type SigningPubKeyType
- type SymmetricEncryption
Constants ¶
const ( // SignatureSize mirrors ed25519.SignatureSize to keep callers agnostic of // the underlying implementation. SignatureSize = ed25519.SignatureSize // PublicKeySize mirrors ed25519.PublicKeySize for compatibility checks. PublicKeySize = ed25519.PublicKeySize // PrivateKeySize mirrors ed25519.SeedSize. Only the seed is marshalled. PrivateKeySize = ed25519.SeedSize )
Variables ¶
This section is empty.
Functions ¶
func InitCipher ¶
func InitCipher(secret SharedSecret) (cipher.Block, error)
InitCipher builds an AES cipher.Block for the provided shared secret.
Types ¶
type Encrypter ¶
type Encrypter struct {
// Private stores the local ECDH private key.
Private ecdh.PrivateKey
// Public holds the corresponding public key.
Public ecdh.PublicKey
}
Encrypter wraps ECDH key material and exposes helpers for symmetric crypto.
func (*Encrypter) Decrypt ¶
Decrypt reverses Encrypt using the negotiated shared secret. It validates that ciphertext length matches block boundaries.
func (*Encrypter) Encrypt ¶
Encrypt uses the shared secret between the parties to produce AES block-encrypted ciphertext. It pads the plaintext to the cipher block size.
type EncrypterMarshal ¶
type EncrypterMarshal MarshalledKey
EncrypterMarshal mirrors SignerMarshal for future marshalling support.
type EncryptionPrivKeyType ¶
type EncryptionPrivKeyType = *ecdh.PrivateKey
type EncryptionPubKeyType ¶
EncryptionPubKeyType and EncryptionPrivKeyType alias the concrete ecdh types so exported APIs can stay stable even if the implementation changes.
type ISigner ¶
type ISigner interface {
Sign([]byte) ([]byte, error)
Verify([]byte) (bool, error)
Public() []byte
}
ISigner exposes the minimal behaviour required for signing helpers. It keeps interfaces small while allowing multiple signing implementations.
type IncompatibleKeyPair ¶ added in v0.10.1
type IncompatibleKeyPair error
IncompatibleKeyPair indicates the provided keys cannot be used together.
type MarshalledKey ¶
type MarshalledKey struct {
// Private contains the encoded private key, when available.
Private string `toml:",omitemtpy" json:",omitempty" yaml:",omitempty"`
// Public contains the encoded public key.
Public string `toml:",omitempty" json:",omitempty" yaml:",omitempty"`
}
MarshalledKey represents a key pair encoded for transport or storage.
type SecurityViolation ¶ added in v0.10.1
type SecurityViolation error
SecurityViolation signals malicious or unexpected cryptographic state.
type SharedSecret ¶
type SharedSecret []byte
SharedSecret is the result of an ECDH key exchange.
func GetSharedSecret ¶
func GetSharedSecret(me *Encrypter, other *Encrypter) (SharedSecret, error)
GetSharedSecret derives the shared secret between two Encrypters.
type Signer ¶
type Signer struct {
// Private is the ed25519 private key (including public key on the tail).
Private SigningPrivKeyType
// Public is the ed25519 public key portion.
Public SigningPubKeyType
}
Signer bundles an ed25519 key pair and exposes helper methods for encoding and verification.
func (*Signer) Encode ¶
func (b *Signer) Encode() SignerMarshal
Encode returns a struct that carries base64 encoded keys for persistence.
func (*Signer) Generate ¶
Generate fills the signer with a new ed25519 key pair.
func (*Signer) MarshalPrivate ¶
MarshalPrivate encodes the private seed in base64 for persistence.
func (*Signer) MarshalPublic ¶
MarshalPublic encodes the public key in base64 for embedding into headers or config.
func (*Signer) Sign ¶
Sign signs data with the private key and returns the resulting signature.
func (*Signer) UnmarshalPrivate ¶
func (b *Signer) UnmarshalPrivate(marshalled string) (SigningPrivKeyType, error)
UnmarshalPrivate decodes a base64 seed and validates its size before returning it.
func (*Signer) UnmarshalPublic ¶
func (b *Signer) UnmarshalPublic(marshalled string) (SigningPubKeyType, error)
UnmarshalPublic decodes a base64 public key and verifies its expected size.
type SignerMarshal ¶
type SignerMarshal MarshalledKey
SignerMarshal is the exported representation of a key pair.
func (*SignerMarshal) Decode ¶
func (b *SignerMarshal) Decode() (*Signer, error)
Decode reconstructs a Signer from the output of Encode.
type SigningPrivKeyType ¶
type SigningPrivKeyType = ed25519.PrivateKey
SigningPrivKeyType and SigningPubKeyType exist so the rest of the code uses readable names even though ed25519 keys are currently used.
type SymmetricEncryption ¶
type SymmetricEncryption interface {
Encrypt(secret SharedSecret, date []byte) ([]byte, error)
Decrypt(secret SharedSecret, data []byte) ([]byte, error)
}
SymmetricEncryption abstracts block-mode helpers that rely on shared secrets.
Source Files
¶
- Abstract.go
- Encryption.go
- Errors.go
- Signing.go