crypto

package

v0.2.1 Latest Latest Go to latest Published: Feb 13, 2026 License: MIT Imports: 10 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/Avicted/dialtone

Links

Open Source Insights

Documentation ¶

Overview ¶

Package crypto provides end-to-end encryption primitives using only the Go standard library crypto packages. It implements X25519 ECDH key exchange, HKDF-SHA256 key derivation, and AES-256-GCM authenticated encryption.

Index ¶

Constants
Variables
func Decrypt(key, ciphertext []byte) ([]byte, error)
func DecryptFromPeer(recipientPrivate *ecdh.PrivateKey, senderPublic *ecdh.PublicKey, ...) ([]byte, error)
func DeriveSharedKey(privateKey *ecdh.PrivateKey, peerPublic *ecdh.PublicKey, salt []byte) ([]byte, error)
func Encrypt(key, plaintext []byte) ([]byte, error)
func EncryptForPeer(senderPrivate *ecdh.PrivateKey, recipientPublic *ecdh.PublicKey, ...) (string, error)
func PrivateKeyFromBase64(encoded string) (*ecdh.PrivateKey, error)
func PrivateKeyToBase64(priv *ecdh.PrivateKey) string
func PublicKeyFromBase64(encoded string) (*ecdh.PublicKey, error)
func PublicKeyToBase64(pub *ecdh.PublicKey) string
type KeyPair
- func GenerateKeyPair() (*KeyPair, error)

Constants ¶

View Source

const (
	// NonceSize is the byte length of the GCM nonce (96 bits).
	NonceSize = 12
	// KeySize is the byte length of the AES-256 key.
	KeySize = 32
)

Variables ¶

View Source

var (
	ErrInvalidKey        = errors.New("crypto: invalid key")
	ErrDecryptionFailed  = errors.New("crypto: decryption failed")
	ErrInvalidCiphertext = errors.New("crypto: invalid ciphertext")
)

Functions ¶

func Decrypt ¶

func Decrypt(key, ciphertext []byte) ([]byte, error)

Decrypt decrypts ciphertext produced by Encrypt using AES-256-GCM.

func DecryptFromPeer ¶

func DecryptFromPeer(recipientPrivate *ecdh.PrivateKey, senderPublic *ecdh.PublicKey, encoded string) ([]byte, error)

DecryptFromPeer is a convenience function that derives a shared key from a key pair and a peer's public key, then decrypts the base64-encoded ciphertext.

func DeriveSharedKey ¶

func DeriveSharedKey(privateKey *ecdh.PrivateKey, peerPublic *ecdh.PublicKey, salt []byte) ([]byte, error)

DeriveSharedKey performs X25519 ECDH and derives a 256-bit key using HKDF-SHA256. The salt parameter is optional; pass nil for unsalted derivation.

func Encrypt ¶

func Encrypt(key, plaintext []byte) ([]byte, error)

Encrypt encrypts plaintext using AES-256-GCM with the given key. The returned ciphertext is: nonce (12 bytes) || gcm_ciphertext || gcm_tag.

func EncryptForPeer ¶

func EncryptForPeer(senderPrivate *ecdh.PrivateKey, recipientPublic *ecdh.PublicKey, plaintext []byte) (string, error)

EncryptForPeer is a convenience function that derives a shared key from a key pair and a peer's public key, then encrypts the plaintext. It returns base64-encoded ciphertext.

func PrivateKeyFromBase64 ¶

func PrivateKeyFromBase64(encoded string) (*ecdh.PrivateKey, error)

PrivateKeyFromBase64 decodes a base64-encoded X25519 private key.

func PrivateKeyToBase64 ¶

func PrivateKeyToBase64(priv *ecdh.PrivateKey) string

PrivateKeyToBase64 encodes a private key as standard base64.

func PublicKeyFromBase64 ¶

func PublicKeyFromBase64(encoded string) (*ecdh.PublicKey, error)

PublicKeyFromBase64 decodes a base64-encoded X25519 public key.

func PublicKeyToBase64 ¶

func PublicKeyToBase64(pub *ecdh.PublicKey) string

PublicKeyToBase64 encodes a public key as standard base64.

Types ¶

type KeyPair ¶

type KeyPair struct {
	Private *ecdh.PrivateKey
	Public  *ecdh.PublicKey
}

KeyPair holds an X25519 private/public key pair.

func GenerateKeyPair ¶

func GenerateKeyPair() (*KeyPair, error)

GenerateKeyPair creates a new X25519 key pair from crypto/rand.

Source Files ¶

View all Source files

crypto.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL