crypto

package
v0.9.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 1, 2026 License: MIT Imports: 9 Imported by: 0

Documentation

Overview

Package crypto implements AES-256-GCM envelope encryption and X25519 key exchange for Envault secret sealing and unsealing.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GenerateKeyPair

func GenerateKeyPair() (PrivateKey, PublicKey, error)

GenerateKeyPair generates a random X25519 keypair.

func Unseal

func Unseal(env *Envelope, privateKey PrivateKey) ([]byte, error)

Unseal decrypts env using privateKey. It scans every recipient block (not just the first match) to avoid leaking the recipient's list position via timing. Returns the plaintext on success.

func ValidatePublicKey

func ValidatePublicKey(pub PublicKey) error

ValidatePublicKey rejects X25519 public keys that cannot be used safely as a recipient — in particular low-order points (such as the all-zero key), which would produce an all-zero shared secret and make sealing impossible. It runs a throwaway ECDH and reports the resulting error.

Types

type CipherSuite

type CipherSuite string

CipherSuite selects the AEAD algorithm used for both payload and key wrapping.

const (
	AES256GCM        CipherSuite = "aes-256-gcm"
	ChaCha20Poly1305 CipherSuite = "chacha20-poly1305"
)

type Envelope

type Envelope struct {
	Version    int         `json:"version"`
	Suite      CipherSuite `json:"suite"`
	Nonce      []byte      `json:"nonce"`
	Ciphertext []byte      `json:"ciphertext"`
	Recipients []Recipient `json:"recipients"`
}

Envelope is the on-disk format for a sealed secret.

func Rewrap

func Rewrap(env *Envelope, privKey PrivateKey, recipients []PublicKey) (*Envelope, error)

Rewrap recovers the DEK from env using privKey, then re-wraps it for the new recipients. The payload ciphertext and nonce are unchanged — only the recipient wrapping list is replaced. Use this when adding or removing a recipient without re-encrypting the payload; for true revocation (new DEK + new ciphertext) use Seal on the decrypted plaintext instead.

func Seal

func Seal(payload []byte, recipients []PublicKey, suite CipherSuite) (*Envelope, error)

Seal encrypts payload with a random data key (DEK) using suite, then wraps the DEK for each recipient's X25519 public key via ephemeral ECDH + HKDF.

type PrivateKey

type PrivateKey [32]byte

PrivateKey is a 32-byte X25519 private scalar.

type PublicKey

type PublicKey [32]byte

PublicKey is a 32-byte X25519 public key.

func DerivePublicKey

func DerivePublicKey(priv PrivateKey) (PublicKey, error)

DerivePublicKey computes the X25519 public key corresponding to priv.

type Recipient

type Recipient struct {
	EphemeralPublic []byte `json:"ephemeral_public"`
	Nonce           []byte `json:"nonce"`
	WrappedKey      []byte `json:"wrapped_key"`
}

Recipient holds a data key encrypted for one X25519 public key.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL