stmf

package
v0.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 27, 2025 License: EUPL-1.2 Imports: 9 Imported by: 0

Documentation

Overview

Package stmf implements Sovereign Form Encryption using X25519 ECDH + ChaCha20-Poly1305. STMF (STIM Form) enables client-side encryption of HTML form data using the server's public key, providing end-to-end encryption even against MITM proxies.

Index

Constants

View Source 
const DefaultFieldName = "_stmf_payload"

DefaultFieldName is the form field name used for the encrypted payload

View Source 
const Magic = "STMF"

Magic bytes for STMF format

View Source 
const Version = "1.0"

Version of the STMF format

Variables

View Source 
var (
	ErrInvalidMagic        = errors.New("invalid STMF magic")
	ErrInvalidPayload      = errors.New("invalid STMF payload")
	ErrDecryptionFailed    = errors.New("decryption failed")
	ErrInvalidPublicKey    = errors.New("invalid public key")
	ErrInvalidPrivateKey   = errors.New("invalid private key")
	ErrKeyGenerationFailed = errors.New("key generation failed")
)

Errors

Functions

func DecryptBase64ToMap 

func DecryptBase64ToMap(encoded string, serverPrivateKey []byte) (map[string]string, error)

DecryptBase64ToMap decrypts base64 and returns a map

func DecryptToMap 

func DecryptToMap(stmfData []byte, serverPrivateKey []byte) (map[string]string, error)

DecryptToMap is a convenience function that returns the form data as a simple map

func Encrypt 

func Encrypt(data *FormData, serverPublicKey []byte) ([]byte, error)

Encrypt encrypts form data using the server's public key. It performs X25519 ECDH key exchange with an ephemeral keypair, derives a symmetric key, and encrypts with ChaCha20-Poly1305.

The result is a STMF container that can be base64-encoded for transmission.

func EncryptBase64 

func EncryptBase64(data *FormData, serverPublicKey []byte) (string, error)

EncryptBase64 encrypts form data and returns a base64-encoded string

func EncryptMap 

func EncryptMap(fields map[string]string, serverPublicKey []byte) ([]byte, error)

EncryptMap is a convenience function to encrypt a simple key-value map

func EncryptMapBase64 

func EncryptMapBase64(fields map[string]string, serverPublicKey []byte) (string, error)

EncryptMapBase64 encrypts a map and returns base64

func EncryptWithKey 

func EncryptWithKey(data *FormData, serverPublicKey *ecdh.PublicKey) ([]byte, error)

EncryptWithKey encrypts form data using a pre-loaded public key

func LoadPrivateKey 

func LoadPrivateKey(data []byte) (*ecdh.PrivateKey, error)

LoadPrivateKey loads a private key from raw bytes

func LoadPrivateKeyBase64 

func LoadPrivateKeyBase64(encoded string) (*ecdh.PrivateKey, error)

LoadPrivateKeyBase64 loads a private key from a base64-encoded string

func LoadPublicKey 

func LoadPublicKey(data []byte) (*ecdh.PublicKey, error)

LoadPublicKey loads a public key from raw bytes

func LoadPublicKeyBase64 

func LoadPublicKeyBase64(encoded string) (*ecdh.PublicKey, error)

LoadPublicKeyBase64 loads a public key from a base64-encoded string

func ValidatePayload 

func ValidatePayload(stmfData []byte) error

ValidatePayload checks if the data is a valid STMF container without decrypting

Types

type FormData 

type FormData struct {
	Fields   []FormField       `json:"fields"`
	Metadata map[string]string `json:"meta,omitempty"`
}

FormData represents the encrypted form payload

func Decrypt 

func Decrypt(stmfData []byte, serverPrivateKey []byte) (*FormData, error)

Decrypt decrypts a STMF payload using the server's private key. It extracts the ephemeral public key from the header, performs ECDH, and decrypts with ChaCha20-Poly1305.

func DecryptBase64 

func DecryptBase64(encoded string, serverPrivateKey []byte) (*FormData, error)

DecryptBase64 decrypts a base64-encoded STMF payload

func DecryptWithKey 

func DecryptWithKey(stmfData []byte, serverPrivateKey *ecdh.PrivateKey) (*FormData, error)

DecryptWithKey decrypts a STMF payload using a pre-loaded private key

func NewFormData 

func NewFormData() *FormData

NewFormData creates a new empty FormData

func (*FormData) AddField 

func (f *FormData) AddField(name, value string) *FormData

AddField adds a field to the form data

func (*FormData) AddFieldWithType 

func (f *FormData) AddFieldWithType(name, value, fieldType string) *FormData

AddFieldWithType adds a typed field to the form data

func (*FormData) AddFile 

func (f *FormData) AddFile(name, value, filename, mimeType string) *FormData

AddFile adds a file field to the form data

func (*FormData) Get 

func (f *FormData) Get(name string) string

Get retrieves a field value by name

func (*FormData) GetAll 

func (f *FormData) GetAll(name string) []string

GetAll retrieves all values for a field name (for multi-select)

func (*FormData) GetField 

func (f *FormData) GetField(name string) *FormField

GetField retrieves a full field by name

func (*FormData) SetMetadata 

func (f *FormData) SetMetadata(key, value string) *FormData

SetMetadata sets a metadata value

func (*FormData) ToMap 

func (f *FormData) ToMap() map[string]string

ToMap converts fields to a simple key-value map (last value wins for duplicates)

type FormField 

type FormField struct {
	Name     string `json:"name"`
	Value    string `json:"value"`
	Type     string `json:"type,omitempty"`     // text, password, file, etc.
	Filename string `json:"filename,omitempty"` // for file uploads
	MimeType string `json:"mime,omitempty"`     // for file uploads
}

FormField represents a single form field 

type Header struct {
	Version     string `json:"version"`
	Algorithm   string `json:"algorithm"`
	EphemeralPK string `json:"ephemeral_pk"` // base64-encoded ephemeral public key
	Nonce       string `json:"nonce"`        // base64-encoded nonce
}

Header represents the STMF container header

func GetPayloadInfo 

func GetPayloadInfo(stmfData []byte) (*Header, error)

GetPayloadInfo extracts metadata from a STMF payload without decrypting

type KeyPair 

type KeyPair struct {
	// contains filtered or unexported fields
}

KeyPair represents an X25519 keypair for STMF encryption

func GenerateKeyPair 

func GenerateKeyPair() (*KeyPair, error)

GenerateKeyPair generates a new X25519 keypair

func LoadKeyPair 

func LoadKeyPair(privateKeyBytes []byte) (*KeyPair, error)

LoadKeyPair loads a keypair from raw private key bytes

func LoadKeyPairBase64 

func LoadKeyPairBase64(privateKeyBase64 string) (*KeyPair, error)

LoadKeyPairBase64 loads a keypair from a base64-encoded private key

func (*KeyPair) PrivateKey 

func (k *KeyPair) PrivateKey() []byte

PrivateKey returns the raw private key bytes (32 bytes)

func (*KeyPair) PrivateKeyBase64 

func (k *KeyPair) PrivateKeyBase64() string

PrivateKeyBase64 returns the private key as a base64-encoded string

func (*KeyPair) PublicKey 

func (k *KeyPair) PublicKey() []byte

PublicKey returns the raw public key bytes (32 bytes)

func (*KeyPair) PublicKeyBase64 

func (k *KeyPair) PublicKeyBase64() string

PublicKeyBase64 returns the public key as a base64-encoded string

Source Files

View all Source files

Directories

Path Synopsis
Package middleware provides HTTP middleware for automatic STMF decryption.
 Package middleware provides HTTP middleware for automatic STMF decryption.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.