core

package
v0.0.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 5, 2026 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Overview

Package core provides shared cryptographic and data handling functions that work in both CLI and WASM environments.

Index

Constants

View Source 
const (
	// MaxFileSize is the maximum size of a single file during extraction (100 MB).
	MaxFileSize = 100 * 1024 * 1024
	// MaxTotalSize is the maximum total size of all extracted files (1 GB).
	MaxTotalSize = 1024 * 1024 * 1024
)
View Source 
const (
	ShareBegin = "-----BEGIN REMEMORY SHARE-----"
	ShareEnd   = "-----END REMEMORY SHARE-----"
)

Variables

View Source 
var ErrEmptyPassphrase = errors.New("passphrase cannot be empty")

ErrEmptyPassphrase is returned when an empty passphrase is provided.

Functions

func Combine 

func Combine(shares [][]byte) ([]byte, error)

Combine reconstructs the secret from k or more shares. Returns an error if fewer than 2 shares are provided. Note: If corrupted or wrong shares are provided, this may return garbage data without error. Use verification hashes to detect this.

func Decrypt 

func Decrypt(dst io.Writer, src io.Reader, passphrase string) error

Decrypt decrypts age-encrypted data using a passphrase.

func DecryptBytes 

func DecryptBytes(encryptedData []byte, passphrase string) ([]byte, error)

DecryptBytes is a convenience function that decrypts data and returns bytes.

func Encrypt 

func Encrypt(dst io.Writer, src io.Reader, passphrase string) error

Encrypt encrypts data using age with a passphrase (scrypt mode). The passphrase is used to derive an encryption key using scrypt.

func HashBytes 

func HashBytes(b []byte) string

HashBytes returns the SHA-256 hash of bytes, prefixed with "sha256:".

func HashString 

func HashString(s string) string

HashString returns the SHA-256 hash of a string, prefixed with "sha256:".

func SanitizeFilename 

func SanitizeFilename(name string) string

SanitizeFilename removes characters that are problematic in filenames.

func Split 

func Split(secret []byte, n, k int) ([][]byte, error)

Split divides a secret into n shares, requiring k to reconstruct. Parameters:

  • secret: the data to split (e.g., a passphrase)
  • n: total number of shares to create (2-255)
  • k: minimum shares needed to reconstruct (2-n)

func ValidateShamirParams 

func ValidateShamirParams(n, k int) error

ValidateShamirParams validates the parameters for Shamir's Secret Sharing.

func VerifyHash 

func VerifyHash(got, expected string) bool

VerifyHash checks if the given hash matches the expected value. Uses constant-time comparison to prevent timing attacks.

Types

type ExtractedFile 

type ExtractedFile struct {
	Name string
	Data []byte
}

ExtractedFile represents a file extracted from a tar.gz archive.

func ExtractTarGz 

func ExtractTarGz(tarGzData []byte) ([]ExtractedFile, error)

ExtractTarGz extracts files from tar.gz data in memory. This is used by both CLI and WASM for in-memory extraction. For file-based extraction, use the manifest package.

func ExtractTarGzReader 

func ExtractTarGzReader(r io.Reader) ([]ExtractedFile, error)

ExtractTarGzReader extracts files from a tar.gz reader.

type Share 

type Share struct {
	Version   int       // Format version (currently 1)
	Index     int       // Which share (1-indexed for humans)
	Total     int       // Total shares (N)
	Threshold int       // Required shares (K)
	Holder    string    // Name of the person holding this share
	Created   time.Time // When the share was created
	Data      []byte    // The actual share bytes
	Checksum  string    // SHA-256 of Data
}

Share represents a single Shamir share with metadata.

func NewShare 

func NewShare(index, total, threshold int, holder string, data []byte) *Share

NewShare creates a Share with the given parameters and computes its checksum.

func ParseShare 

func ParseShare(content []byte) (*Share, error)

ParseShare parses a share from its encoded format. The content can be a full README.txt file - it will find the share block.

func (*Share) Encode 

func (s *Share) Encode() string

Encode converts the share to a human-readable PEM-like format.

func (*Share) Filename 

func (s *Share) Filename() string

Filename returns a suggested filename for this share.

func (*Share) Verify 

func (s *Share) Verify() error

Verify checks that the share's checksum matches its data. Uses constant-time comparison to prevent timing attacks.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.