Documentation
¶
Overview ¶
Package core provides shared cryptographic and data handling functions that work in both CLI and WASM environments.
Index ¶
- Constants
- Variables
- func Combine(shares [][]byte) ([]byte, error)
- func DecodeShareWords(words []string) (data []byte, index int, err error)
- func DecodeWords(words []string) ([]byte, error)
- func Decrypt(dst io.Writer, src io.Reader, passphrase string) error
- func DecryptBytes(encryptedData []byte, passphrase string) ([]byte, error)
- func EncodeWords(data []byte) []string
- func Encrypt(dst io.Writer, src io.Reader, passphrase string) error
- func HashBytes(b []byte) string
- func HashString(s string) string
- func RecoverPassphrase(recovered []byte, version int) string
- func SanitizeFilename(name string) string
- func Split(secret []byte, n, k int) ([][]byte, error)
- func SuggestWord(input string) string
- func ValidateShamirParams(n, k int) error
- func VerifyHash(got, expected string) bool
- type ExtractedFile
- type Share
Constants ¶
const ( // MaxFileSize is the maximum size of a single file during extraction (100 MB). MaxFileSize = 100 * 1024 * 1024 // MaxTotalSize is the maximum total size of all extracted files (1 GB). MaxTotalSize = 1024 * 1024 * 1024 )
const ( // DefaultRecoveryURL is the default base URL for QR codes in PDFs. // Points to the recover.html hosted on GitHub Pages. DefaultRecoveryURL = "https://eljojo.github.io/rememory/recover.html" )
Variables ¶
var ErrEmptyPassphrase = errors.New("passphrase cannot be empty")
ErrEmptyPassphrase is returned when an empty passphrase is provided.
Functions ¶
func Combine ¶
Combine reconstructs the secret from k or more shares. Returns an error if fewer than 2 shares are provided. Note: If corrupted or wrong shares are provided, this may return garbage data without error. Use verification hashes to detect this.
func DecodeShareWords ¶ added in v0.0.8
DecodeShareWords decodes 25 BIP39 words into share data and index. The first 24 words are decoded to bytes; the 25th word carries index + checksum. Returns index=0 if the share index was > 15 (the sentinel value). Returns an error if the checksum doesn't match (wrong word order, typos, etc.).
func DecodeWords ¶ added in v0.0.8
DecodeWords converts BIP39 words back to bytes. Returns an error with typo suggestions if a word is not recognized.
func DecryptBytes ¶
DecryptBytes is a convenience function that decrypts data and returns bytes.
func EncodeWords ¶ added in v0.0.8
EncodeWords converts bytes to BIP39 words (11 bits per word). 33 bytes (264 bits) produces exactly 24 words.
func Encrypt ¶
Encrypt encrypts data using age with a passphrase (scrypt mode). The passphrase is used to derive an encryption key using scrypt.
func HashString ¶
HashString returns the SHA-256 hash of a string, prefixed with "sha256:".
func RecoverPassphrase ¶ added in v0.0.8
RecoverPassphrase converts raw bytes from Combine() into the age passphrase. V1 shares contain the passphrase string directly; v2+ shares contain raw bytes that must be base64url-encoded.
func SanitizeFilename ¶
SanitizeFilename converts a name to a filesystem-safe lowercase ASCII string. It transliterates accented/diacritic characters to their ASCII base form (e.g. "José" → "jose", "Müller" → "muller") using NFD decomposition.
func Split ¶
Split divides a secret into n shares, requiring k to reconstruct. Parameters:
- secret: the data to split (e.g., a passphrase)
- n: total number of shares to create (2-255)
- k: minimum shares needed to reconstruct (2-n)
func SuggestWord ¶ added in v0.0.8
SuggestWord finds the closest BIP39 word by Levenshtein distance (max 2). Returns empty string if no close match is found.
func ValidateShamirParams ¶
ValidateShamirParams validates the parameters for Shamir's Secret Sharing.
func VerifyHash ¶
VerifyHash checks if the given hash matches the expected value. Uses constant-time comparison to prevent timing attacks.
Types ¶
type ExtractedFile ¶
ExtractedFile represents a file extracted from a tar.gz archive.
func ExtractTarGz ¶
func ExtractTarGz(tarGzData []byte) ([]ExtractedFile, error)
ExtractTarGz extracts files from tar.gz data in memory. This is used by both CLI and WASM for in-memory extraction. For file-based extraction, use the manifest package.
func ExtractTarGzReader ¶
func ExtractTarGzReader(r io.Reader) ([]ExtractedFile, error)
ExtractTarGzReader extracts files from a tar.gz reader.
type Share ¶
type Share struct {
}
Share represents a single Shamir share with metadata.
func ParseCompact ¶ added in v0.0.8
ParseCompact parses a compact-encoded share string back into a Share. It validates the format, decodes the data, and verifies the short checksum.
func ParseShare ¶
ParseShare parses a share from its encoded format. The content can be a full README.txt file - it will find the share block.
func (*Share) CompactEncode ¶ added in v0.0.8
CompactEncode returns a short string encoding of the share suitable for QR codes and URL fragments. Format: RM{version}:{index}:{total}:{threshold}:{base64url_data}:{short_check} The short_check is the first 4 hex characters of the SHA-256 of the raw share data.
func (*Share) Verify ¶
Verify checks that the share's checksum matches its data. Uses constant-time comparison to prevent timing attacks.
func (*Share) Words ¶ added in v0.0.8
Words returns this share's data encoded as 25 BIP39 words. The first 24 words encode the share data (33 bytes = 264 bits, 11 bits per word). The 25th word packs 4 bits of share index + 7 bits of checksum (see word25 layout above). Returns an error for v1 shares or if the share index is negative.
Source Files