Documentation
¶
Overview ¶
Package crypto provides end-to-end encryption primitives for td-sync. It includes X25519 key exchange, AES-256-GCM encryption, ECDH+HKDF key wrapping, and Argon2id passphrase-based key derivation.
Index ¶
- func Decrypt(key, ciphertext []byte) ([]byte, error)
- func DeriveKeyFromPassphrase(passphrase string) (key, salt []byte, err error)
- func DeriveKeyFromPassphraseWithSalt(passphrase string, salt []byte) ([]byte, error)
- func Encrypt(key, plaintext []byte) ([]byte, error)
- func GenerateDEK() ([]byte, error)
- func GenerateKeyPair() (*ecdh.PrivateKey, *ecdh.PublicKey, error)
- func UnwrapKey(recipientPriv *ecdh.PrivateKey, senderPub *ecdh.PublicKey, wrappedDEK []byte) ([]byte, error)
- func WrapKey(senderPriv *ecdh.PrivateKey, recipientPub *ecdh.PublicKey, dek []byte) ([]byte, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DeriveKeyFromPassphrase ¶
DeriveKeyFromPassphrase derives a 256-bit key from a passphrase using Argon2id. Returns the derived key and the salt used (32 bytes random salt).
func DeriveKeyFromPassphraseWithSalt ¶
DeriveKeyFromPassphraseWithSalt derives a key using a known salt (for recovery).
func Encrypt ¶
Encrypt encrypts plaintext using AES-256-GCM with a 256-bit key. Returns nonce || ciphertext (nonce is prepended).
func GenerateDEK ¶
GenerateDEK generates a random 256-bit data encryption key.
func GenerateKeyPair ¶
func GenerateKeyPair() (*ecdh.PrivateKey, *ecdh.PublicKey, error)
GenerateKeyPair generates an X25519 keypair for key exchange.
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.