package encrypted

go-securesystemslib – github.com/secure-systems-lab/go-securesystemslib/encrypted Index | Files

package encrypted

import "github.com/secure-systems-lab/go-securesystemslib/encrypted"

Package encrypted provides a simple, secure system for encrypting data symmetrically with a passphrase.

It uses scrypt derive a key from the passphrase and the NaCl secret box cipher for authenticated encryption.

Index ¶

func Decrypt(ciphertext, passphrase []byte) ([]byte, error)
func Encrypt(plaintext, passphrase []byte) ([]byte, error)
func EncryptWithCustomKDFParameters(plaintext, passphrase []byte, kdfLevel KDFParameterStrength) ([]byte, error)
func Marshal(v interface{}, passphrase []byte) ([]byte, error)
func MarshalWithCustomKDFParameters(v interface{}, passphrase []byte, kdfLevel KDFParameterStrength) ([]byte, error)
func Unmarshal(data []byte, v interface{}, passphrase []byte) error
type KDFParameterStrength

Functions ¶

func Decrypt ¶

func Decrypt(ciphertext, passphrase []byte) ([]byte, error)

Decrypt takes a JSON-encoded ciphertext object encrypted using Encrypt and tries to decrypt it using passphrase. If successful, it returns the plaintext.

func Encrypt ¶

func Encrypt(plaintext, passphrase []byte) ([]byte, error)

Encrypt takes a passphrase and plaintext, and returns a JSON object containing ciphertext and the details necessary to decrypt it.

func EncryptWithCustomKDFParameters ¶

func EncryptWithCustomKDFParameters(plaintext, passphrase []byte, kdfLevel KDFParameterStrength) ([]byte, error)

EncryptWithCustomKDFParameters takes a passphrase, the plaintext and a KDF parameter level (Legacy, Standard, or OWASP), and returns a JSON object containing ciphertext and the details necessary to decrypt it.

func Marshal ¶

func Marshal(v interface{}, passphrase []byte) ([]byte, error)

Marshal encrypts the JSON encoding of v using passphrase.

func MarshalWithCustomKDFParameters ¶

func MarshalWithCustomKDFParameters(v interface{}, passphrase []byte, kdfLevel KDFParameterStrength) ([]byte, error)

MarshalWithCustomKDFParameters encrypts the JSON encoding of v using passphrase.

func Unmarshal ¶

func Unmarshal(data []byte, v interface{}, passphrase []byte) error

Unmarshal decrypts the data using passphrase and unmarshals the resulting plaintext into the value pointed to by v.

Types ¶

type KDFParameterStrength ¶

type KDFParameterStrength uint8

KDFParameterStrength defines the KDF parameter strength level to be used for encryption key derivation.

const (
	// Legacy defines legacy scrypt parameters (N:2^15, r:8, p:1)
	Legacy KDFParameterStrength = iota + 1
	// Standard defines standard scrypt parameters which is focusing 100ms of computation (N:2^16, r:8, p:1)
	Standard
	// OWASP defines OWASP recommended scrypt parameters (N:2^17, r:8, p:1)
	OWASP
)

Source Files ¶

encrypted.go

Version: v0.9.0 (latest)
Published: Dec 12, 2024
Platform: darwin/amd64
Imports: 7 packages
Last checked: 10 months ago –

Tools for package owners.

?	: This menu
/	: Search site
f	: Jump to identifier
g then g	: Go to top of page
g then b	: Go to end of page
G	: Go to end of page
g then i	: Go to index
g then e	: Go to examples