Documentation
¶
Index ¶
- Constants
- func DeriveDirectionalMAC(master []byte, label string) ([]byte, error)
- func DeriveDirectionalSeed(master []byte, label string) ([]byte, error)
- func FingerprintPublicKey(pub *hppk.PublicKey) (string, error)
- func GenerateKeyPair(path string, strength int, passphrase *memguard.LockedBuffer) error
- func LoadPrivateKey(path string) (*hppk.PrivateKey, error)
- func LoadPublicKey(path string) (*hppk.PublicKey, error)
- func MarshalPublicKey(pub *hppk.PublicKey) ([]byte, error)
- func PromptPassword(prompt string, confirm bool) (*memguard.LockedBuffer, error)
- func RandomPrimePadCount() (uint16, error)
- func SignatureFromProto(msg *protocol.Signature) (*hppk.Signature, error)
- func SignatureToProto(sig *hppk.Signature) *protocol.Signature
- func UnmarshalPublicKey(data []byte) (*hppk.PublicKey, error)
- func ValidatePadCount(p uint16) bool
Constants ¶
const ( // SessionKeyBytes defines how many bytes of keying material we derive for each // QPP pad direction. SessionKeyBytes = 256 // HmacKeyBytes defines the length of the per-direction integrity key. HmacKeyBytes = 32 )
const ( // MinPadCount defines the minimum allowed pad count for QPP. MinPadCount = 1024 // MaxPadCount defines the maximum allowed pad count for QPP. MaxPadCount = 2048 )
const ( // KdfName defines the key derivation function used for encrypting private keys. KdfName = "scrypt" // ScryptCostN defines the CPU/memory cost parameter for scrypt. ScryptCostN = 1 << 15 // ScryptCostR defines the block size parameter for scrypt. ScryptCostR = 8 // ScryptCostP defines the parallelization parameter for scrypt. ScryptCostP = 1 // EncryptedKeyType defines the format identifier for encrypted private key files. EncryptedKeyType = "encrypted-hppk" )
Variables ¶
This section is empty.
Functions ¶
func DeriveDirectionalMAC ¶
DeriveDirectionalMAC returns the per-direction MAC key.
func DeriveDirectionalSeed ¶
DeriveDirectionalSeed deterministically expands the shared master secret per direction.
func FingerprintPublicKey ¶
FingerprintPublicKey returns a short deterministic fingerprint for display/trust decisions.
func GenerateKeyPair ¶
func GenerateKeyPair(path string, strength int, passphrase *memguard.LockedBuffer) error
GenerateKeyPair creates a new HPPK keypair, optionally encrypts the private key, and persists both halves.
func LoadPrivateKey ¶
func LoadPrivateKey(path string) (*hppk.PrivateKey, error)
LoadPrivateKey reads an HPPK private key and decrypts it if needed.
func LoadPublicKey ¶
LoadPublicKey reads a JSON-encoded HPPK public key.
func MarshalPublicKey ¶
MarshalPublicKey serializes an HPPK public key using its binary representation.
func PromptPassword ¶
func PromptPassword(prompt string, confirm bool) (*memguard.LockedBuffer, error)
PromptPassword prompts the user for a password, optionally confirming it.
func RandomPrimePadCount ¶
RandomPrimePadCount returns a random prime number between MinPadCount and MaxPadCount.
func SignatureFromProto ¶
SignatureFromProto rebuilds an HPPK signature from protobuf bytes.
func SignatureToProto ¶
SignatureToProto converts an HPPK signature into its protobuf equivalent.
func UnmarshalPublicKey ¶
UnmarshalPublicKey decodes an HPPK public key from its binary form.
func ValidatePadCount ¶
ValidatePadCount checks if the given pad count is a prime number within the valid range.
Types ¶
This section is empty.
Source Files