secret
======
Mailgun tools for authenticated encryption.
**Overview**
Package secret provides tools for encrypting and decrypting authenticated messages.
Like all lemma packages, metrics are built in and can be emitted to check
for anomalous behavior.
[NaCl](http://nacl.cr.yp.to/) is the underlying secret-key authenticated encryption
library used. NaCl uses Salsa20 and Poly1305 as its cipher and MAC respectively.
**Examples**
_Key generation and use_
```go
package main
import (
"github.com/mailgun/lemma/secret"
)
// generate a new randomly generated key. use this to create a new key.
keyBytes, err := secret.NewKey()
// read base64 encoded key in from disk
secretService, err := secret.New(&secret.Config{KeyPath: "/path/to/secret.key"})
// set key bytes directly
secretService, err := secret.New(&secret.Config{
KeyBytes: &[32]byte{
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
},
})
// given a base64 encoded key, return key bytes
secret.EncodedStringToKey("c3VycHJpc2UsIHRoaXMgaXMgYSBmYWtlIGtleSE=")
// given key bytes, return an base64 encoded key
secret.KeyToEncodedString(&[32]byte{
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
})
```
---
_Encrypt message with existing key_
```go
import (
"fmt"
"encoding/base64"
"github.com/mailgun/lemma/secret"
)
// create a new secret encryption service using the above generated key
s, err := secret.New(&secret.Config{KeyPath: "/path/to/secret.key"})
if err != nil {
fmt.Printf("Got unexpected response from NewWithKeyBytes: %v\n", err)
}
// seal message
message := []byte("hello, world")
sealed, err := s.Seal(message)
if err != nil {
fmt.Printf("Got unexpected response from Seal: %v\n", err)
}
// optionally base64 encode them and store them somewhere (like in a database)
ciphertext := base64.StdEncoding.EncodeToString(sealed.Ciphertext)
nonce := base64.StdEncoding.EncodeToString(sealed.Nonce)
fmt.Printf("Ciphertext: %v, Nonce: %v\n", ciphertext, nonce)
```
---
_Encrypt message with passed in key_
```go
import (
"fmt"
"github.com/mailgun/lemma/secret"
)
// create a new secret encryption service using the above generated key
s, err := secret.New(&secret.Config{KeyPath: "/path/to/secret.key"})
if err != nil {
fmt.Printf("Got unexpected response from NewWithKeyBytes: %v\n", err)
}
// seal message
message := []byte("hello, world")
messageKey := secret.KeyBytes: &[32]byte{
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
}
sealed, err := s.SealWithKey(message, messageKey)
if err != nil {
fmt.Printf("Got unexpected response from Seal: %v\n", err)
}
fmt.Printf("Ciphertext: %v, Nonce: %v\n", sealed.Ciphertext, sealed.Nonce)
```
---
_Decrypt message_
```go
import (
"fmt"
"github.com/mailgun/lemma/secret"
)
// create a new secret encryption service using the above generated key
s, err := secret.New(&secret.Config{KeyPath: "/path/to/secret.key"})
if err != nil {
fmt.Printf("Got unexpected response from NewWithKeyBytes: %v\n", err)
}
var ciphertext []byte
var nonce []byte
// read in ciphertext and nonce
[...]
// decrypt and open message
plaintext, err := s.Open(&secret.SealedBytes{
Ciphertext: ciphertext,
Nonce: nonce,
})
if err != nil {
fmt.Printf("Got unexpected response from Open: %v\n", err)
}
fmt.Printf("Plaintext: %v\n", plaintext)
```
---
_Emit Metrics_
```go
import (
"fmt"
"github.com/mailgun/lemma/secret"
)
// define statsd server for metrics
s, err := secret.New(&secret.Config{
KeyPath: "/path/to/secret.key",
EmitStats: true,
StatsdHost: "www.example.com",
StatsdPort: 8125,
StatsdPrefix: "a_secret_prefix",
})
// now, when using the service, success and failures will be emitted to statsd
plaintext, err := s.Open(...)
if err != nil {
fmt.Printf("Got unexpected response from Open: %v\n", err)
}
```
Mailgun加密工具.zip
版权申诉
84 浏览量
2023-03-26
23:52:36
上传
评论
收藏 28KB ZIP 举报
快撑死的鱼
- 粉丝: 1w+
- 资源: 9154
最新资源
- 基于opencv的dnn模块实现Yolo-Fastest的目标检测python源码+模型+说明(高分项目).zip
- 使用Python调用微信本地ocr服务.zip
- 【精品推荐】人工智能在医疗中的应用.pptx
- 【精品推荐】电子医疗仪器人机接口-(1).ppt
- 【精品推荐】电子医疗仪器人机接口.ppt
- ubuntu镜像ubuntu镜像01
- 基于paddle搭建神经网络实现5种水果识别分类python源码+数据集(高分毕设).zip
- 【精品推荐】电子商务网店类型介绍.ppt
- 基于paddle搭建神经网络实现水果识别分类python源码+数据集(高分项目).zip
- 三菱plc编程口通信学习笔记.doc
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈