Snider/Enchantrix
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions
Core Framework Encryption Service + Proxy server - with a Cryptonote twist
147 commits 20 branches 5 tags 1.1 MiB
  • Go 97.6%
  • TypeScript 2.4%
Find a file
Exact
Snider 9b2b878aa3
Some checks failed
security-scan.yml / feat(pgp): add GenerateKeyPairWithConfig + SymmetricallyEncryptWithConfig (push) Failing after 0s
Details
test.yml / feat(pgp): add GenerateKeyPairWithConfig + SymmetricallyEncryptWithConfig (push) Failing after 0s
Details
feat(pgp): add GenerateKeyPairWithConfig + SymmetricallyEncryptWithConfig 
Closes Lethean Desktop Mantis #29 (Ed25519 keygen) + #30 (AES-256
symmetric). Pre-req for Stage X.B account-provision impl per Stage X
RFC v2 §5.1 HIGH-1 + HIGH-2.

GenerateKeyPairWithConfig(name, email, comment, *packet.Config) lets
callers select the public-key algorithm + curve. Legacy
GenerateKeyPair stays unchanged (delegates with nil config →
library default RSA-2048) for back-compat with server.key bootstrap
and other existing consumers.

Modern callers pass:
    cfg := &packet.Config{
        Algorithm: packet.PubKeyAlgoEdDSA,
        Curve:     packet.Curve25519,
    }
to land Ed25519 + Curve25519 — 2026 floor, ~50x faster keygen,
~20x smaller serialised key, constant-time-by-design.

SymmetricallyEncryptWithConfig(passphrase, data, *packet.Config) lets
callers select the symmetric cipher + S2K iteration count. Legacy
SymmetricallyEncrypt stays unchanged (delegates with nil config →
library default AES-128). Modern callers pass:
    cfg := &packet.Config{
        DefaultCipher: packet.CipherAES256,
        S2KConfig:     &s2k.Config{S2KCount: 65011712},
    }
to land AES-256 + max standard iteration count. Argon2 S2K is not
yet exported by go-crypto; iterated S2K at S2KCount=65011712 is the
practical 2026 floor until Argon2 lands upstream.

Test triads land Good/Bad/Ugly per AX-10 for both new functions.
Coverage includes:
- Emitted entity uses Ed25519 (re-read public key, inspect
  PrimaryKey.PubKeyAlgo == PubKeyAlgoEdDSA)
- Emitted SKESK packet uses AES-256 (packet.Read on ciphertext,
  inspect SymmetricKeyEncrypted.CipherFunc == CipherAES256)
- nil-config back-compat (defaults match legacy GenerateKeyPair +
  SymmetricallyEncrypt behaviour)
- Ed25519 round-trip Encrypt/Decrypt + AES-256 round-trip with
  legacy SymmetricallyDecrypt (cipher encoded in SKESK packet
  header; decryptor reads from stream, doesn't need config)
- Wrong-passphrase rejection against AES-256 blob

Full pgp suite green (TestService_*WithConfig_* + all existing
legacy GenerateKeyPair / Encrypt / Sign / Verify /
SymmetricallyEncrypt / SymmetricallyDecrypt + Mock paths).

Co-Authored-By: Virgil <virgil@lethean.io>
2026-05-16 15:08:40 +01:00
.dataset Switching machines, ffmpeg + readable byte stream 2022-01-24 07:43:24 +00:00
.forgejo/workflows ci: add Forgejo Actions test and security scan workflows 2026-02-23 03:28:30 +00:00
.github fix: Correctly scope fuzz test in CI workflow 2025-11-04 01:28:24 +00:00
.run Switching machines, ffmpeg + readable byte stream 2022-01-24 07:43:24 +00:00
cmd/trix chore: migrate module path from github.com to forge.lthn.ai 2026-02-22 21:34:26 +00:00
docs docs: add CLI reference, PGP examples, and detailed sigil list 2025-11-25 00:00:24 +00:00
examples chore: migrate module path from github.com to forge.lthn.ai 2026-02-22 21:34:26 +00:00
pkg feat(pgp): add GenerateKeyPairWithConfig + SymmetricallyEncryptWithConfig 2026-05-16 15:08:40 +01:00
rfcs docs: update future work sections and add encryption sigil details 2026-01-13 17:28:06 +00:00
vault feat: Port crypt library from Core 2025-10-30 17:11:31 +00:00
.gitignore feat: add MkDocs documentation site and update README with usage instructions 2025-11-04 11:27:35 +00:00
.goreleaser.yml feat: add trix command-line tool for encoding, decoding, and hashing files 2025-11-03 04:05:32 +00:00
CLAUDE.md docs: add CLAUDE.md for project guidelines and testing conventions 2026-01-04 19:54:03 +00:00
DISCLAIMER.md 42 2022-01-23 21:49:14 +00:00
go.mod chore: sync workspace dependency versions 2026-02-22 22:04:45 +00:00
go.sum chore: sync workspace dependency versions 2026-02-22 22:04:45 +00:00
go.work feat: Update Go version and workflow 2025-10-30 17:47:40 +00:00
go.work.sum docs: add CLAUDE.md for project guidelines and testing conventions 2026-01-04 19:54:03 +00:00
LICENCE Create LICENCE 2022-01-23 13:07:49 +00:00
mkdocs.yml docs: add CLI reference, PGP examples, and detailed sigil list 2025-11-25 00:00:24 +00:00
README.md docs: add examples for checksum algorithms, hashing, PGP operations, and .trix container format 2026-01-13 16:10:30 +00:00
Taskfile.yml Merge pull request #32 from Snider/feature-add-go-vet 2025-11-04 13:22:18 +00:00

README.md

Enchantrix

Go Report Card GoDoc Build Status codecov Release License Go Version

A Go-based encryption and data transformation library designed for secure handling of sensitive data. Enchantrix provides composable transformation pipelines, a flexible binary container format, and defense-in-depth encryption with pre-obfuscation.

Features

  • Sigil Transformation Framework - Composable, reversible data transformations (encoding, compression, hashing)
  • Pre-Obfuscation Layer - Side-channel attack mitigation for AEAD ciphers
  • .trix Container Format - Protocol-agnostic binary format with JSON metadata
  • Multiple Hash Algorithms - SHA-2, SHA-3, BLAKE2, RIPEMD-160, and the custom LTHN algorithm
  • Full PGP Support - Key generation, encryption, decryption, signing, and verification
  • RSA Operations - Key generation, encryption, and decryption
  • CLI Tool - trix command for encoding, decoding, and transformations

Quick Start

Installation

go get github.com/Snider/Enchantrix

Install CLI Tool

go install github.com/Snider/Enchantrix/cmd/trix@latest

Basic Usage

Sigil Transformations

package main

import (
    "fmt"
    "github.com/Snider/Enchantrix/pkg/enchantrix"
)

func main() {
    // Create sigils
    hexSigil, _ := enchantrix.NewSigil("hex")
    base64Sigil, _ := enchantrix.NewSigil("base64")

    // Apply transformations
    data := []byte("Hello, Enchantrix!")
    encoded, _ := enchantrix.Transmute(data, []enchantrix.Sigil{hexSigil, base64Sigil})

    fmt.Printf("Encoded: %s\n", encoded)
}

Hashing

package main

import (
    "fmt"
    "github.com/Snider/Enchantrix/pkg/crypt"
)

func main() {
    service := crypt.NewService()

    hash := service.Hash(crypt.SHA256, "Hello, World!")
    fmt.Printf("SHA-256: %s\n", hash)

    // LTHN quasi-salted hash
    lthnHash := service.Hash(crypt.LTHN, "Hello, World!")
    fmt.Printf("LTHN: %s\n", lthnHash)
}

Encrypted .trix Container

package main

import (
    "fmt"
    "github.com/Snider/Enchantrix/pkg/trix"
)

func main() {
    container := &trix.Trix{
        Header: map[string]interface{}{
            "content_type": "text/plain",
            "created_at":   "2025-01-13T12:00:00Z",
        },
        Payload:  []byte("Secret message"),
        InSigils: []string{"gzip", "base64"},
    }

    // Pack with sigils
    container.Pack()

    // Encode to binary
    encoded, _ := trix.Encode(container, "MYAP", nil)
    fmt.Printf("Container size: %d bytes\n", len(encoded))
}

CLI Examples

# Encode with sigils
echo "Hello, Trix!" | trix encode --output message.trix --magic TRIX base64

# Decode
trix decode --input message.trix --output message.txt --magic TRIX base64

# Hash data
echo "Hello, World!" | trix hash sha256

# Apply sigil directly
echo "Hello" | trix hex
# Output: 48656c6c6f

Specifications

Enchantrix includes formal RFC-style specifications for its core protocols:

RFC Title Description
RFC-0001 Pre-Obfuscation Layer Side-channel mitigation for AEAD ciphers
RFC-0002 TRIX Container Format Binary container with JSON metadata
RFC-0003 Sigil Framework Composable data transformation interface
RFC-0004 LTHN Hash Quasi-salted deterministic hashing

Available Sigils

Category Sigils
Encoding hex, base64
Compression gzip
Formatting json, json-indent
Transform reverse
Hashing md4, md5, sha1, sha224, sha256, sha384, sha512, sha3-224, sha3-256, sha3-384, sha3-512, sha512-224, sha512-256, ripemd160, blake2s-256, blake2b-256, blake2b-384, blake2b-512

Project Structure

Enchantrix/
├── cmd/trix/           # CLI tool
├── pkg/
│   ├── enchantrix/     # Sigil framework and crypto sigils
│   ├── trix/           # .trix container format
│   └── crypt/          # Cryptographic services (hash, RSA, PGP)
├── rfcs/               # Protocol specifications
├── examples/           # Usage examples
└── docs/               # MkDocs documentation

Documentation

Full documentation is available via MkDocs:

# Install dependencies
pip install mkdocs mkdocs-material

# Serve locally
mkdocs serve -a 127.0.0.1:8000

# Build static site
mkdocs build --strict

Development

Requirements

  • Go 1.25 or later

Running Tests

# Run all tests
go test ./...

# Run with race detection
go test -race ./...

# Run with coverage
go test -coverprofile=coverage.out ./...

Test-Driven Development

This project follows strict TDD methodology. All new functionality must include comprehensive tests.

Releases

Built with GoReleaser:

# Snapshot release (local, no publish)
goreleaser release --snapshot --clean

# Production release (requires Git tag)
goreleaser release --clean

License

See LICENCE for details.