go-crypt/crypt/rsa/rsa.go

package rsa

import (
	"crypto/rand"
	"crypto/rsa"
	"crypto/sha256"
	"crypto/x509"
	"encoding/pem"
	"fmt"

	coreerr "dappco.re/go/core/log"
)

// Service provides RSA functionality.
type Service struct{}

// NewService creates and returns a new Service instance for performing RSA-related operations.
func NewService() *Service {
	return &Service{}
}

// GenerateKeyPair creates a new RSA key pair.
func (s *Service) GenerateKeyPair(bits int) (publicKey, privateKey []byte, err error) {
	const op = "rsa.GenerateKeyPair"

	if bits < 2048 {
		return nil, nil, coreerr.E(op, fmt.Sprintf("key size too small: %d (minimum 2048)", bits), nil)
	}
	privKey, err := rsa.GenerateKey(rand.Reader, bits)
	if err != nil {
		return nil, nil, coreerr.E(op, "failed to generate private key", err)
	}

	privKeyBytes := x509.MarshalPKCS1PrivateKey(privKey)
	privKeyPEM := pem.EncodeToMemory(&pem.Block{
		Type:  "RSA PRIVATE KEY",
		Bytes: privKeyBytes,
	})

	pubKeyBytes, err := x509.MarshalPKIXPublicKey(&privKey.PublicKey)
	if err != nil {
		return nil, nil, coreerr.E(op, "failed to marshal public key", err)
	}
	pubKeyPEM := pem.EncodeToMemory(&pem.Block{
		Type:  "PUBLIC KEY",
		Bytes: pubKeyBytes,
	})

	return pubKeyPEM, privKeyPEM, nil
}

// Encrypt encrypts data with a public key.
func (s *Service) Encrypt(publicKey, data, label []byte) ([]byte, error) {
	const op = "rsa.Encrypt"

	block, _ := pem.Decode(publicKey)
	if block == nil {
		return nil, coreerr.E(op, "failed to decode public key", nil)
	}

	pub, err := x509.ParsePKIXPublicKey(block.Bytes)
	if err != nil {
		return nil, coreerr.E(op, "failed to parse public key", err)
	}

	rsaPub, ok := pub.(*rsa.PublicKey)
	if !ok {
		return nil, coreerr.E(op, "not an RSA public key", nil)
	}

	ciphertext, err := rsa.EncryptOAEP(sha256.New(), rand.Reader, rsaPub, data, label)
	if err != nil {
		return nil, coreerr.E(op, "failed to encrypt data", err)
	}

	return ciphertext, nil
}

// Decrypt decrypts data with a private key.
func (s *Service) Decrypt(privateKey, ciphertext, label []byte) ([]byte, error) {
	const op = "rsa.Decrypt"

	block, _ := pem.Decode(privateKey)
	if block == nil {
		return nil, coreerr.E(op, "failed to decode private key", nil)
	}

	priv, err := x509.ParsePKCS1PrivateKey(block.Bytes)
	if err != nil {
		return nil, coreerr.E(op, "failed to parse private key", err)
	}

	plaintext, err := rsa.DecryptOAEP(sha256.New(), rand.Reader, priv, ciphertext, label)
	if err != nil {
		return nil, coreerr.E(op, "failed to decrypt data", err)
	}

	return plaintext, nil
}
feat: extract crypto/security packages from core/go ChaCha20-Poly1305, AES-256-GCM, Argon2 key derivation, OpenPGP challenge-response auth, and trust tier policy engine. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-16 15:25:54 +00:00			`package rsa`

			`import (`
			`"crypto/rand"`
			`"crypto/rsa"`
			`"crypto/sha256"`
			`"crypto/x509"`
			`"encoding/pem"`
			`"fmt"`
fix: replace fmt.Errorf and errors.New with coreerr.E() Replace all fmt.Errorf/errors.New calls in auth/auth.go, crypt/pgp/pgp.go, crypt/rsa/rsa.go, crypt/chachapoly/chachapoly.go, and trust/trust.go with coreerr.E(op, msg, err) from go-log. No stale pkg/framework imports found. Co-Authored-By: Virgil <virgil@lethean.io> 2026-03-16 18:15:55 +00:00
refactor: migrate imports to dappco.re/go/core/* paths Update module path from forge.lthn.ai/core/go-crypt to dappco.re/go/core/crypt. Migrate go-log, go-io, go-i18n imports to their new dappco.re/go/core/* paths with updated versions (core v0.5.0, log v0.1.0, io v0.2.0, i18n v0.2.0). Un-migrated modules (cli, go-store, go-inference) remain at forge.lthn.ai paths. Also fixes merge conflict marker and duplicate imports in crypt/openpgp/service.go, and updates CLAUDE.md to reflect new paths. Co-Authored-By: Virgil <virgil@lethean.io> 2026-03-22 01:43:27 +00:00			`coreerr "dappco.re/go/core/log"`
feat: extract crypto/security packages from core/go ChaCha20-Poly1305, AES-256-GCM, Argon2 key derivation, OpenPGP challenge-response auth, and trust tier policy engine. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-16 15:25:54 +00:00			`)`

			`// Service provides RSA functionality.`
			`type Service struct{}`

			`// NewService creates and returns a new Service instance for performing RSA-related operations.`
			`func NewService() *Service {`
			`return &Service{}`
			`}`

			`// GenerateKeyPair creates a new RSA key pair.`
			`func (s *Service) GenerateKeyPair(bits int) (publicKey, privateKey []byte, err error) {`
fix: replace fmt.Errorf and errors.New with coreerr.E() Replace all fmt.Errorf/errors.New calls in auth/auth.go, crypt/pgp/pgp.go, crypt/rsa/rsa.go, crypt/chachapoly/chachapoly.go, and trust/trust.go with coreerr.E(op, msg, err) from go-log. No stale pkg/framework imports found. Co-Authored-By: Virgil <virgil@lethean.io> 2026-03-16 18:15:55 +00:00			`const op = "rsa.GenerateKeyPair"`

feat: extract crypto/security packages from core/go ChaCha20-Poly1305, AES-256-GCM, Argon2 key derivation, OpenPGP challenge-response auth, and trust tier policy engine. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-16 15:25:54 +00:00			`if bits < 2048 {`
fix: replace fmt.Errorf and errors.New with coreerr.E() Replace all fmt.Errorf/errors.New calls in auth/auth.go, crypt/pgp/pgp.go, crypt/rsa/rsa.go, crypt/chachapoly/chachapoly.go, and trust/trust.go with coreerr.E(op, msg, err) from go-log. No stale pkg/framework imports found. Co-Authored-By: Virgil <virgil@lethean.io> 2026-03-16 18:15:55 +00:00			`return nil, nil, coreerr.E(op, fmt.Sprintf("key size too small: %d (minimum 2048)", bits), nil)`
feat: extract crypto/security packages from core/go ChaCha20-Poly1305, AES-256-GCM, Argon2 key derivation, OpenPGP challenge-response auth, and trust tier policy engine. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-16 15:25:54 +00:00			`}`
			`privKey, err := rsa.GenerateKey(rand.Reader, bits)`
			`if err != nil {`
fix: replace fmt.Errorf and errors.New with coreerr.E() Replace all fmt.Errorf/errors.New calls in auth/auth.go, crypt/pgp/pgp.go, crypt/rsa/rsa.go, crypt/chachapoly/chachapoly.go, and trust/trust.go with coreerr.E(op, msg, err) from go-log. No stale pkg/framework imports found. Co-Authored-By: Virgil <virgil@lethean.io> 2026-03-16 18:15:55 +00:00			`return nil, nil, coreerr.E(op, "failed to generate private key", err)`
feat: extract crypto/security packages from core/go ChaCha20-Poly1305, AES-256-GCM, Argon2 key derivation, OpenPGP challenge-response auth, and trust tier policy engine. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-16 15:25:54 +00:00			`}`

			`privKeyBytes := x509.MarshalPKCS1PrivateKey(privKey)`
			`privKeyPEM := pem.EncodeToMemory(&pem.Block{`
			`Type: "RSA PRIVATE KEY",`
			`Bytes: privKeyBytes,`
			`})`

			`pubKeyBytes, err := x509.MarshalPKIXPublicKey(&privKey.PublicKey)`
			`if err != nil {`
fix: replace fmt.Errorf and errors.New with coreerr.E() Replace all fmt.Errorf/errors.New calls in auth/auth.go, crypt/pgp/pgp.go, crypt/rsa/rsa.go, crypt/chachapoly/chachapoly.go, and trust/trust.go with coreerr.E(op, msg, err) from go-log. No stale pkg/framework imports found. Co-Authored-By: Virgil <virgil@lethean.io> 2026-03-16 18:15:55 +00:00			`return nil, nil, coreerr.E(op, "failed to marshal public key", err)`
feat: extract crypto/security packages from core/go ChaCha20-Poly1305, AES-256-GCM, Argon2 key derivation, OpenPGP challenge-response auth, and trust tier policy engine. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-16 15:25:54 +00:00			`}`
			`pubKeyPEM := pem.EncodeToMemory(&pem.Block{`
			`Type: "PUBLIC KEY",`
			`Bytes: pubKeyBytes,`
			`})`

			`return pubKeyPEM, privKeyPEM, nil`
			`}`

			`// Encrypt encrypts data with a public key.`
			`func (s *Service) Encrypt(publicKey, data, label []byte) ([]byte, error) {`
fix: replace fmt.Errorf and errors.New with coreerr.E() Replace all fmt.Errorf/errors.New calls in auth/auth.go, crypt/pgp/pgp.go, crypt/rsa/rsa.go, crypt/chachapoly/chachapoly.go, and trust/trust.go with coreerr.E(op, msg, err) from go-log. No stale pkg/framework imports found. Co-Authored-By: Virgil <virgil@lethean.io> 2026-03-16 18:15:55 +00:00			`const op = "rsa.Encrypt"`

feat: extract crypto/security packages from core/go ChaCha20-Poly1305, AES-256-GCM, Argon2 key derivation, OpenPGP challenge-response auth, and trust tier policy engine. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-16 15:25:54 +00:00			`block, _ := pem.Decode(publicKey)`
			`if block == nil {`
fix: replace fmt.Errorf and errors.New with coreerr.E() Replace all fmt.Errorf/errors.New calls in auth/auth.go, crypt/pgp/pgp.go, crypt/rsa/rsa.go, crypt/chachapoly/chachapoly.go, and trust/trust.go with coreerr.E(op, msg, err) from go-log. No stale pkg/framework imports found. Co-Authored-By: Virgil <virgil@lethean.io> 2026-03-16 18:15:55 +00:00			`return nil, coreerr.E(op, "failed to decode public key", nil)`
feat: extract crypto/security packages from core/go ChaCha20-Poly1305, AES-256-GCM, Argon2 key derivation, OpenPGP challenge-response auth, and trust tier policy engine. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-16 15:25:54 +00:00			`}`

			`pub, err := x509.ParsePKIXPublicKey(block.Bytes)`
			`if err != nil {`
fix: replace fmt.Errorf and errors.New with coreerr.E() Replace all fmt.Errorf/errors.New calls in auth/auth.go, crypt/pgp/pgp.go, crypt/rsa/rsa.go, crypt/chachapoly/chachapoly.go, and trust/trust.go with coreerr.E(op, msg, err) from go-log. No stale pkg/framework imports found. Co-Authored-By: Virgil <virgil@lethean.io> 2026-03-16 18:15:55 +00:00			`return nil, coreerr.E(op, "failed to parse public key", err)`
feat: extract crypto/security packages from core/go ChaCha20-Poly1305, AES-256-GCM, Argon2 key derivation, OpenPGP challenge-response auth, and trust tier policy engine. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-16 15:25:54 +00:00			`}`

			`rsaPub, ok := pub.(*rsa.PublicKey)`
			`if !ok {`
fix: replace fmt.Errorf and errors.New with coreerr.E() Replace all fmt.Errorf/errors.New calls in auth/auth.go, crypt/pgp/pgp.go, crypt/rsa/rsa.go, crypt/chachapoly/chachapoly.go, and trust/trust.go with coreerr.E(op, msg, err) from go-log. No stale pkg/framework imports found. Co-Authored-By: Virgil <virgil@lethean.io> 2026-03-16 18:15:55 +00:00			`return nil, coreerr.E(op, "not an RSA public key", nil)`
feat: extract crypto/security packages from core/go ChaCha20-Poly1305, AES-256-GCM, Argon2 key derivation, OpenPGP challenge-response auth, and trust tier policy engine. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-16 15:25:54 +00:00			`}`

			`ciphertext, err := rsa.EncryptOAEP(sha256.New(), rand.Reader, rsaPub, data, label)`
			`if err != nil {`
fix: replace fmt.Errorf and errors.New with coreerr.E() Replace all fmt.Errorf/errors.New calls in auth/auth.go, crypt/pgp/pgp.go, crypt/rsa/rsa.go, crypt/chachapoly/chachapoly.go, and trust/trust.go with coreerr.E(op, msg, err) from go-log. No stale pkg/framework imports found. Co-Authored-By: Virgil <virgil@lethean.io> 2026-03-16 18:15:55 +00:00			`return nil, coreerr.E(op, "failed to encrypt data", err)`
feat: extract crypto/security packages from core/go ChaCha20-Poly1305, AES-256-GCM, Argon2 key derivation, OpenPGP challenge-response auth, and trust tier policy engine. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-16 15:25:54 +00:00			`}`

			`return ciphertext, nil`
			`}`

			`// Decrypt decrypts data with a private key.`
			`func (s *Service) Decrypt(privateKey, ciphertext, label []byte) ([]byte, error) {`
fix: replace fmt.Errorf and errors.New with coreerr.E() Replace all fmt.Errorf/errors.New calls in auth/auth.go, crypt/pgp/pgp.go, crypt/rsa/rsa.go, crypt/chachapoly/chachapoly.go, and trust/trust.go with coreerr.E(op, msg, err) from go-log. No stale pkg/framework imports found. Co-Authored-By: Virgil <virgil@lethean.io> 2026-03-16 18:15:55 +00:00			`const op = "rsa.Decrypt"`

feat: extract crypto/security packages from core/go ChaCha20-Poly1305, AES-256-GCM, Argon2 key derivation, OpenPGP challenge-response auth, and trust tier policy engine. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-16 15:25:54 +00:00			`block, _ := pem.Decode(privateKey)`
			`if block == nil {`
fix: replace fmt.Errorf and errors.New with coreerr.E() Replace all fmt.Errorf/errors.New calls in auth/auth.go, crypt/pgp/pgp.go, crypt/rsa/rsa.go, crypt/chachapoly/chachapoly.go, and trust/trust.go with coreerr.E(op, msg, err) from go-log. No stale pkg/framework imports found. Co-Authored-By: Virgil <virgil@lethean.io> 2026-03-16 18:15:55 +00:00			`return nil, coreerr.E(op, "failed to decode private key", nil)`
feat: extract crypto/security packages from core/go ChaCha20-Poly1305, AES-256-GCM, Argon2 key derivation, OpenPGP challenge-response auth, and trust tier policy engine. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-16 15:25:54 +00:00			`}`

			`priv, err := x509.ParsePKCS1PrivateKey(block.Bytes)`
			`if err != nil {`
fix: replace fmt.Errorf and errors.New with coreerr.E() Replace all fmt.Errorf/errors.New calls in auth/auth.go, crypt/pgp/pgp.go, crypt/rsa/rsa.go, crypt/chachapoly/chachapoly.go, and trust/trust.go with coreerr.E(op, msg, err) from go-log. No stale pkg/framework imports found. Co-Authored-By: Virgil <virgil@lethean.io> 2026-03-16 18:15:55 +00:00			`return nil, coreerr.E(op, "failed to parse private key", err)`
feat: extract crypto/security packages from core/go ChaCha20-Poly1305, AES-256-GCM, Argon2 key derivation, OpenPGP challenge-response auth, and trust tier policy engine. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-16 15:25:54 +00:00			`}`

			`plaintext, err := rsa.DecryptOAEP(sha256.New(), rand.Reader, priv, ciphertext, label)`
			`if err != nil {`
fix: replace fmt.Errorf and errors.New with coreerr.E() Replace all fmt.Errorf/errors.New calls in auth/auth.go, crypt/pgp/pgp.go, crypt/rsa/rsa.go, crypt/chachapoly/chachapoly.go, and trust/trust.go with coreerr.E(op, msg, err) from go-log. No stale pkg/framework imports found. Co-Authored-By: Virgil <virgil@lethean.io> 2026-03-16 18:15:55 +00:00			`return nil, coreerr.E(op, "failed to decrypt data", err)`
feat: extract crypto/security packages from core/go ChaCha20-Poly1305, AES-256-GCM, Argon2 key derivation, OpenPGP challenge-response auth, and trust tier policy engine. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-16 15:25:54 +00:00			`}`

			`return plaintext, nil`
			`}`