core/go-crypt
8
0
Fork 0
Code Issues 5 Pull requests 1 Projects Releases Packages Wiki Activity Actions
go-crypt/crypt/crypt.go
Snider 62482c7dc9
Some checks failed
Security Scan / security (pull_request) Failing after 9s
Details
Test / test (pull_request) Failing after 8m29s
Details
refactor: migrate imports to dappco.re/go/core/* paths 
Update module path from forge.lthn.ai/core/go-crypt to
dappco.re/go/core/crypt. Migrate go-log, go-io, go-i18n imports to
their new dappco.re/go/core/* paths with updated versions (core v0.5.0,
log v0.1.0, io v0.2.0, i18n v0.2.0). Un-migrated modules (cli,
go-store, go-inference) remain at forge.lthn.ai paths.

Also fixes merge conflict marker and duplicate imports in
crypt/openpgp/service.go, and updates CLAUDE.md to reflect new paths.

Co-Authored-By: Virgil <virgil@lethean.io>
2026-03-22 01:43:27 +00:00

90 lines
2.7 KiB
Go
Raw Blame History

package crypt
import (
coreerr "dappco.re/go/core/log"
)
// Encrypt encrypts data with a passphrase using ChaCha20-Poly1305.
// A random salt is generated and prepended to the output.
// Format: salt (16 bytes) + nonce (24 bytes) + ciphertext.
func Encrypt(plaintext, passphrase []byte) ([]byte, error) {
salt, err := generateSalt(argon2SaltLen)
if err != nil {
return nil, coreerr.E("crypt.Encrypt", "failed to generate salt", err)
}
key := DeriveKey(passphrase, salt, argon2KeyLen)
encrypted, err := ChaCha20Encrypt(plaintext, key)
if err != nil {
return nil, coreerr.E("crypt.Encrypt", "failed to encrypt", err)
}
// Prepend salt to the encrypted data (which already has nonce prepended)
result := make([]byte, 0, len(salt)+len(encrypted))
result = append(result, salt...)
result = append(result, encrypted...)
return result, nil
}
// Decrypt decrypts data encrypted with Encrypt.
// Expects format: salt (16 bytes) + nonce (24 bytes) + ciphertext.
func Decrypt(ciphertext, passphrase []byte) ([]byte, error) {
if len(ciphertext) < argon2SaltLen {
return nil, coreerr.E("crypt.Decrypt", "ciphertext too short", nil)
}
salt := ciphertext[:argon2SaltLen]
encrypted := ciphertext[argon2SaltLen:]
key := DeriveKey(passphrase, salt, argon2KeyLen)
plaintext, err := ChaCha20Decrypt(encrypted, key)
if err != nil {
return nil, coreerr.E("crypt.Decrypt", "failed to decrypt", err)
}
return plaintext, nil
}
// EncryptAES encrypts data using AES-256-GCM with a passphrase.
// A random salt is generated and prepended to the output.
// Format: salt (16 bytes) + nonce (12 bytes) + ciphertext.
func EncryptAES(plaintext, passphrase []byte) ([]byte, error) {
salt, err := generateSalt(argon2SaltLen)
if err != nil {
return nil, coreerr.E("crypt.EncryptAES", "failed to generate salt", err)
}
key := DeriveKey(passphrase, salt, argon2KeyLen)
encrypted, err := AESGCMEncrypt(plaintext, key)
if err != nil {
return nil, coreerr.E("crypt.EncryptAES", "failed to encrypt", err)
}
result := make([]byte, 0, len(salt)+len(encrypted))
result = append(result, salt...)
result = append(result, encrypted...)
return result, nil
}
// DecryptAES decrypts data encrypted with EncryptAES.
// Expects format: salt (16 bytes) + nonce (12 bytes) + ciphertext.
func DecryptAES(ciphertext, passphrase []byte) ([]byte, error) {
if len(ciphertext) < argon2SaltLen {
return nil, coreerr.E("crypt.DecryptAES", "ciphertext too short", nil)
}
salt := ciphertext[:argon2SaltLen]
encrypted := ciphertext[argon2SaltLen:]
key := DeriveKey(passphrase, salt, argon2KeyLen)
plaintext, err := AESGCMDecrypt(encrypted, key)
if err != nil {
return nil, coreerr.E("crypt.DecryptAES", "failed to decrypt", err)
}
return plaintext, nil
}
Reference in a new issue View git blame Copy permalink