Documentation ¶
Overview ¶
go-crypto is a customized/convenience cryptography package for supporting Tendermint.
It wraps select functionality of equivalent functions in the Go standard library, for easy usage with our libraries.
Keys:
All key generation functions return an instance of the PrivKey interface which implements methods
AssertIsPrivKeyInner() Bytes() []byte Sign(msg []byte) Signature PubKey() PubKey Equals(PrivKey) bool Wrap() PrivKey
From the above method we can: a) Retrieve the public key if needed
pubKey := key.PubKey()
For example:
privKey, err := crypto.GenPrivKeyEd25519() if err != nil { ... } pubKey := privKey.PubKey() ... // And then you can use the private and public key doSomething(privKey, pubKey)
We also provide hashing wrappers around algorithms:
Sha256
sum := crypto.Sha256([]byte("This is Tendermint")) fmt.Printf("%x\n", sum)
Ripemd160
sum := crypto.Ripemd160([]byte("This is consensus")) fmt.Printf("%x\n", sum)
Index ¶
- Constants
- func CRandBytes(numBytes int) []byte
- func CRandHex(numDigits int) string
- func CReader() io.Reader
- func DecodeArmor(armorStr string) (blockType string, headers map[string]string, data []byte, err error)
- func DecryptSymmetric(ciphertext []byte, secret []byte) (plaintext []byte, err error)
- func EncodeArmor(blockType string, headers map[string]string, data []byte) string
- func EncryptSymmetric(plaintext []byte, secret []byte) (ciphertext []byte)
- func MixEntropy(seedBytes []byte)
- func RegisterAmino(cdc *amino.Codec)
- func Ripemd160(bytes []byte) []byte
- func Sha256(bytes []byte) []byte
- type Address
- type DerivationPath
- type PrivKey
- type PrivKeyEd25519
- func (privKey PrivKeyEd25519) Bytes() []byte
- func (privKey PrivKeyEd25519) Equals(other PrivKey) bool
- func (privKey PrivKeyEd25519) Generate(index int) PrivKeyEd25519
- func (privKey PrivKeyEd25519) PubKey() PubKey
- func (privKey PrivKeyEd25519) Sign(msg []byte) (Signature, error)
- func (privKey PrivKeyEd25519) ToCurve25519() *[32]byte
- type PrivKeyLedgerSecp256k1
- func (pk *PrivKeyLedgerSecp256k1) AssertIsPrivKeyInner()
- func (pk PrivKeyLedgerSecp256k1) Bytes() []byte
- func (pk PrivKeyLedgerSecp256k1) Equals(other PrivKey) bool
- func (pk PrivKeyLedgerSecp256k1) PubKey() PubKey
- func (pk PrivKeyLedgerSecp256k1) Sign(msg []byte) (Signature, error)
- func (pk PrivKeyLedgerSecp256k1) ValidateKey() error
- type PrivKeySecp256k1
- type PubKey
- type PubKeyEd25519
- func (pubKey PubKeyEd25519) Address() Address
- func (pubKey PubKeyEd25519) Bytes() []byte
- func (pubKey PubKeyEd25519) Equals(other PubKey) bool
- func (pubKey PubKeyEd25519) String() string
- func (pubKey PubKeyEd25519) ToCurve25519() *[32]byte
- func (pubKey PubKeyEd25519) VerifyBytes(msg []byte, sig_ Signature) bool
- type PubKeySecp256k1
- type Signature
- type SignatureEd25519
- type SignatureSecp256k1
Examples ¶
Constants ¶
const Version = "0.9.0"
Variables ¶
This section is empty.
Functions ¶
func CRandHex ¶
CRandHex returns a hex encoded string that's floor(numDigits/2) * 2 long.
Note: CRandHex(24) gives 96 bits of randomness that are usually strong enough for most purposes.
func DecodeArmor ¶
func DecryptSymmetric ¶
secret must be 32 bytes long. Use something like Sha256(Bcrypt(passphrase)) The ciphertext is (secretbox.Overhead + 24) bytes longer than the plaintext.
func EncodeArmor ¶
func EncryptSymmetric ¶
secret must be 32 bytes long. Use something like Sha256(Bcrypt(passphrase)) The ciphertext is (secretbox.Overhead + 24) bytes longer than the plaintext. NOTE: call crypto.MixEntropy() first.
func MixEntropy ¶
func MixEntropy(seedBytes []byte)
Mix additional bytes of randomness, e.g. from hardware, user-input, etc. It is OK to call it multiple times. It does not diminish security.
func RegisterAmino ¶ added in v0.6.0
Types ¶
type Address ¶ added in v0.5.0
An address is a []byte, but hex-encoded even in JSON. []byte leaves us the option to change the address length. Use an alias so Unmarshal methods (with ptr receivers) are available too.
type PrivKey ¶
type PrivKey interface { Bytes() []byte Sign(msg []byte) (Signature, error) PubKey() PubKey Equals(PrivKey) bool }
func NewPrivKeyLedgerSecp256k1 ¶ added in v0.8.0
func NewPrivKeyLedgerSecp256k1(path DerivationPath) (PrivKey, error)
NewPrivKeyLedgerSecp256k1 will generate a new key and store the public key for later use.
func PrivKeyFromBytes ¶
type PrivKeyEd25519 ¶
type PrivKeyEd25519 [64]byte
Implements PrivKey
func GenPrivKeyEd25519 ¶
func GenPrivKeyEd25519() PrivKeyEd25519
func GenPrivKeyEd25519FromSecret ¶
func GenPrivKeyEd25519FromSecret(secret []byte) PrivKeyEd25519
NOTE: secret should be the output of a KDF like bcrypt, if it's derived from user input.
func (PrivKeyEd25519) Bytes ¶
func (privKey PrivKeyEd25519) Bytes() []byte
func (PrivKeyEd25519) Equals ¶
func (privKey PrivKeyEd25519) Equals(other PrivKey) bool
Equals - you probably don't need to use this. Runs in constant time based on length of the keys.
func (PrivKeyEd25519) Generate ¶
func (privKey PrivKeyEd25519) Generate(index int) PrivKeyEd25519
Deterministically generates new priv-key bytes from key.
func (PrivKeyEd25519) PubKey ¶
func (privKey PrivKeyEd25519) PubKey() PubKey
func (PrivKeyEd25519) ToCurve25519 ¶
func (privKey PrivKeyEd25519) ToCurve25519() *[32]byte
type PrivKeyLedgerSecp256k1 ¶ added in v0.8.0
type PrivKeyLedgerSecp256k1 struct { // PubKey should be private, but we want to encode it via go-amino // so we can view the address later, even without having the ledger // attached CachedPubKey PubKey Path DerivationPath }
PrivKeyLedgerSecp256k1 implements PrivKey, calling the ledger nano we cache the PubKey from the first call to use it later
func (*PrivKeyLedgerSecp256k1) AssertIsPrivKeyInner ¶ added in v0.8.0
func (pk *PrivKeyLedgerSecp256k1) AssertIsPrivKeyInner()
AssertIsPrivKeyInner fulfils PrivKey Interface
func (PrivKeyLedgerSecp256k1) Bytes ¶ added in v0.8.0
func (pk PrivKeyLedgerSecp256k1) Bytes() []byte
Bytes fulfils PrivKey Interface - but it stores the cached pubkey so we can verify the same key when we reconnect to a ledger
func (PrivKeyLedgerSecp256k1) Equals ¶ added in v0.8.0
func (pk PrivKeyLedgerSecp256k1) Equals(other PrivKey) bool
Equals fulfils PrivKey Interface - makes sure both keys refer to the same
func (PrivKeyLedgerSecp256k1) PubKey ¶ added in v0.8.0
func (pk PrivKeyLedgerSecp256k1) PubKey() PubKey
PubKey returns the stored PubKey
func (PrivKeyLedgerSecp256k1) Sign ¶ added in v0.8.0
func (pk PrivKeyLedgerSecp256k1) Sign(msg []byte) (Signature, error)
Sign calls the ledger and stores the PubKey for future use
Communication is checked on NewPrivKeyLedger and PrivKeyFromBytes, returning an error, so this should only trigger if the privkey is held in memory for a while before use.
func (PrivKeyLedgerSecp256k1) ValidateKey ¶ added in v0.8.0
func (pk PrivKeyLedgerSecp256k1) ValidateKey() error
ValidateKey allows us to verify the sanity of a key after loading it from disk
type PrivKeySecp256k1 ¶
type PrivKeySecp256k1 [32]byte
Implements PrivKey
func GenPrivKeySecp256k1 ¶
func GenPrivKeySecp256k1() PrivKeySecp256k1
func GenPrivKeySecp256k1FromSecret ¶
func GenPrivKeySecp256k1FromSecret(secret []byte) PrivKeySecp256k1
NOTE: secret should be the output of a KDF like bcrypt, if it's derived from user input.
func (PrivKeySecp256k1) Bytes ¶
func (privKey PrivKeySecp256k1) Bytes() []byte
func (PrivKeySecp256k1) Equals ¶
func (privKey PrivKeySecp256k1) Equals(other PrivKey) bool
Equals - you probably don't need to use this. Runs in constant time based on length of the keys.
func (PrivKeySecp256k1) PubKey ¶
func (privKey PrivKeySecp256k1) PubKey() PubKey
type PubKey ¶
type PubKey interface { Address() Address Bytes() []byte VerifyBytes(msg []byte, sig Signature) bool Equals(PubKey) bool }
func PubKeyFromBytes ¶
type PubKeyEd25519 ¶
type PubKeyEd25519 [32]byte
Implements PubKeyInner
func (PubKeyEd25519) Address ¶
func (pubKey PubKeyEd25519) Address() Address
Address is the SHA256-20 of the raw pubkey bytes.
func (PubKeyEd25519) Bytes ¶
func (pubKey PubKeyEd25519) Bytes() []byte
func (PubKeyEd25519) Equals ¶
func (pubKey PubKeyEd25519) Equals(other PubKey) bool
func (PubKeyEd25519) String ¶
func (pubKey PubKeyEd25519) String() string
func (PubKeyEd25519) ToCurve25519 ¶
func (pubKey PubKeyEd25519) ToCurve25519() *[32]byte
For use with golang/crypto/nacl/box If error, returns nil.
func (PubKeyEd25519) VerifyBytes ¶
func (pubKey PubKeyEd25519) VerifyBytes(msg []byte, sig_ Signature) bool
type PubKeySecp256k1 ¶
type PubKeySecp256k1 [33]byte
Implements PubKey. Compressed pubkey (just the x-cord), prefixed with 0x02 or 0x03, depending on the y-cord.
func (PubKeySecp256k1) Address ¶
func (pubKey PubKeySecp256k1) Address() Address
Implements Bitcoin style addresses: RIPEMD160(SHA256(pubkey))
func (PubKeySecp256k1) Bytes ¶
func (pubKey PubKeySecp256k1) Bytes() []byte
func (PubKeySecp256k1) Equals ¶
func (pubKey PubKeySecp256k1) Equals(other PubKey) bool
func (PubKeySecp256k1) String ¶
func (pubKey PubKeySecp256k1) String() string
func (PubKeySecp256k1) VerifyBytes ¶
func (pubKey PubKeySecp256k1) VerifyBytes(msg []byte, sig_ Signature) bool
type Signature ¶
func SignatureEd25519FromBytes ¶ added in v0.4.0
func SignatureFromBytes ¶
func SignatureSecp256k1FromBytes ¶ added in v0.8.0
type SignatureEd25519 ¶
type SignatureEd25519 [64]byte
Implements Signature
func (SignatureEd25519) Bytes ¶
func (sig SignatureEd25519) Bytes() []byte
func (SignatureEd25519) Equals ¶
func (sig SignatureEd25519) Equals(other Signature) bool
func (SignatureEd25519) IsZero ¶
func (sig SignatureEd25519) IsZero() bool
func (SignatureEd25519) String ¶
func (sig SignatureEd25519) String() string
type SignatureSecp256k1 ¶
type SignatureSecp256k1 []byte
Implements Signature
func (SignatureSecp256k1) Bytes ¶
func (sig SignatureSecp256k1) Bytes() []byte
func (SignatureSecp256k1) Equals ¶
func (sig SignatureSecp256k1) Equals(other Signature) bool
func (SignatureSecp256k1) IsZero ¶
func (sig SignatureSecp256k1) IsZero() bool
func (SignatureSecp256k1) String ¶
func (sig SignatureSecp256k1) String() string
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
Package merkle computes a deterministic minimal height Merkle tree hash.
|
Package merkle computes a deterministic minimal height Merkle tree hash. |