Example #1
// DecryptFile - Given a ciphertext, walk it into length prefixed chunks and decrypt/reassemble
// each chunk, then validate the hash of the file against the hash given in FileInfo.
// The result is a validated, decrypted filename and file contents byte-slice.
func (fi *FileInfo) DecryptFile(ciphertext []byte) (filename string, contents []byte, err error) {
	var (
		hash [32]byte
		DI   taber.DecryptInfo
	hash = blake2s.Sum256(ciphertext)
	if !bytes.Equal(fi.FileHash, hash[:]) {
		return "", nil, ErrCTHashMismatch
	DI = taber.DecryptInfo{Key: fi.FileKey, BaseNonce: fi.FileNonce}
	return DI.Decrypt(ciphertext)
Example #2
// Separated from the above for testing purposes; deterministic ciphertext.
func encryptFileToFileInfo(DI *taber.DecryptInfo, filename string, filecontents []byte) (FI *FileInfo, ciphertext []byte, err error) {
	var hash [32]byte
	ciphertext, err = DI.Encrypt(filename, filecontents)
	if err != nil {
		return nil, nil, err
	hash = blake2s.Sum256(ciphertext)
	FI = new(FileInfo)
	FI.FileKey = DI.Key
	FI.FileNonce = DI.BaseNonce
	FI.FileHash = hash[:]
	return FI, ciphertext, nil