// Decrypt decrypts the passed data. The must be the output of the Encrypt
// function.
func (ck *CryptoKey) Decrypt(in []byte) ([]byte, error) {
if len(in) < NonceSize {
return nil, ErrMalformed
}
var nonce [NonceSize]byte
copy(nonce[:], in[:NonceSize])
blob := in[NonceSize:]
opened, ok := secretbox.Open(nil, blob, &nonce, (*[KeySize]byte)(ck))
if !ok {
return nil, ErrDecryptFailed
}
return opened, nil
}
// FromEncrypted creates a new Manager object from the specified encrypted data
// and passphrase. The actual key used for decryption is derived from the salt,
// which is a part of enc, and the passphrase using PBKDF2.
func FromEncrypted(enc, pass []byte) (*Manager, error) {
if len(enc) < secretbox.Overhead+nonceSize+saltLength {
return nil, errors.New("encrypted data too small")
}
var nonce [nonceSize]byte
copy(nonce[:], enc[:nonceSize])
n := nonceSize
salt := enc[n : n+saltLength]
n += saltLength
contents, success := secretbox.Open(nil, enc[n:], &nonce,
deriveKey(pass, salt))
if !success {
return nil, ErrDecryptionFailed
}
return FromPlaintext(bytes.NewReader(contents))
}
// OpenAfterPrecomputation performs the same actions as Open, but takes a
// shared key as generated by Precompute.
func OpenAfterPrecomputation(out, box []byte, nonce *[24]byte, sharedKey *[32]byte) ([]byte, bool) {
return secretbox.Open(out, box, nonce, sharedKey)
}
// Open authenticates and decrypts a box produced by Seal and appends the
// message to out, which must not overlap box. The output will be Overhead
// bytes smaller than box.
func Open(out, box []byte, nonce *[24]byte, peersPublicKey, privateKey *[32]byte) ([]byte, bool) {
var sharedKey [32]byte
Precompute(&sharedKey, peersPublicKey, privateKey)
return secretbox.Open(out, box, nonce, &sharedKey)
}
