// EncryptFileContentsWithStrings is an entry point that largely defines "normal"
// miniLock behaviour. If sendToSender is true, then the sender's ID is added to recipients.
func EncryptFileContentsWithStrings(filename string, fileContents []byte, senderEmail, senderPassphrase string, sendToSender bool, recipientIDs ...string) (miniLockContents []byte, err error) {
var (
senderKey, thisRecipient *taber.Keys
recipientKeyList []*taber.Keys
thisID string
)
senderKey, err = taber.FromEmailAndPassphrase(senderEmail, senderPassphrase)
if err != nil {
return nil, err
}
defer senderKey.Wipe()
if sendToSender {
thisID, err = senderKey.EncodeID()
if err != nil {
return nil, err
}
recipientIDs = append(recipientIDs, thisID)
}
recipientKeyList = make([]*taber.Keys, 0, len(recipientIDs))
// TODO: Randomise iteration here?
for _, thisID = range recipientIDs {
thisRecipient, err = taber.FromID(thisID)
if err != nil {
return nil, err
}
recipientKeyList = append(recipientKeyList, thisRecipient)
}
miniLockContents, err = EncryptFileContents(filename, fileContents, senderKey, recipientKeyList...)
if err != nil {
return nil, err
}
return miniLockContents, nil
}
// DecryptFileContentsWithStrings is the highest-level API for decryption.
// It uses the recipient's email and passphrase to generate their key, attempts
// decryption, and wipes keys when finished.
func DecryptFileContentsWithStrings(fileContents []byte, recipientEmail, recipientPassphrase string) (senderID, filename string, contents []byte, err error) {
var recipientKey *taber.Keys
recipientKey, err = taber.FromEmailAndPassphrase(recipientEmail, recipientPassphrase)
if err != nil {
return
}
defer recipientKey.Wipe()
return DecryptFileContents(fileContents, recipientKey)
}