func (ks keyStorePassphrase) StoreKey(key *Key, auth string) (err error) {
authArray := []byte(auth)
salt := randentropy.GetEntropyMixed(32)
derivedKey, err := scrypt.Key(authArray, salt, scryptN, scryptr, scryptp, scryptdkLen)
if err != nil {
return err
}
keyBytes := key.PrivateKey
toEncrypt := PKCS7Pad(keyBytes)
AES256Block, err := aes.NewCipher(derivedKey)
if err != nil {
return err
}
gcm, err := cipher.NewGCM(AES256Block)
if err != nil {
return err
}
// XXX: a GCM nonce may only be used once per key ever!
nonce := randentropy.GetEntropyMixed(gcm.NonceSize())
// (dst, nonce, plaintext, extradata)
cipherText := gcm.Seal(nil, nonce, toEncrypt, nil)
cipherStruct := cipherJSON{
salt,
nonce,
cipherText,
}
keyStruct := encryptedKeyJSON{
key.Id,
key.Type.String(),
strings.ToUpper(hex.EncodeToString(key.Address)),
cipherStruct,
}
keyJSON, err := json.Marshal(keyStruct)
if err != nil {
return err
}
return WriteKeyFile(key.Address, ks.keysDirPath, keyJSON)
}
func newKeyEd25519(addrType AddrType) *Key {
randBytes := randentropy.GetEntropyMixed(32)
key, _ := keyFromPrivEd25519(addrType, randBytes)
return key
}
