// This is an entry point that largely defines "normal" miniLock behaviour. // If sendToSender is true, then the sender's ID is added to recipients. func EncryptFileContentsWithStrings(filename string, fileContents []byte, senderEmail, senderPassphrase string, sendToSender bool, recipientIDs ...string) (miniLockContents []byte, err error) { var ( senderKey, this_recipient *taber.Keys recipientKeyList []*taber.Keys this_id string ) senderKey, err = taber.FromEmailAndPassphrase(senderEmail, senderPassphrase) if err != nil { return nil, err } if sendToSender { this_id, err = senderKey.EncodeID() if err != nil { return nil, err } recipientIDs = append(recipientIDs, this_id) } recipientKeyList = make([]*taber.Keys, 0, len(recipientIDs)) // TODO: Randomise iteration here? for _, this_id = range recipientIDs { this_recipient, err = taber.FromID(this_id) if err != nil { return nil, err } recipientKeyList = append(recipientKeyList, this_recipient) } miniLockContents, err = EncryptFileContents(filename, fileContents, senderKey, recipientKeyList...) if err != nil { return nil, err } return miniLockContents, nil }
// DecryptFileContentsWithStrings is the highest-level API for decryption. // It uses the recipient's email and passphrase to generate their key, attempts // decryption, and wipes keys when finished. func DecryptFileContentsWithStrings(fileContents []byte, recipientEmail, recipientPassphrase string) (senderID, filename string, contents []byte, err error) { var recipientKey *taber.Keys recipientKey, err = taber.FromEmailAndPassphrase(recipientEmail, recipientPassphrase) if err != nil { return } defer recipientKey.Wipe() return DecryptFileContents(fileContents, recipientKey) }
// Generate a key from an email address and passphrase, consistent // with the miniLock algorithm. Passphrase is *not* currently checked // for strength so it is, at present, the caller's responsibility to // provide passphrases that don't suck! func GenerateKey(email string, passphrase string) (*taber.Keys, error) { return taber.FromEmailAndPassphrase(email, passphrase) }
// Because of the work involved creating keys, they shouldn't be made within // test cases as they wildly skew the time required. func init() { testKey1, _ = taber.FromEmailAndPassphrase("*****@*****.**", "this is a password that totally works for minilock purposes") testKey2, _ = taber.FromEmailAndPassphrase("*****@*****.**", "whatever I write won't be good enough for the NSA") }