func Import(password, filename string) (mk *MetaKey, err error) { b64in, err := ioutil.ReadFile(filename) if err != nil { return } in, err := armour.DecodeBase64(b64in) if err != nil { return } salt := in[:hash.SaltLength] in = in[hash.SaltLength:] key := binaryKeyFromDerivedKey( hash.DeriveKeyWithSalt(password, salt)) dec, err := armour.Decrypt(key, in) if err != nil { return } h := dec[:hash.HashLen] dec = dec[hash.HashLen:] if !bytes.Equal(h, hash.New(dec).Digest()) { err = fmt.Errorf("invalid digest") return } buf := bytes.NewBuffer(dec) return Read(buf) }
func decrypt(w http.ResponseWriter, upload *Upload) { salt := upload.Data[:hash.SaltLength] enc := upload.Data[hash.SaltLength:] key := hash.DeriveKeyWithSalt(upload.Password, salt) if key == nil { serverError(w, "failed to generate key") return } dec, err := symmetric.Decrypt(key.Key, enc) if err != nil { serverError(w, "encryption failure: "+err.Error()) return } w.Header().Add("content-type", "application/octet-stream") w.Header().Add("content-disposition", "attachment; filename="+upload.Name) w.Write(dec) }
func decryptFile(inFile, outFile, passphrase string) (err error) { salt := make([]byte, hash.SaltLength) inReader, err := os.Open(inFile) if err != nil { return } defer inReader.Close() outWriter, err := os.Create(outFile) if err != nil { return } defer outWriter.Close() _, err = io.ReadFull(inReader, salt) if err != nil { return } key := hash.DeriveKeyWithSalt(passphrase, salt) err = symmetric.DecryptReader(key.Key, inReader, outWriter) return }