Port of Google's Keyczar cryptography library to Go

Overview

Important note: Keyczar is deprecated. The Keyczar developers recommend Tink.


This is a port of Google's Keyczar library to Go.

Copyright (c) 2011 Damian Gryski [email protected] This code is licensed under the Apache License, version 2.0

You can learn more about the Keyczar library at http://www.keyczar.org/

The library supports:

  • AES+HMAC for symmetric encryption
  • HMAC for symmetric signing
  • RSA for asymmetric encryption or signing
  • DSA for asymmetric signing
  • Session encryption using AES+HMAC

It has a simple API with sensible defaults for the cryptographic algorithms. All output is encoded in web-safe base64.

See the godoc for usage information. This documentation is also viewable online at: http://godoc.org/github.com/dgryski/dkeyczar

To pull in testdata for unit tests run git submodule init

Build Status

Comments
  • Replace decommissioned code.google.com reference

    Replace decommissioned code.google.com reference

    code.google.com has been turned down -- and the https://code.google.com/r/jtuley-keyczar-testdata/ repo is no longer accessible.

    That repo was migrated to https://github.com/jbtule/keyczar-testdata

    Update this project's .gitmodules to reference the new github endpoint for the test data.

    opened by mikegrass 4
  • Panic (nil map of keymanager)

    Panic (nil map of keymanager)

    When executing:

    package main
    
    import (
        "fmt"
    
        "github.com/dgryski/dkeyczar"
    )
    
    func main() {
        km := dkeyczar.NewKeyManager()
        err := km.Create("randomname", dkeyczar.P_DECRYPT_AND_ENCRYPT, dkeyczar.T_RSA_PRIV)
        if err != nil {
            panic(err)
        }
        //Need to go back again to fix problem
        err = km.AddKey(1024, dkeyczar.S_PRIMARY)
        if err != nil {
            panic(err)
        }
        fmt.Println(km.ToJSONs(nil))
    }
    

    it panics with:

    panic: runtime error: assignment to entry in nil map
    
    goroutine 1 [running]:
    runtime.panic(0x53da00, 0x6e963d)
        /usr/lib/go/src/pkg/runtime/panic.c:266 +0xb6
    github.com/dgryski/dkeyczar.(*keyManager).AddKey(0xc210000070, 0x1000, 0x0, 0x0, 0x4)
        /home/acasajus/Devel/gospace/src/github.com/dgryski/dkeyczar/keyman.go:116 +0x21a
    main.main()
        /home/acasajus/Devel/gospace/src/test/tet.go:16 +0xe7
    exit status 2
    

    The m.kz.keys map is not initialized when creating the keymap. What is the proper way to use it? Can this be fixed plz?

    BTW is there an easy way to export/import a keymanager to JSON? or should I implement it myself in my code?

    opened by acasajus 4
  • Continuous Integration for testing

    Continuous Integration for testing

    I added support to the C# version with the free travis-ci

    https://travis-ci.org/jbtule/keyczar-dotnet

    It's pretty sweet, will automatically build and test pull requests too.

    Go is an officiallly supported language for travis-ci so it should be easier than my C#. http://about.travis-ci.org/docs/user/languages/go/

    opened by jbtule 4
  • request: fully functional keyczartool for Go

    request: fully functional keyczartool for Go

    I've been working on trying to produce keyczar data across implementations. Right now for every command except "usekey", java, python, c++, c# work identically flag wise. I have three scripts here java, python, c# that produce keyset and ciphertext data across platforms, and the c++ works too just not for creating ciphertext data (it lacks "usekey") https://gist.github.com/4519944

    I also have unit tests in C# and python that test against this data from each platform. https://github.com/jbtule/keyczar-dotnet/tree/master/dotnet/Keyczar/KeyczarTest/Interop http://code.google.com/r/jtuley-keyczar-python-interop-unittests/source/browse/python/tests/keyczar_tests/interop_test.py

    For reference C# KeyczarTool usage manual, most complete i think of any of them, but does have unofficial extras too: https://github.com/jbtule/keyczar-dotnet/wiki/KeyczarTool

    opened by jbtule 4
  • keyczar: key not found - only on production

    keyczar: key not found - only on production

    Hi,

    At work we use the java keyczar library to encrypt and decrypt data, we use the AES cypher. During development, we have a dummy meta and key and I was able to use this library to decrypt text that was encrypted with the java library (the web app is actually in Scala).

    Then I moved the Go code to production, where we fetch the encryption key from a key server (so I had to write a separate KeyReader that knew how to fetch the meta and key values from our key server)

    Now text that is encrypted on the web app using Scala/java is not decrypted by Go, I get the error key not found.

    I was able to track it down to:

    https://github.com/dgryski/dkeyczar/blob/05c8ea381e02781927d6c633076910b86c6ce770/keyczar.go#L1004

    this line

    lookup.getKeyForID(b[1:5])

    which is then converted with binary.BigEndian.Uint32

    returns a value like

    2829747566 but the stored in memory keyID is 2628606745

    Now, I have no idea why in dev mode locally I can decrypt data (and the lookup.getKeyForID gives the right value ) but it fails on the web app.

    Any hints?

    Thanks!

    opened by fmpwizard 2
  • Added key collision support and preload key hash

    Added key collision support and preload key hash

    Although key collisions are highly unlikely, having support for the collisions is a more ideal implementation, and is implemented in the c#, java, and python versions.

    Preloaded map against key hashes like other implementations of keyczar so that there is a constant time look up.

    opened by jbtule 2
  • meaning of

    meaning of "keyczar: key not found" ?

    I'm trying dkeyczar out. Thanks so much for creating it!

    I'm getting "keyczar: key not found" errors that originate on line 899 of keyczar. It appears that my keys are loaded, so why would I be getting this? Its so vague that I'm not sure where to start looking.

    Thanks!

    Jason

    func (kz *keyCzar) getKeyForID(id []byte) ([]keydata, error) {
    
        kl, ok := kz.idkeys[binary.BigEndian.Uint32(id)]
    
        if !ok || len(kl) == 0 {
    =>      return kl, ErrKeyNotFound    // keyczar.go:line 899
        }
    
        return kl, nil
    }
    
    opened by glycerine 1
  • Interop Test for Timeout Signer, Signed Session Encrypter and Decrypter

    Interop Test for Timeout Signer, Signed Session Encrypter and Decrypter

    Take some time to review these changes. I'm still new to go, so I might not have gone about it the ideal way, but the unit tests are there now, so it should be easy to refactor.

    opened by jbtule 1
  • Continous Integration + Interop Tests (on java, python, c#) + Attached Signature fix

    Continous Integration + Interop Tests (on java, python, c#) + Attached Signature fix

    Instead of an environment variable for test data, pulling in a git submodule of testdata, allowed configuring for travis-ci support.

    Added suite of unit tests against java, python, c# data, but had to skip TimeoutVerifier tests as I didn't know a good way to swap out the current time.

    Fixed an issue found by the tests, in which a nil nonce doesn't produce the attached signature corretly

    http://code.google.com/p/keyczar/source/browse/java/code/src/org/keyczar/Signer.java#223

        // Attached signature signs:
        // [blob | hidden.length | hidden | format] or [blob | 0 | format]
        byte[] hiddenPlusLength = Util.fromInt(0);
        if (hidden.length > 0) {
            hiddenPlusLength = Util.lenPrefix(hidden);
        }
    
    opened by jbtule 1
  • Added encrypters/decrypters via io.Reader and io.Writer interfaces + reordering

    Added encrypters/decrypters via io.Reader and io.Writer interfaces + reordering

    Added EncryptWriter and DecryptReader methods that allow to encrypt/decrypt large chunks of data without using lots of mem.

    Also added some reordering.

    opened by acasajus 0
Owner
Damian Gryski
Gopher
Damian Gryski
mercuryPQCrypto is a go post quantum cryptography (PQC) algorithms lib for studying the pqc migration and application adaptation.

mercuryPQCrypto-README 1 mercuryPQCrypto: Mercury Cryptography Project mercuryPQCrypto is a cryptography project conducted by Chongqing University, Ch

buyobuyo 7 Dec 5, 2022
This library generate a new tlsconfig usable within go standard library configured with a self-signed certificate generated on the fly

sslcert This library generate a new tlsconfig usable within go standard library configured with a self-signed certificate generated on the fly. Exampl

ProjectDiscovery 7 Dec 17, 2022
This library aims to make it easier to interact with Ethereum through de Go programming language by adding a layer of abstraction through a new client on top of the go-ethereum library.

Simple ethereum client Simple ethereum client aims to make it easier for the developers to interact with Ethereum through a new layer of abstraction t

Jero 3 May 1, 2022
whirlpool cryptographic hashing library

whirlpool.go A whirlpool hashing library for go Build status Setup $ go get github.com/jzelinskie/whirlpool Example package main import ( "fmt" "

Jimmy Zelinskie 23 Oct 12, 2022
Golang Library for automatic LetsEncrypt SSL Certificates

Obtains certificates automatically, and manages renewal and hot reload for your Golang application. It uses the LEGO Library to perform ACME challenges, and the mkcert utility to generate self-signed trusted certificates for local development.

Foomo web framework 183 Dec 23, 2022
Pure Go Kerberos library for clients and services

gokrb5 It is recommended to use the latest version: Development will be focused on the latest major version. New features will only be targeted at thi

Jonathan Turner 621 Dec 13, 2022
:key: Idiotproof golang password validation library inspired by Python's passlib

passlib for go 100% modules-free. Python's passlib is quite an amazing library. I'm not sure there's a password library in existence with more thought

Hugo Landau 278 Dec 19, 2022
A convenience library for generating, comparing and inspecting password hashes using the scrypt KDF in Go 🔑

simple-scrypt simple-scrypt provides a convenience wrapper around Go's existing scrypt package that makes it easier to securely derive strong keys ("h

Matt Silverlock 183 Dec 22, 2022
A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.

A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.

Filippo Valsorda 12.6k Jan 7, 2023
Easy to use encryption library for Go

encryptedbox EncryptedBox is an easy to use module for Go that can encrypt or sign any type of data. It is especially useful when you must serialize y

Jesse Swidler 17 Jul 20, 2022
Pure Go GOST cryptographic functions library.

Pure Go GOST cryptographic functions library. GOST is GOvernment STandard of Russian Federation (and Soviet Union). GOST 28147-89 (RFC 5830) block cip

Pedro Albanese 3 Aug 10, 2022
A Golang cryptocurrency trading API & Library. Support Binance, BitMEX, Deribit, Bybit, Huobi DM, OKEX Futures and more.

CREX 中文 | English CREX 是一个用Golang语言开发的量化交易库。支持tick级别数字币期货平台的回测和实盘。实盘与回测无缝切换,无需更改代码。 回测 示例 @backtest 交易结果 开源策略 https://github.com/coinrust/trading-stra

Paranoid 4 Nov 18, 2022
A Go library to create hashes with a builtin expiration

ExpiringLink This is a simple library for creating unique strings that have a built in expiration. The target use case is web links for password reset

Bill Moran 5 Mar 3, 2022
Ethermint is a scalable and interoperable Ethereum library, built on Proof-of-Stake with fast-finality using the Cosmos SDK.

Ethermint Ethermint is a scalable and interoperable Ethereum library, built on Proof-of-Stake with fast-finality using the Cosmos SDK which runs on to

Tharsis 1.7k Jan 3, 2023
The go-to Bitcoin Node (BN) Go library.

go-bitcoin Go wrapper for bitcoin RPC RPC services Start by creating a connection to a bitcoin node b, err := New("rcp host", rpc port, "rpc usernam

null 3 Feb 13, 2022
A golang library to use aes encrypt easier.

Aes a golang library to use aes encrypt easier. Install go get github.com/hanson/aes Document import import github.com/hanson/aes CBC orig := "hello

null 12 Dec 8, 2022
Simple aio library to download Spanish electricity hourly prices (PVPC) from esios.ree.es

aiopvpc Simple aio library to download Spanish electricity hourly prices. Made to support the pvpc_hourly_pricing HomeAssistant integration. Install I

Eugenio Panadero 30 Nov 23, 2022
OpenZeppelin Contracts is a library for secure smart contract development.

A library for secure smart contract development. Build on a solid foundation of community-vetted code. Implementations of standards like ERC20 and ERC

OpenZeppelin 21k Jan 5, 2023
Asu-go2js - Asu is a library to work with subtitles on ASS format.

asu-go2js Asu is a library to work with subtitles on ASS format. asu-go2js is a port of Asu (originally for .NET) written in Go and compiled to JavaSc

Eduardo Hinojosa (Frost) 0 Jan 8, 2022