a modern crypto messaging format

Related tags

saltpack
Overview

saltpack

a modern crypto messaging format

https://saltpack.org/

Build Status Coverage Status GoDoc

saltpack is a streamlined, modern solution, designed with simplicity in mind. It is easy to implement & integrate. We've made few crypto decisions and instead leave almost all of the heavy lifting to the NaCl library.

saltpack is a binary message format, encoded using the MessagePack format. Messages are broken up into reasonable (1MB) chunks, over which regular NaCl operations are performed. We have taken pains to address many of the shortcomings of current message formats: (1) only authenticated data is output; (2) repudiable authentication is used wherever possible; (3) chunks cannot be reordered or combined with other transmissions; (4) the public keys of senders and recipients can be hidden; and (5) message truncation is detectable.

Visually speaking, a saltpack ASCII output looks a lot like PGP's.

saltpack

BEGIN SALTPACK SIGNED MESSAGE. kXR7VktZdyH7rvq v5wcIkHbs7XwHpb
nPtLcF6vE5yY63t aHF62jiEC1zHGqD inx5YqK0nf5W9Lp TvUmM2zBwxgd3Nw
kvzZ96W7ZfDdTVg F5Y99c2l5EsCy1I xVNl0nY1TP25vsX 2cRXXPUrM2UKtWq
UK2HG2ifBSOED4w xArcORHfFeiEZxF CqestMqLSCCE6lT HFcdvt1QX9JjmWL
o5AAqPiECnoHiSA bPHhz2JnSCyDIOz ZET1BWzttbMDL4N pcyQLmsGqYpxhG6
uvdBxdt55w9xQvQ hDPuOsKF05Hsml6 z7h9TS2msJcNwtz vxGIQR7sbB19UOt
boM1hlolmMB3loP 0KexlROFBTDC6MR nBvd9sZUxA8Z7i5 a6Dk5yFU3WEYQAo
DqqjXcp0yBoHO5O KEMqkZlyMf1PKiB 2n9wE6jwxAN1xws ccthT6X3iRYk0Br
gHW6QRXzAHLy6Ib LgY6b3UcQAoDo8b XyaExxinVuM5Ftk 75BJOWoyLGFhZS7
EfKR8jQQexvyjDM rJLxYtjvaLX7joS 2q1VcUlqGfZDhAa 4vxJQAyu57beOux
oobLhI47iZf9bxK PmYrVQ5PsC6pY1J KTQQexvlvp2yicx K4su2AFCjihbzNI
yZgKM4NHN1KZapS O3iB9SlhVfTfFcR FoQoSViTkbtDtTt 6I0jrTRHkv9XVQQ
eeeuzR7qYu1Grm3 zDPyj7JgK2mDidw HchOZnfOn59QLnM nH7ErnPRXgHuWHG
DBidjQPakJHuWsk 2ftpIyZd2NLYEFS Mqcbo6QeCdk7LA1 uobl4NXzpvi8amO
Pe8xAl1OzUCoD34 MbCwtTAe1JNymvs okufV8lHU0jVnbj u4no9QB9aP2Wkjx
PfeqIH2fEtOjmFP gPMhGWslkU0M7FL QP77gPHbgjPLSD8 yIRTrbgzpAPut5R
QhIdqVlHbUOa9sI v7gSqOi0GbUlhSM 183LxZI8pIlvgn9 Ms1WNzt5Xkv0W1Q
Qf419ZmuQVPQDOk 0hffDmUk71TlfVx XZCF3voC2ysgl3g YdLz4rDRzMJgd2m
01HIbfdsoZpAMty O27WtUNRLV1iyC9 tK5ApCyekI4nWcf 2OvTHnC8ma7bloW
XAG. END SALTPACK SIGNED MESSAGE.

PGP

-----BEGIN PGP MESSAGE-----
Comment: GPGTools - https://gpgtools.org

owEBUAKv/ZANAwAKAdIkQTsc+mSQAcsgYgBWZ0C0SSBhbSBzbyBzaWNrIG9mIHRo
aXMgc2hpdAqJAhwEAAEKAAYFAlZnQLQACgkQ0iRBOxz6ZJBS9Q/+MSfWiOz5OvRt
lHTncX8Ifo7+wSKYH039vEQAUvj+rnEdlBzcJPoHDE1yZxAZT5ek5S+cxQ5bx55K
WRLvw/sAz+OU0OPHSDsqI2LjU6D+s1EvwCISkXoWlMVx5vJsEz2XGlQ8DzgBC2Jy
wPanQf1lUz0c7k0ySdCTdZ0qG1YuaYnCXsS6g/E8E7TIO++2v5EbkgYZl3Io2LcI
C9TqTHdrIc7WGTSFjwq9JIgvwfuShpccNSFQ262gSJh8rUOzzY37q81pKxDnBvEV
TMrQYY0e/JK7KMMcHDSQSeWnMxf4/v5Qex7WI55CW4++qbNvDylDi9fTpkYfXl3B
L8pbBAxMUjcJX4qVVzWcxTwSXYO29Bi4osn2klNyZHnO35kuI9XGziWCGqhVx1MW
ptNHoVjk7/Uo7k39hY0Vjltnl/SqXHq/H7YTRSgLebuhn6zqMbmFXtyHYSHGgAQ4
rcdSBta+I9tmYCnp1GmfeXff2wzsFYPUune2Hve4VghjmeU0x7OWMEl93gpznSwu
NvzyOCqFCyfEmt/R2QCXAkxwPU/Mdsd5vzEHSMkcZgW4CTr+j5YG/C3kMy7UJAGZ
ZzFAh3/Z8fCtfREF3zH48XbNh3dQXNl40bUF/AgPvLqPf35L7TCchcUAC7oiASa/
Ph/Hao4ZzCQDM76Jr/aCUJIbxyc2zco=
=eyef
-----END PGP MESSAGE-----

The changes here are small: we've reduced our characters to base62 plus some period markers, and only at the ends of words. PGP messages often get mangled by different apps, websites, and smart text processors.

Of course, saltpack can output binary, too. Either way, it's what's inside the format that matters. You can read the spec for the details.

Issues
  • Add isFinal flag for encryption V2 packets

    Add isFinal flag for encryption V2 packets

    Also replace stored header in encryptStream with just the version.

    Added tests to make sure truncating a message while leaving the footer alone still produced errors.

    Moved signature calculation in signcryption inside if statement so as to not be misleading.

    opened by akalin-keybase 19
  • Add isFinal flag for signcryption packets

    Add isFinal flag for signcryption packets

    Also pull out signature input computation into its own function.

    opened by akalin-keybase 15
  • Mix ephemeral-static DH output into MAC keys for v2

    Mix ephemeral-static DH output into MAC keys for v2

    Also mix in index into MAC nonce.

    This prevents tampering of previously produced message ciphertexts, even if the sender's private key is compromised.

    opened by akalin-keybase 15
  • Refactor read loops

    Refactor read loops

    Make them read multiple chunks if possible. Also fix a possible infinite loop if the input buffer is zero-length.

    Unify all the check*State functions into one for encoders, and another for decoders.

    Error if an empty block is encountered in V2, except if the entire message is empty.

    Also add comment for assertEndOfStream().

    opened by akalin-keybase 14
  • update the encryption and signing specs to reflect the field order we shipped

    update the encryption and signing specs to reflect the field order we shipped

    The Go msgpack encoder we're using has a counterintuitive order for struct fields when serializing as arrays. We meant to put the final flag at the end, but it's actually at the beginning (though not for signcryption mode). Update the v2 specs to reflect this unfortunate reality.

    r? @mlsteele @akalin-keybase

    opened by oconnor663 12
  • Better handle whitespace in frame

    Better handle whitespace in frame

    frame.go now handles arbitrary amounts and combinations of whitespace in between words in either the header or the footer. It doesn't work with whitespace in the middle of a word (e.g. 'KEY BASE'), so the spec has been updated as we decided we don't want it to do that.

    opened by mpcsh 12
  • Permute receivers (uniformly) randomly

    Permute receivers (uniformly) randomly

    This prevents recipients from being able to infer data about other recipients based on order.

    opened by akalin-keybase 9
  • Fix regex in spec

    Fix regex in spec

    The parentheses were wrong. The or operator | needs to be inside the parentheses.

    By the way, you can visualize regexes on https://www.debuggex.com

    opened by jscissr 8
  • Fix two bugs in basex decoder

    Fix two bugs in basex decoder

    First bug: io.ReadAtLeast drops errors if it reads enough characters.

    Second bug: both io.ReadAtLeast and punctuatedReader (among other) things return io.ErrUnexpectedEOF, so we were dropping errors from the latter.

    The solution to both is to not use io.ReadAtLeast, and instead refill the buffer manually.

    Reenable a test (which was hitting the second bug!).

    Fix a few typos.

    opened by akalin-keybase 7
  • Fix CI

    Fix CI

    null

    opened by akalin-keybase 6
  • saltpack website has invalid saltpack ciphertext example

    saltpack website has invalid saltpack ciphertext example

    The sample cipher text found at the following website is invalid when used in the latest version of the Keybase client for macOS (Version 5.3.0-20200310172631+4f2689009b (5.3.0-20200310172631+4f2689009b)):

    Website:

    https://saltpack.org/in-the-wild

    Ciphertext Sample

    BEGIN KEYBASE SALTPACK ENCRYPTED MESSAGE. ZUHRHckf9VJ6ich bKthcfFYyHcFs9n NI27ndpDFCqUnXj allzG097b3s5NfZ GYqoBPt7GnyCccB i0UhaCcVmbF55ms SYpOCl7tkjUJd40 DO6iR0dJpW60EKj 1K5x2hclL9hZb7V DRObuimxmStmqqs 7yWy26mVOa5Z5RM S7NeocvOyNlgBUp fhsPaNFrYuI3D4H Ku217LIW3V2wniP 7XkayWcyAfH8jWj ETF0WJPn2Aa1aOI Jz5olg5vyxIpofL FIuerimZ6n5qI3p NZr3pfBVjVLbYDO N3VgqUd5r2F85LE vWH3Qg8aK0aFkVw q1ZVVWbOm5ucueX 9RkRpkb2tZOenqu Ik7RAQEbcW5JIlv EFY8c5WjUYMONiM H0DQtdKsdZRjfTm ajt71qa33pffsSE rYDTXFBtGudM9FX SHXAMCGDHVH2sSF yb23QJVJuyGAHuO XpHP06EXRCHj23y GOk77q23cYVd01X 08U6bsPmweu5jvS 7SLTg0OsJpqTsUB NfrZyJ2gSppcPlL bZaTgtoL8U9ZzBV sHKMD5vGiUgb74u llrukVSRcTqk2bO 5wdQ57EmY8IjJSn Lznnv9PhY8xnsTT EVPQcAH0CszKDQN LskpyRGDhsCbuzH 6YSFe2grnjccVAK uvaqEELV4Fnf90s cLxe65hn8918oz6 8BNj30RaMiEJbpq wXfb7vHPfrd1vVe raU4tfG5MZD34s7 xfvLCKSlctVLO7O q1MAgPtT73CGVU8 c4gkvmFWANwUC7g YivwSxNkn5PWiL2 NsaE8UfQDptjGDN hR96GQfuWJ63JTE gGa19OrSzgIErLK IAexacwBNiAXbPb ViAIrl0w6BL4aSa j5p5GZi5PPNlJ2Q OPo67OkcmweyfwE vNGrC7y3PxAemOU GRxeHbQ3FI77C2Y 9OyFG0LT3Qo04iK BVbp0r7xAX0i26O mybjcCqn4eBLKcy 87YiDgQRSa4n2fk c1Q0plK9e2U8rk6 6D0kx3bkxdG8Boy s6kTH9moQzAuKoG yLnoq9cmjCKfrOt 2K4vlJiAqJglyeu rm2lZEHIPW9sELw 06cowGDsmfcGN7h T6j9fbMgNGo9eIs s4YQd5tIKzoWsXl SSPNrVjaNMxtJsI IIjSCrPdjL2oSv6 eHDWXWmPJW6XIBI Ar7ZE8vAFRQSvr8 v9vAB7kALQpHdMv SiRbM1bQ6or7r0l P2QHXfA2lRykA9y 6kX8n0CCWZPO8Qo V4mhJCSF3snj9RK kwZosJw2AyvqDLs OAZ8OPdyYGx3FTg 7PaOijY9fQxcBVM 3omDhcawPWdA7jN 3ZQMvd9FKwIbu7H sF1YJixcN6OLzCp tbCKIi7xwUK0oGw XrO7QaFsHYEXNg9 RbMpaYtGfewhkUj 6LFRs9zfq8K13ni dV8d6V8eApAmgTp 8x3DtGdazE8F0ZG cSAwjiKLJVzYmpj jUiWtx0xcx0J6Hn VeSxuHKKYa7NASA BBzX454HGK3OXvt hPJua8eygXO9Ucp 2nNT12FOfkozrYM M4CkXaBQzYMkYzY sGO1c2plDJaEbV9 9guG5XJg3iJO23K CB7WtsJypxmkMoy eQYuNQMlKk4MU8b NuZhauMnqqQQfNG 1tJLhLyzyHfkBBL rnQo9cstcFLZAd0 md5lpy0X. END KEYBASE SALTPACK ENCRYPTED MESSAGE.
    

    Error Message in macOS client Decrypt tab:

    This ciphertext is not in a valid Saltpack format. Please enter Saltpack ciphertext.
    

    It was expected that the client would say the following for a message encrypted to max that I don't have the key for:

    Your message couldn't be decrypted, because no suitable key was found.
    
    opened by grempe 0
  • Spaces should be allowed in brands

    Spaces should be allowed in brands

    ... or user should not be allowed to generate unparseable messages.

    	smsg, err := saltpack.SignArmor62(
    		saltpack.CurrentVersion(),
    		[]byte("message here"),
    		secretKey,
    		"TWO PART",
    	)
    	if err != nil {
    		panic(err)
    	}
    
    	skey, msg, brand, err := saltpack.Dearmor62Verify(
    		saltpack.CheckKnownMajorVersion,
    		smsg,
    		kr,
    	)
    	if err != nil {
    		panic(err) // will panic here, unable to parse the header
    	}
    
    opened by pzduniak 0
  • How does this compare with D.A.R.E?

    How does this compare with D.A.R.E?

    https://github.com/minio/sio (D.A.R.E. v2) seems very similar to NaCL providing an stream of GCM encrypted chunks + Salsa20 and Poly1305. It looks like this project improves on the "Armor" / display part of things for binary chunks.

    opened by Xeoncross 0
  • Is saltpack suitable for low size messages in a streaming like environment?

    Is saltpack suitable for low size messages in a streaming like environment?

    I was looking for an encrypted messagepack library and found this project. My goal is to add encryption to a location based app which uses websockets to stream in real time the position of its users. As such, I would expect to send less than 100bytes per user every 5 or 10 seconds at most, which is far away from the readme description of breaking up messages in sizes of 1MB sizes.

    Is there anything bad in saltpack for short messages? Will each of them pad to 1MB chunks of gibberish or this is this sentence just aimed at developers willing to implement multimedia communications (sending pictures, audio, video, which weight much more)?

    opened by gradha 1
  • saltpack.org makes it difficult to understand how to decrypt messages

    saltpack.org makes it difficult to understand how to decrypt messages

    My friend send me a message on Slack with a BEGIN KEYBASE SALTPACK ENCRYPTED MESSAGE prelude. I typed this phrase into Google, landed on saltpack.org and have been trying to figure out how to decrypt the message.

    I've scanned the sidebar, read the intro, read the homepage, read https://saltpack.org/signing-format, read https://saltpack.org/implementations. I ran go get github.com/keybase/saltpack and expected to find a saltpack binary on my $PATH - I could then call saltpack -h and maybe learn about decryption options, but that also failed. I'd rather not write a Go main function to decrypt the message.

    I expected to find something like this:

    Decrypting messages with Saltpack

    To decrypt messages, save the encrypted message to a file, then run keybase decrypt foo.bar or call saltpack decrypt file.name

    or whatever other instructions I need.

    Or a list item in the sidebar that says "decrypting messages", or something.

    opened by kevinburke 8
Owner
Keybase
Crypto for everyone!
Keybase
A document encryption solution for the reMarkable 2 ePaper tablet.

Remarkable 2 Encryption This repository contains multiple tools to encrypt the home folder of the reMarkable 2 epaper tablet using gocryptfs. Detailed

RedTeam Pentesting GmbH 16 Jun 26, 2021
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Cossack Labs 1.3k Jul 23, 2021
a modern crypto messaging format

saltpack a modern crypto messaging format https://saltpack.org/ saltpack is a streamlined, modern solution, designed with simplicity in mind. It is ea

Keybase 907 Jul 9, 2021
DERO: Secure, Anonymous Blockchain with Smart Contracts. Subscribe to Dero announcements by sending mail to [email protected] with subject: subscribe announcements

Welcome to the Dero Project DERO News Forum Wiki Explorer Source Twitter Discord Github Stats WebWallet Medium Table of Contents ABOUT DERO PROJECT DE

null 231 Jul 13, 2021
DERO Homomorphic Encryption Blockchain Protocol

Homomorphic encryption is a form of encryption allowing one to perform calculations on encrypted data without decrypting it first. The result of the computation is in an encrypted form, when decrypted the output is the same as if the operations had been performed on the unencrypted data.

null 30 Jul 25, 2021
Accelerate aggregated MD5 hashing performance up to 8x for AVX512 and 4x for AVX2.

Accelerate aggregated MD5 hashing performance up to 8x for AVX512 and 4x for AVX2. Useful for server applications that need to compute many MD5 sums in parallel.

High Performance, Kubernetes Native Object Storage 78 May 17, 2021
Pure Go implementation of the NaCL set of API's

go-nacl This is a pure Go implementation of the API's available in NaCL: https://nacl.cr.yp.to. Compared with the implementation in golang.org/x/crypt

Kevin Burke 507 Jun 25, 2021
An implementation of JOSE standards (JWE, JWS, JWT) in Go

Go JOSE Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. This includes support for JSO

Square 1.8k Jul 23, 2021
Pure Go Kerberos library for clients and services

gokrb5 It is recommended to use the latest version: Development will be focused on the latest major version. New features will only be targeted at thi

Jonathan Turner 515 Jul 16, 2021
Go implementation of the Data At Rest Encryption (DARE) format.

Secure IO Go implementation of the Data At Rest Encryption (DARE) format. Introduction It is a common problem to store data securely - especially on u

Object Storage for the Era of the Hybrid Cloud 264 Jul 20, 2021
A command line Crypto-currency ticker made using golang and WazirX Api

░█████╗░██████╗░██╗░░░██╗██████╗░████████╗███████╗██╗░░██╗ ██╔══██╗██╔══██╗╚██╗░██╔╝██╔══██╗╚══██╔══╝██╔════╝╚██╗██╔╝ ██║░░╚═╝██████╔╝░╚████╔╝░██████╔

Aditya Das 3 Apr 18, 2021
Encryption Abstraction Layer and Utilities for ratnet

What is Bencrypt? Bencrypt is an abstraction layer for cryptosystems in Go, that lets applications use hybrid cryptosystems without being coupled to t

null 15 Jun 11, 2021
fastrand implements a cryptographically secure pseudorandom number generator.

10x faster than crypto/rand. Uses securely allocated memory. The generator is seeded using the system's default entropy source, and thereafter produces random values via repeated hashing. As a result, fastrand can generate randomness much faster than crypto/rand, and generation cannot fail beyond a potential panic during init().

Awn 147 Jun 29, 2021
A convenience library for generating, comparing and inspecting password hashes using the scrypt KDF in Go 🔑

simple-scrypt simple-scrypt provides a convenience wrapper around Go's existing scrypt package that makes it easier to securely derive strong keys ("h

Matt Silverlock 172 Jul 12, 2021