- package cryptostore
-
- import (
- "github.com/pkg/errors"
- crypto "github.com/tendermint/go-crypto"
- )
-
- var (
- // SecretBox uses the algorithm from NaCL to store secrets securely
- SecretBox Encoder = secretbox{}
- // Noop doesn't do any encryption, should only be used in test code
- Noop Encoder = noop{}
- )
-
- // Encoder is used to encrypt any key with a passphrase for storage.
- //
- // This should use a well-designed symetric encryption algorithm
- type Encoder interface {
- Encrypt(key crypto.PrivKey, pass string) ([]byte, error)
- Decrypt(data []byte, pass string) (crypto.PrivKey, error)
- }
-
- func secret(passphrase string) []byte {
- // TODO: Sha256(Bcrypt(passphrase))
- return crypto.Sha256([]byte(passphrase))
- }
-
- type secretbox struct{}
-
- func (e secretbox) Encrypt(key crypto.PrivKey, pass string) ([]byte, error) {
- if pass == "" {
- return key.Bytes(), nil
- }
- s := secret(pass)
- cipher := crypto.EncryptSymmetric(key.Bytes(), s)
- return cipher, nil
- }
-
- func (e secretbox) Decrypt(data []byte, pass string) (key crypto.PrivKey, err error) {
- private := data
- if pass != "" {
- s := secret(pass)
- private, err = crypto.DecryptSymmetric(data, s)
- if err != nil {
- return crypto.PrivKey{}, errors.Wrap(err, "Invalid Passphrase")
- }
- }
- key, err = crypto.PrivKeyFromBytes(private)
- return key, errors.Wrap(err, "Invalid Passphrase")
- }
-
- type noop struct{}
-
- func (n noop) Encrypt(key crypto.PrivKey, pass string) ([]byte, error) {
- return key.Bytes(), nil
- }
-
- func (n noop) Decrypt(data []byte, pass string) (crypto.PrivKey, error) {
- return crypto.PrivKeyFromBytes(data)
- }
|