# README
Rome
The Elliptic and Edward Curve cryptography library built for multi-curve use. Unified crypto interface for ECDSA, EdDSA, ECIES and ECDH. A high level library which gives you the control: specify curve, KDFs or hash functions, ciphers etc.
Go Version: >= 18.0
Test Coverage: 80.0%
Implemented Curves & Features
| Curve | Type | Sign | Verify | Encrypt | DH |
|---|---|---|---|---|---|
| Nist P-521 | Elliptic Curve | ✔ | ✔ | ✔ | ✔ |
| Nist P-384 | Elliptic Curve | ✔ | ✔ | ✔ | ✔ |
| Nist P-256 | Elliptic Curve | ✔ | ✔ | ✔ | ✔ |
| Nist P-224 | Elliptic Curve | ✔ | ✔ | ✔ | ✔ |
| Brainpool P160r1 | Elliptic Curve | ✔ | ✔ | ✔ | ✔ |
| Brainpool P160t1 | Elliptic Curve | ✔ | ✔ | ✔ | ✔ |
| Brainpool P192r1 | Elliptic Curve | ✔ | ✔ | ✔ | ✔ |
| Brainpool P192t1 | Elliptic Curve | ✔ | ✔ | ✔ | ✔ |
| Brainpool P224r1 | Elliptic Curve | ✔ | ✔ | ✔ | ✔ |
| Brainpool P224t1 | Elliptic Curve | ✔ | ✔ | ✔ | ✔ |
| Brainpool P256r1 | Elliptic Curve | ✔ | ✔ | ✔ | ✔ |
| Brainpool P256t1 | Elliptic Curve | ✔ | ✔ | ✔ | ✔ |
| Brainpool P320r1 | Elliptic Curve | ✔ | ✔ | ✔ | ✔ |
| Brainpool P320t1 | Elliptic Curve | ✔ | ✔ | ✔ | ✔ |
| Brainpool P384r1 | Elliptic Curve | ✔ | ✔ | ✔ | ✔ |
| Brainpool P384t1 | Elliptic Curve | ✔ | ✔ | ✔ | ✔ |
| Brainpool P512r1 | Elliptic Curve | ✔ | ✔ | ✔ | ✔ |
| Brainpool P512t1 | Elliptic Curve | ✔ | ✔ | ✔ | ✔ |
| Ed25519 | Edwards Curve | ✔ | ✔ | n/a | n/a |
| Ed448 | Edwards Curve | ✔ | ✔ | n/a | n/a |
| x25519/Curve25519 | Elliptic Curve | ✖ | ✖ | ✖ | ✖ |
| x448 Goldilocks | Elliptic Curve | ✖ | ✖ | ✖ | ✖ |
Features
- Generate key
- Export (Public, Private) PEM and ASN.1 DER bytes
- Import (Public, Private) PEM and ASN.1 DER bytes
- Sign (ASN.1 format)
- Verify
- Elliptic Curve Diffie Hellman (ECDH)
- Encrypt (ECIES: AES_GCM 128 & 256 bit)
- Decrypt
- Retrieve Points
Ciphers
| Cipher | Authenticated |
|---|---|
| AES_GCM | ✔ |
| ChaCha20 | ✖ |
| ChaCha20_SHA256 | ✔ |
| ChaCha20_SHA512 | ✔ |
| ChaCha20_Poly1305 | ✔ |
| Salsa20 | ✖ |
Curves
- nist P-521
- nist P-384
- nist P-256
- nist P-224
- Ed25519
- Ed448
- Brainpool P160t1
- Brainpool P192r1
- Brainpool P192t1
- Brainpool P224r1
- Brainpool P224t1
- Brainpool P256r1
- Brainpool P256t1
- Brainpool P320r1
- Brainpool P320t1
- Brainpool P384r1
- Brainpool P384t1
- Brainpool P512r1
- Brainpool P512t1
Todo
- Maybe RSA (support not just ECC)
- secp256k1
- saltpack
- Encrypt private key option
- Convert keys to SSH keys
Encrypt (ECIES)
Rome supports ECIES for elliptic curves allowing you to encrypt to a public key. Encryption can be customised with cipher options: AES_256_GCM (more coming soon) and customise KDFs used for shared secret generation (ECDH). Supporting the hash.Hash interface you can use your favourite algorithm. It's even possible to use Argon2 as a KDF.
Encrypt example with AES_256_GCM_SHA256:
package main
import (
"crypto/sha256"
"fmt"
"os"
"github.com/go-compile/rome"
"github.com/go-compile/rome/p256"
)
func main() {
// Generate a nist P256 Elliptic Curve
k, err := p256.Generate()
if err != nil {
panic(err)
}
pub := k.Public()
msg := []byte("Secret message.")
// encrypt message using AES256_GCM with SHA256 and a 98bit nonce
ciphertext, err := pub.Encrypt(msg, rome.CipherAES_GCM, sha256.New())
if err != nil {
panic(err)
}
fmt.Printf("%X\n", ciphertext)
}
Install
go get -u github.com/go-compile/rome
Examples
Full code examples can be found ./examples/
package main
import (
"fmt"
"github.com/go-compile/rome"
"github.com/go-compile/rome/p256"
)
func main() {
// Generate a nist P256 Elliptic Curve
k, err := p256.Generate()
if err != nil {
panic(err)
}
printKey("P256", k)
}
func printKey(name string, k rome.PrivateKey) {
// Format private key using PEM and ASN.1 DER bytes
private, err := k.Private()
if err != nil {
panic(err)
}
public, err := k.Public().Key()
if err != nil {
panic(err)
}
fmt.Printf("%s:\n Private:\n%s\n Public:\n%s\n",
name, string(private), string(public))
}
Output:
P256:
Private:
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIATPRwGmsr81mgiH1Tf+yntyUcj0m9Ta3UsaWrgPjZtKoAoGCCqGSM49
AwEHoUQDQgAENjGsmnjl4dXbRur5AfzlDxq6Bp0BQafwM7DJdhSv1yUNRF3+oDsw
mZ9MD9z6VjjBh8REN6e0SDIM/IJCZL84DA==
-----END EC PRIVATE KEY-----
Public:
-----BEGIN EC PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENjGsmnjl4dXbRur5AfzlDxq6Bp0B
QafwM7DJdhSv1yUNRF3+oDswmZ9MD9z6VjjBh8REN6e0SDIM/IJCZL84DA==
-----END EC PUBLIC KEY-----
# Packages
Package argon2 provides argon2id hash function which satisfies the hash.Hash interface
*/.
Package brainpool provides generator functions for Brainpool Elliptic Curves
*/.
Package derbytes is a slimmed down fork of crypto/x509 modified to support additional elliptic and edward curves.
Package ed25519 provides a interface to use the Ed25519 Edwards Curve
*/.
Package ed448 provides a generator function for the Ed448 Edwards Curve
Ed448 provides a interface to use the Ed448 curve.*/.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
Package parse provides a unified parser for both Elliptic and Edwards Curves.
# Functions
NewECCurve takes a ECDSA key and converts it to a Rome private key.
NewHKDF allows you to use HKDF in your ECDH.
Pad will add padding to the left.
ParseECPrivate will read a PEM ASN.1 DER encoded key.
ParseECPrivateASN1 will read a ASN.1 DER encoded key.
ParseECPublic will read elliptic curve public key from PEM ASN.1 DER format.
ParseECPublicASN1 will read a elliptic curve public key from ASN.1 DER format.
# Constants
CipherAES_GCM is a AHEAD cipher and is recommended for most use cases.
CipherChacha20 is a UNAUTHENTICATED cipher and is only provided with the expectation you will handle the data integrity by using a MAC.
CipherChacha20_SHA256 is a authenticated Encrypt-then-MAC (EtM) cipher using ChaCha20 the MAC is a SHA256 hmac with the secret being the encryption key.
CipherChacha20_SHA512 is a authenticated Encrypt-then-MAC (EtM) cipher using ChaCha20 the MAC is a SHA512 hmac with the secret being the encryption key.
CipherChaCha20Poly1305 is a authenticated cipher which takes a 256bit key.
CipherSalsa20 is a UNAUTHENTICATED cipher and is only provided with the expectation you will handle the data integrity by using a MAC.
# Variables
ErrAuthFail is returned when the ciphertext mac fails.
ErrCipherTxtSmall is returned if the data is so small it must be invalid.
ErrDerivePub is returned if there is a error in extracting the pub key from private D.
ErrInvalidPem is returned when invalid PEM data is attempted to be decoded.
ErrKeySize is returned if the key is not supported in the encryption algorithm.
ErrUnknownCipher is returned if the cipher provided is unsupported.
ErrWrongKey is returned if the key is the wrong type.
# Structs
ECKey is a Elliptic Curve.
ECPublicKey holds the X and Y parameters for the key.
OptionHKDF is used in a DH and will overwrite the shared secret options.
# Interfaces
PrivateKey holds the D point for the curve and the public key.
PublicKey is a Elliptic/Edward curve public key.