Categorygithub.com/passw0rd/phe-go
modulepackage
1.0.3
Repository: https://github.com/passw0rd/phe-go.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
13
Dependents
4
Files
1.4k SLOC

# README

Simple Password-Hardened Encryption Services

Build Status GitHub license

Virgil Security introduces an implementation of the Password-Hardened Encryption (PHE) protocol that provides developers with a technology to protect users passwords from offline attacks and make stolen passwords useless even if your database has been compromised.

PHE is a new, more secure mechanism that protects user passwords and lessens the security risks associated with weak passwords. Neither Virgil nor attackers know anything about user's password.

Authors: Russell W. F. Lai, Christoph Egger, Manuel Reinert, Sherman S. M. Chow, Matteo Maffei and Dominique Schroder

WhitePaper: https://virgilsecurity.com/wp-content/uploads/2018/11/PHE-Whitepaper-2018.pdf

Go implementation by Alexey Ermishkin VirgilSecurty.com.

# Packages

No description provided by the author

# Functions

Decrypt extracts 32 byte salt, derives key & nonce and decrypts ciphertext.
Encrypt generates 32 byte salt, uses master key & salt to generate per-data key & nonce with the help of HKDF Salt is concatenated to the ciphertext.
GenerateClientKey creates a new random key used on the Client side.
GenerateServerKeypair creates a new random Nist p-256 keypair.
GetEnrollment generates a new random enrollment record and a proof.
GetPublicKey returns server public key.
NewClient creates new client instance using client's private key and server's public key used for verification.
PointUnmarshal validates & converts byte array to an elliptic curve point object.
Rotate updates server's private and public keys and issues an update token for use on client's side.
RotateClientKeys returns a new pair of keys given old keys and an update token.
UpdateRecord needs to be applied to every database record to correspond to new private and public keys.
VerifyPassword compares password attempt to the one server would calculate itself using its private key and returns a zero knowledge proof of ether success or failure.
VerifyPasswordExtended compares password attempt to the one server would calculate itself using its private key and returns a zero knowledge proof of ether success or failure and an object containing verify result & salt used for verification.

# Structs

Client is responsible for protecting & checking passwords at the client (website) side.
No description provided by the author
No description provided by the author
No description provided by the author
Point represents an elliptic curve point.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
VerifyPasswordResult contains info about verification process result.