Categorygithub.com/secure-io/sio-go
modulepackage
0.3.1
Repository: https://github.com/secure-io/sio-go.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
8
Dependents
35
Files
1k SLOC

# README

Godoc Reference Build Status

Secure IO

The sio package implements provable secure authenticated encryption for continuous byte streams.
It splits a data stream into L bytes long fragments and en/decrypts each fragment with an unique key-nonce combination using an AEAD. For the last fragment the construction prefixes the associated data with the 0x80 byte (instead of 0x00) to prevent truncation attacks.

sio encryption scheme

The sio package follows semantic versioning and hasn't reached a stable v1.0.0, yet. So newer versions may cause major breaking API changes. However, we try to avoid such changes - if not really needed.

How to use sio?

import (
    "github.com/secure-io/sio-go"
)

The sio package provides APIs for en/decrypting an io.Reader or an io.Writer. First, you have to create a Stream instance from a cipher.AEAD and a buffer size. (The buffer size determines the fragment size L). You may want to take a look at this example.

Then you can use the Stream to encrypt resp. decrypt an io.Reader or io.Writer using e.g. the EncryptReader or DecryptWriter methods.

For a comprehensive overview of the API please take a look at godoc.org.

# Packages

Package sioutil implements some I/O utility functions.

# Functions

NewStream creates a new Stream that encrypts or decrypts data streams with the cipher using bufSize large chunks.

# Constants

The secret key must be 16 bytes long.
The secret key must be 32 bytes long.
BufSize is the recommended buffer size for streams.
The secret key must be 32 bytes long.
ErrExceeded is returned when no more data can be encrypted / decrypted securely.
MaxBufSize is the maximum buffer size for streams.
NotAuthentic is returned when the decryption of a data stream fails.
The secret key must be 32 bytes long.

# Structs

A DecReader decrypts and verifies everything it reads from an underlying io.Reader.
A DecReaderAt decrypts and verifies everything it reads from an underlying io.ReaderAt.
A DecWriter decrypts and verifies everything it writes to an underlying io.Writer.
An EncReader encrypts and authenticates everything it reads from an underlying io.Reader.
An EncWriter encrypts and authenticates everything it writes to an underlying io.Writer.
A Stream encrypts or decrypts continuous byte streams.

# Type aliases

Algorithm specifies an AEAD algorithm that can be used to en/decrypt data streams.