/sasquatch

A simple data encryption library

Primary LanguageGoBSD 3-Clause "New" or "Revised" LicenseBSD-3-Clause

sasquatch

Build Status Coverage Status Go ReportCard GoDoc

A simple data encryption library, heavily inspired by @Benjojo12 and @FiloSottile's fantastic age project.

Features

  • Multiple recipients
  • Supports encrypting with your existing SSH keys / ssh-agent
  • Convenient API

Crypto Backends

  • ssh-rsa
  • ssh-ed25519
  • ssh-agent signing challenge (excluding ECDSA identities, as ECDSA signatures aren't deterministic)
  • scrypt / password

Example

Encryption

buf := bytes.NewBuffer(nil)

alice, err := sasquatch.ParseRecipient("ssh-ed25519 ...")
bob, err := sasquatch.ParseRecipient("ssh-rsa ...")

rcp := []sasquatch.Recipient{alice, bob}
w, err := sasquatch.Encrypt(buf, rcp...)

data := []byte("Hello Alice, Hey Bob!")
w.Write(data)
w.Close()

ioutil.WriteFile("/tmp/sasquatch.encrypted", buf.Bytes(), 0644)

Decryption

buf, err := ioutil.ReadFile("/tmp/sasquatch.encrypted")

// find all available identities
identities := sasquatch.FindIdentities()
r, err := sasquatch.Decrypt(buf, identities...)

buf, err := ioutil.ReadAll(r)
ioutil.WriteFile("/tmp/sasquatch.decrypted", buf.Bytes(), 0644)

ssh-agent Challenge

// encryption
signers, err := sasquatch.SSHAgentSigners()
rcp, err := sasquatch.NewChallengeRecipient(signers[0])
sasquatch.Encrypt(buf, rcp)

// decryption
id, err := sasquatch.NewChallengeIdentity(signers[0])
r, err := sasquatch.Decrypt(buf, id)

scrypt / password Encryption

// encryption
rcp, err := sasquatch.NewScryptRecipient("password")
sasquatch.Encrypt(buf, rcp)

// decryption
id, err := sasquatch.NewScryptIdentity("password")
r, err := sasquatch.Decrypt(buf, id)