• Stars
    star
    540
  • Rank 82,257 (Top 2 %)
  • Language
    Go
  • License
    BSD 3-Clause "New...
  • Created over 7 years ago
  • Updated over 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Pure Go implementation of the NaCL set of API's

go-nacl

GoDoc

This is a pure Go implementation of the API's available in NaCL: https://nacl.cr.yp.to. Compared with the implementation in golang.org/x/crypto/nacl, this library offers all of the API's present in NaCL, better compatibility with NaCL implementations written in other languages, as well as some utilities for generating and loading keys and nonces, and encrypting messages.

Many of them are simple wrappers around functions or libraries available in the Go standard library, or in the golang.org/x/crypto package. Other code I copied directly into this library with the appropriate LICENSE; if a function is longer than, say, 5 lines, I didn't write it myself. There are no dependencies outside of the standard library or golang.org/x/crypto.

The goal is to both show how to implement the NaCL functions in pure Go, and to provide interoperability between messages encrypted/hashed/authenticated in other languages, and available in Go.

Among other benefits, NaCL is designed to be misuse resistant and standardizes on the use of 32 byte keys and 24 byte nonces everywhere. Several helpers are present for generating keys/nonces and loading them from configuration, as well as for encrypting messages. You can generate a key by running openssl rand -hex 32 and use the helpers in your program like so:

import "github.com/kevinburke/nacl"
import "github.com/kevinburke/nacl/secretbox"

func main() {
    key, err := nacl.Load("6368616e676520746869732070617373776f726420746f206120736563726574")
    if err != nil {
        panic(err)
    }
    encrypted := secretbox.EasySeal([]byte("hello world"), key)
    fmt.Println(base64.StdEncoding.EncodeToString(encrypted))
}

The package names match the primitives available in NaCL, with the crypto_ prefix removed. Some function names have been changed to match the Go conventions.

Installation

go get github.com/kevinburke/nacl

Or you can Git clone the code directly to $GOPATH/src/github.com/kevinburke/nacl.

Who am I?

While you probably shouldn't trust random security code from the Internet, I'm reasonably confident that this code is secure. I did not implement any of the hard math (poly1305, XSalsa20, curve25519) myself - I call into golang.org/x/crypto for all of those functions. I also ported over every test I could find from the C/C++ code, and associated RFC's, and ensured that these libraries passed those tests.

I'm a contributor to the Go Standard Library and associated tools, and I've also been paid to do security consulting for startups, and found security problems in consumer sites.

Errata

  • The implementation of crypto_sign uses the ref10 implementation of ed25519 from SUPERCOP, not the current implementation in NaCL. The difference is that the entire 64-byte signature is prepended to the message; in the current version of NaCL, separate bits are prepended and appended to the message.

  • Compared with crypto/ed25519, this library's Sign implementation returns the message along with the signature, and Verify expects the first 64 bytes of the message to be the signature. This simplifies the API and matches the behavior of the ref10 implementation and other NaCL implementations. Sign also flips the order of the message and the private key: Sign(message, privatekey), to match the NaCL implementation.

  • Compared with golang.org/x/crypto/nacl/box, Precompute returns the shared key instead of modifying the input. In several places the code was modified to call functions that now exist in nacl.

  • Compared with golang.org/x/crypto/nacl/secretbox, Seal and Open call the onetimeauth package in this library, instead of calling golang.org/x/crypto/poly1305 directly.

More Repositories

1

hamms

Malformed servers to test your HTTP client
Python
1,218
star
2

doony

UI Improvements for Jenkins
JavaScript
970
star
3

ssh_config

Go parser for ssh_config files
Go
386
star
4

go-bindata

A small utility which generates Go code from any file. Useful for embedding binary data in a Go program.
Go
330
star
5

hulk

In-browser JSON editor
JavaScript
312
star
6

sshpass

Mirror of http://sourceforge.net/projects/sshpass/
Shell
199
star
7

hostsfile

go tool for working with /etc/hosts files
Go
131
star
8

rct

Creating cool coasters for Roller Coaster Tycoon
Go
124
star
9

tecate

Figure out when your HTML is busted
JavaScript
110
star
10

customize-twitter-1.1

Add your own custom CSS to modify the Twitter Embeddable Widget
JavaScript
91
star
11

tss

Go port of moreutils/ts
Go
43
star
12

swish

Switch SSH settings between Github profiles
Go
38
star
13

travis

Command line client for interacting with Travis CI
Go
19
star
14

handlers

Useful HTTP middlewares
Go
19
star
15

gitopen

Open one of your remote URL's in your browser
Python
17
star
16

rest

Go REST helpers
Go
14
star
17

sll

Strip long lines from output
Go
14
star
18

multi-emailer

Send personalized email messages to multiple email accounts (e.g. City Council members)
Go
13
star
19

2013

Flat UI website redesign
HTML
12
star
20

differ

Go
12
star
21

read-mongo-logs

Tail Mongo database logs
Go
11
star
22

gitlab

Command line tool for waiting for Gitlab pipelines to complete
Go
11
star
23

ansible-go

Go
9
star
24

rct-rides

working with roller coaster tycoon saved ride format
Go
9
star
25

weirdfortune

the unix fortune program, now with weird twitter
Python
8
star
26

snapchat-friends

surprise, your friend network is public
Python
8
star
27

proto-make-example

Makefile
8
star
28

gobike

Go
6
star
29

ynab-go

YNAB Go Client, including a detailed age of money calculator
Go
6
star
30

write_mailmap

Easy generate an AUTHORS file from the Git commit history
Makefile
6
star
31

metrosolver

Finding optimal Mini Metro routes
6
star
32

google-oauth-handler

HTTP middleware for handling Google authentication
Go
5
star
33

targets

I am the next coming of John Carmack
C#
5
star
34

go-random-project-generator

Random project name generator (like Github or Heroku app names)
Go
5
star
35

twilio-jsonapi

A JSON convenience wrapper for the Twilio API
Python
4
star
36

godocdoc

Start godoc and open a HTTP server to the homepage
Go
4
star
37

isec2

Go library that reports whether you are running in EC2
Go
3
star
38

envdir

Go port of djb envdir
Go
3
star
39

vault-go

Better Hashicorp Vault client
Go
3
star
40

public-comments

I write letters to local governments and post them here
Go
3
star
41

clipper

API for retrieving Clipper Card data (and parsing Clipper Transactions)
Go
3
star
42

talks

Talks I give at conferences
3
star
43

goodmorningcmc

Python
2
star
44

circle-webhook

webhook server and JSON parser for circle ci webhooks
Go
2
star
45

gerrit-heroku

Attempting to run Gerrit on Heroku
Makefile
2
star
46

slides

Presentations
HTML
2
star
47

write_config_from_env

Pull env vars into a config file
Go
2
star
48

humanbench

Human-readable benchmark output
Go
2
star
49

tt

Better Node test runner
Go
2
star
50

jenkins

Open Jenkins urls from your command line
Python
2
star
51

haa

CA Housing Accountability Act Resources
2
star
52

stubhub-tickets

checking stubhub ticket prices
Python
2
star
53

tarbz2.com

Helping you remember which tar option to use.
ApacheConf
2
star
54

goose

Maintained fork of liamstask/goose that supports ALTER TYPE, CREATE INDEX CONCURRENTLY
Go
2
star
55

buildkite

Buildkite CLI tool
Go
2
star
56

chroma-markdown

Combined Markdown + syntax highlight HTML compiler
Go
2
star
57

gostdjs

The Go standard library, implemented in Javascript
JavaScript
1
star
58

old-county-road

JavaScript
1
star
59

generic-pool-timeout

JavaScript
1
star
60

oculus-rating-data

Working with Oculus rating data
Go
1
star
61

tarsnap-old-archives

Deleting old Tarsnap archives
Go
1
star
62

rustls-postgres

1
star
63

sample-html

sample html
1
star
64

local-servers

Making your local projects more browsable
Makefile
1
star
65

recompile

Concurrent recompilation of individual files (see README)
Go
1
star
66

Twilio-Python-quickstarts

Python quickstarts for Twilio
Python
1
star
67

flagr

Rearrange flags so the options come first
Go
1
star
68

delete-phone-numbers

Delete numbers from a Twilio account
Go
1
star
69

flot.selection.js

The Flot selection plugin, with draggable left/right edges
JavaScript
1
star
70

make

Go
1
star
71

javascript-ipython

ipython notebook for javascript
Shell
1
star
72

enable_pg_logs

Enable Postgres query logging
Go
1
star
73

ipv6-etc-hosts

Go
1
star
74

telapi-python

Tel API Python Helper Library
Python
1
star
75

lucifer

Hot, hot test reloading from Javascript
JavaScript
1
star
76

waterline-self-driving-car

1
star
77

newproject

1
star
78

bigtext

Go library to display text really big using Quicksilver on a Mac
Go
1
star
79

twilio_munischedule

Ruby
1
star