Encrypting a small secret using curve25519
496 views
Skip to first unread message
christoph...@gmail.com
Sep 20, 2023, 4:02:24 AM9/20/23
to golang-nuts
Hello,
I noticed that the go standard library only support ed25519 signing (https://pkg.go.dev/crypto/ed2...@go1.21.1).
I would need to encrypt a small secret with the public key of the receiver so that he is the only one able to decrypt it with its private key. The small secret would typically be a random symmetric key used to encrypt the possibly long message.
The only solution I found is to use nacl.Box (https://pkg.go.dev/golang.org/x/crypto/nacl/box). Why is it so ?
Are there alternative reliable go packages I could use ? I'll use only a pure Go package, not a libsodium wrapper package.
Axel Wagner
Sep 20, 2023, 4:33:10 AM9/20/23
to christoph...@gmail.com, golang-nuts
As I understand it, ed25519 is using Curve25519 in EdDSA, which is a signing scheme. So using "ed25519" for encryption does not make any sense.
NaCl also uses Curve25519, ultimately using ECDH (again, as I understand it) to establish a secret key for Salsa20. So it is pretty fundamentally different than ed25519.
Note that golang.org/x/crypto/nacl *is* a pure Go package, not a libsodium wrapper. And yes, it's very likely what you want, if you want to use Curve25519 for encryption. Unless you want to roll your own cryptography, in which case, here be dragons. But the `crypto/ecdh` package (available since Go 1.20) would probably the primitive to look at.
--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/8018a90a-fae2-4c45-8c19-ed8b5c205319n%40googlegroups.com.
Axel Wagner
Sep 20, 2023, 4:35:46 AM9/20/23
to christoph...@gmail.com, golang-nuts
To be clear: I'm by no means an expert, so take my advice with a huge grain of salt (pun intended). But from what it seems, with no offense intended, neither are you.
Tamás Gulácsi
Sep 20, 2023, 4:14:47 PM9/20/23
to golang-nuts
https://pkg.go.dev/filippo.io/age offers a simple interface for encrypting/decrypting, with command line, too.
Karlovsky Alexey
Sep 21, 2023, 6:39:40 AM9/21/23
to christoph...@gmail.com, golang-nuts
You can use CMS encryption (part of
https://datatracker.ietf.org/doc/html/rfc5652)
For example you can try https://github.com/mozilla-services/pkcs7
In CMS you use a public key to encrypt the generated intermediate
symmetric key (content encryption key) and the receiver can decrypt
this key and then decrypt content with it.
Kind regards,
Alexey
https://datatracker.ietf.org/doc/html/rfc5652)
For example you can try https://github.com/mozilla-services/pkcs7
In CMS you use a public key to encrypt the generated intermediate
symmetric key (content encryption key) and the receiver can decrypt
this key and then decrypt content with it.
> --
> You received this message because you are subscribed to the Google Groups "golang-nuts" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/8018a90a-fae2-4c45-8c19-ed8b5c205319n%40googlegroups.com.
--
> You received this message because you are subscribed to the Google Groups "golang-nuts" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/8018a90a-fae2-4c45-8c19-ed8b5c205319n%40googlegroups.com.
Kind regards,
Alexey
Reply all
Reply to author
Forward
0 new messages