A simple (inflexible, incomplete) signing/encryption certificate scheme based on ECDSA and NaCl boxes.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.



by Cathal Garvey, copyright 2015, licensed under the GNU AGPL: See HACKING.txt.


What is this?

Go has a great array of cryptographic primatives in the core and extended library, which is an exemplary thing all languages should aspire to. This means it's already an ideal language to develop a cryptographically secured application in.

Among these things is partial support for NaCl, which is the gold standard for easily implemented cryptography primatives for application developers: the Go extended library has "nacl/box" and "nacl/secretbox" for asymmetric and symmetric encryption (authenticated in both cases), respectively.

While NaCl is authenticated encryption, it also provides a signature scheme using the same elliptic curve keys in the C implementations, which is currently missing in Go's NaCl implementation. I'm developing something for which signing and encryption are both requirements, preferably with a minimum of key-id mark-up, so I wanted to implement a certificate-based encryption system that would join the elliptic curve signatures in the Core library with the NaCl authenticated encryption schemes provided in the extended library.

So, this is "easykeys", a certificate-based cryptographic library that directly builds upon the primatives and recommended usage of the core and extended libraries. It has a test suite that currently passes, but you shouldn't trust it yet for real-world usage, because it could be full of holes! Await kind-hearted cryptographers/cypherpunks reviewing this code and shouting at me aggressively, first.

What are you working on that needs this?

That's super-sekrit right now but will totes be on my github when close to ready. :)