Fetching contributors…
Cannot retrieve contributors at this time
79 lines (69 sloc) 2.57 KB
Copyright 2018, Cossack Labs Limited
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
See the License for the specific language governing permissions and
limitations under the License.
// Package acrawriter provides public function CreateAcrastruct for generating
// acrastruct in your applications for encrypting on client-side and inserting
// to database.
package acrawriter
import (
// CreateAcrastruct encrypt your data using acra_public key and context (optional)
// and pack into correct Acrastruct format
func CreateAcrastruct(data []byte, acraPublic *keys.PublicKey, context []byte) ([]byte, error) {
randomKeyPair, err := keys.New(keys.KEYTYPE_EC)
if err != nil {
return nil, err
// generate random symmetric key
randomKey := make([]byte, base.SymmetricKeySize)
n, err := rand.Read(randomKey)
if err != nil {
return nil, err
if n != base.SymmetricKeySize {
return nil, errors.New("read incorrect num of random bytes")
// create smessage for encrypting symmetric key
smessage := message.New(randomKeyPair.Private, acraPublic)
encryptedKey, err := smessage.Wrap(randomKey)
if err != nil {
return nil, err
utils.FillSlice('0', randomKeyPair.Private.Value)
// create scell for encrypting data
scell := cell.New(randomKey, cell.CELL_MODE_SEAL)
encryptedData, _, err := scell.Protect(data, context)
if err != nil {
return nil, err
utils.FillSlice('0', randomKey)
// pack acrastruct
dateLength := make([]byte, base.DataLengthSize)
binary.LittleEndian.PutUint64(dateLength, uint64(len(encryptedData)))
output := make([]byte, len(base.TagBegin)+base.KeyBlockLength+base.DataLengthSize+len(encryptedData))
output = append(output[:0], base.TagBegin...)
output = append(output, randomKeyPair.Public.Value...)
output = append(output, encryptedKey...)
output = append(output, dateLength...)
output = append(output, encryptedData...)
return output, nil