4 "github.com/pkg/errors"
5 crypto "github.com/tendermint/go-crypto"
9 // SecretBox uses the algorithm from NaCL to store secrets securely
10 SecretBox Encoder = secretbox{}
11 // Noop doesn't do any encryption, should only be used in test code
15 // Encoder is used to encrypt any key with a passphrase for storage.
17 // This should use a well-designed symetric encryption algorithm
18 type Encoder interface {
19 Encrypt(key crypto.PrivKey, pass string) ([]byte, error)
20 Decrypt(data []byte, pass string) (crypto.PrivKey, error)
23 func secret(passphrase string) []byte {
24 // TODO: Sha256(Bcrypt(passphrase))
25 return crypto.Sha256([]byte(passphrase))
28 type secretbox struct{}
30 func (e secretbox) Encrypt(key crypto.PrivKey, pass string) ([]byte, error) {
32 return key.Bytes(), nil
35 cipher := crypto.EncryptSymmetric(key.Bytes(), s)
39 func (e secretbox) Decrypt(data []byte, pass string) (key crypto.PrivKey, err error) {
43 private, err = crypto.DecryptSymmetric(data, s)
45 return crypto.PrivKey{}, errors.Wrap(err, "Invalid Passphrase")
48 key, err = crypto.PrivKeyFromBytes(private)
49 return key, errors.Wrap(err, "Invalid Passphrase")
54 func (n noop) Encrypt(key crypto.PrivKey, pass string) ([]byte, error) {
55 return key.Bytes(), nil
58 func (n noop) Decrypt(data []byte, pass string) (crypto.PrivKey, error) {
59 return crypto.PrivKeyFromBytes(data)