sodium.cr/examples/password_based_encryption.cr

48 lines
1.6 KiB
Crystal
Raw Normal View History

2021-03-23 23:52:40 +01:00
require "../src/sodium"
# Use Password::Create to generate Key params
# Or hard code them like below
pwkey = Sodium::Password::Key.new
# Uses MINIMUM to speed up this example. Don't use MINIMUM in real applications.
# See examples/pw_hash_selector.cr for help on selecting parameters.
pwkey.mem = Sodium::Password::MEMLIMIT_MIN
pwkey.ops = Sodium::Password::OPSLIMIT_MIN
pwkey.mode = Sodium::Password::Mode::Argon2id13
# Save opslimit, memlimit, mode and master_key_size somewhere. They may be hard coded in your application.
# SAVE salt per user. Every time the password changes also change the salt.
salt = pwkey.random_salt
password = "1234"
# kdf_derive is a wrapper around following 3 lines.
# kdf = Sodium::KDF.new master_key
# master_key_size = 32 # Derive 256 bit key
# master_key = pwkey.derive_key password, master_key_size, salt: salt
kdf = pwkey.derive_kdf password, salt: salt
# TODO: verify password
xchacha = kdf.derive_aead_xchacha20poly1305_ietf "newwalle", 0
# or secretbox = kdf.derive_secretbox "oldcrypt", 0
# wallet = xchacha.decrypt File.read("blockchain.wallet")
# Returns a Sign::SecretKey
signkey = kdf.derive_sign "signatur", 0
# Returns a CryptoBox::SecretKey
secretkey = kdf.derive_cryptobox "pkcrypto", 0
# anonymous_messages.each do |encrypted_message|
# decrypted = secretkey.decrypt encrypted_message
# inmessage = parse decrypted
# signed_outmessage = signkey.sign wallet.transfer(message.recipient, message.amount, "Sure you can have free money")
# secretkey.box inmessage.public_key do |box|
# mail to: inmessage.email, data: box.encrypt(signed_outmessage)
# end
# end