From 67a1a655efbd18d02e82b71ab91c7a5c1337bb3d Mon Sep 17 00:00:00 2001 From: Didactic Drunk <1479616+didactic-drunk@users.noreply.github.com> Date: Tue, 23 Mar 2021 15:52:40 -0700 Subject: [PATCH] Add password based encryption example --- examples/password_based_encryption.cr | 47 +++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 examples/password_based_encryption.cr diff --git a/examples/password_based_encryption.cr b/examples/password_based_encryption.cr new file mode 100644 index 0000000..922c5c5 --- /dev/null +++ b/examples/password_based_encryption.cr @@ -0,0 +1,47 @@ +require "../src/sodium" + +# Use Password::Create to generate Key params +# Or hard code them like below + +pwkey = Sodium::Password::Key.new + +# Uses MINIMUM to speed up this example. Don't use MINIMUM in real applications. +# See examples/pw_hash_selector.cr for help on selecting parameters. +pwkey.mem = Sodium::Password::MEMLIMIT_MIN +pwkey.ops = Sodium::Password::OPSLIMIT_MIN + +pwkey.mode = Sodium::Password::Mode::Argon2id13 + +# Save opslimit, memlimit, mode and master_key_size somewhere. They may be hard coded in your application. + +# SAVE salt per user. Every time the password changes also change the salt. +salt = pwkey.random_salt + +password = "1234" + +# kdf_derive is a wrapper around following 3 lines. +# kdf = Sodium::KDF.new master_key +# master_key_size = 32 # Derive 256 bit key +# master_key = pwkey.derive_key password, master_key_size, salt: salt +kdf = pwkey.derive_kdf password, salt: salt + +# TODO: verify password + +xchacha = kdf.derive_aead_xchacha20poly1305_ietf "newwalle", 0 +# or secretbox = kdf.derive_secretbox "oldcrypt", 0 +# wallet = xchacha.decrypt File.read("blockchain.wallet") + +# Returns a Sign::SecretKey +signkey = kdf.derive_sign "signatur", 0 + +# Returns a CryptoBox::SecretKey +secretkey = kdf.derive_cryptobox "pkcrypto", 0 + +# anonymous_messages.each do |encrypted_message| +# decrypted = secretkey.decrypt encrypted_message +# inmessage = parse decrypted +# signed_outmessage = signkey.sign wallet.transfer(message.recipient, message.amount, "Sure you can have free money") +# secretkey.box inmessage.public_key do |box| +# mail to: inmessage.email, data: box.encrypt(signed_outmessage) +# end +# end