Encrypt key with scrypt-hashed password

author: Jakob Unterwurzacher 2015-09-13 21:47:18 +0200
committer: Jakob Unterwurzacher 2015-09-13 22:09:38 +0200
commit: 6f9e90c414c165ff76cd7546b9898b51660a2440 (patch)
tree: d6dc91c505bc41e14d61dc592a5b07c9698dfe35 /cryptfs/kdf.go
parent: 164739b65588bcad91425f38db1ae1aae5c15e56 (diff)
1 files changed, 38 insertions, 0 deletions
diff --git a/cryptfs/kdf.go b/cryptfs/kdf.go
new file mode 100644
index 0000000..275c72e
--- /dev/null
+++ b/cryptfs/kdf.go
@@ -0,0 +1,38 @@
+package cryptfs
+
+import (
+	"fmt"
+	"golang.org/x/crypto/scrypt"
+)
+
+const (
+	// 1 << 16 uses 64MB of memory,
+	// takes 4 seconds on my Atom Z3735F netbook
+	SCRYPT_DEFAULT_N = 1 << 16
+)
+
+type scryptKdf struct {
+	Salt []byte
+	N int
+	R int
+	P int
+	KeyLen int
+}
+
+func NewScryptKdf() scryptKdf {
+	var s scryptKdf
+	s.Salt = RandBytes(KEY_LEN)
+	s.N = SCRYPT_DEFAULT_N
+	s.R = 8 // Always 8
+	s.P = 1 // Always 1
+	s.KeyLen = KEY_LEN
+	return s
+}
+
+func (s *scryptKdf) DeriveKey(pw string) []byte {
+	k, err := scrypt.Key([]byte(pw), s.Salt, s.N, s.R, s.P, s.KeyLen)
+	if err != nil {
+		panic(fmt.Sprintf("DeriveKey failed: %s", err.Error()))
+	}
+	return k
+}
author	Jakob Unterwurzacher	2015-09-13 21:47:18 +0200
committer	Jakob Unterwurzacher	2015-09-13 22:09:38 +0200
commit	6f9e90c414c165ff76cd7546b9898b51660a2440 (patch)
tree	d6dc91c505bc41e14d61dc592a5b07c9698dfe35 /cryptfs/kdf.go
parent	164739b65588bcad91425f38db1ae1aae5c15e56 (diff)