dgryski / dkeyczar Goto Github PK

The enums are not named in standard Go style, nor do they need to be exported.

This is a breaking change.

I added support to the C# version with the free travis-ci

https://travis-ci.org/jbtule/keyczar-dotnet

It's pretty sweet, will automatically build and test pull requests too.

Go is an officiallly supported language for travis-ci so it should be easier than my C#.
http://about.travis-ci.org/docs/user/languages/go/

Hi,

At work we use the java keyczar library to encrypt and decrypt data, we use the AES cypher. During development, we have a dummy meta and key and I was able to use this library to decrypt text that was encrypted with the java library (the web app is actually in Scala).

Then I moved the Go code to production, where we fetch the encryption key from a key server (so I had to write a separate KeyReader that knew how to fetch the meta and key values from our key server)

Now text that is encrypted on the web app using Scala/java is not decrypted by Go, I get the error key not found.

I was able to track it down to:

this line

lookup.getKeyForID(b[1:5])

which is then converted with binary.BigEndian.Uint32

returns a value like

2829747566
but the stored in memory keyID is
2628606745

Now, I have no idea why in dev mode locally I can decrypt data (and the lookup.getKeyForID gives the right value ) but it fails on the web app.

Any hints?

Thanks!

I'm trying dkeyczar out. Thanks so much for creating it!

I'm getting "keyczar: key not found" errors that originate on line 899 of keyczar. It appears that my keys are loaded, so why would I be getting this? Its so vague that I'm not sure where to start looking.

Thanks!

Jason

func (kz *keyCzar) getKeyForID(id []byte) ([]keydata, error) {

    kl, ok := kz.idkeys[binary.BigEndian.Uint32(id)]

    if !ok || len(kl) == 0 {
=>      return kl, ErrKeyNotFound    // keyczar.go:line 899
    }

    return kl, nil
}

No camelCase on the keyczar name.

'dkeyczar' is a hold-over. In my repository, it should be 'go-keyczar' with a package name of just 'keyczar'.

This is early Go code and should be brought up to 'modern' Go standards before the merge into the official keyczar repository.

I've been working on trying to produce keyczar data across implementations. Right now for every command except "usekey", java, python, c++, c# work identically flag wise. I have three scripts here java, python, c# that produce keyset and ciphertext data across platforms, and the c++ works too just not for creating ciphertext data (it lacks "usekey")
https://gist.github.com/4519944

I also have unit tests in C# and python that test against this data from each platform.
https://github.com/jbtule/keyczar-dotnet/tree/master/dotnet/Keyczar/KeyczarTest/Interop
http://code.google.com/r/jtuley-keyczar-python-interop-unittests/source/browse/python/tests/keyczar_tests/interop_test.py

For reference C# KeyczarTool usage manual, most complete i think of any of them, but does have unofficial extras too:
https://github.com/jbtule/keyczar-dotnet/wiki/KeyczarTool

Encryption + compression lead to badness.

This is a breaking change.

When executing:

package main

import (
    "fmt"

    "github.com/dgryski/dkeyczar"
)

func main() {
    km := dkeyczar.NewKeyManager()
    err := km.Create("randomname", dkeyczar.P_DECRYPT_AND_ENCRYPT, dkeyczar.T_RSA_PRIV)
    if err != nil {
        panic(err)
    }
    //Need to go back again to fix problem
    err = km.AddKey(1024, dkeyczar.S_PRIMARY)
    if err != nil {
        panic(err)
    }
    fmt.Println(km.ToJSONs(nil))
}

it panics with:

panic: runtime error: assignment to entry in nil map

goroutine 1 [running]:
runtime.panic(0x53da00, 0x6e963d)
    /usr/lib/go/src/pkg/runtime/panic.c:266 +0xb6
github.com/dgryski/dkeyczar.(*keyManager).AddKey(0xc210000070, 0x1000, 0x0, 0x0, 0x4)
    /home/acasajus/Devel/gospace/src/github.com/dgryski/dkeyczar/keyman.go:116 +0x21a
main.main()
    /home/acasajus/Devel/gospace/src/test/tet.go:16 +0xe7
exit status 2

The m.kz.keys map is not initialized when creating the keymap. What is the proper way to use it? Can this be fixed plz?

BTW is there an easy way to export/import a keymanager to JSON? or should I implement it myself in my code?

https://github.com/google/keyczar/blob/master/interop/README.md

This is optional (in terms that OAEP is more secure), but for compatibility it's nice to have.