Encrypt encrypts a file to one or more recipients. Every recipient will be able to decrypt the file. Writes to the returned WriteCloser are encrypted and written to dst as an age file. The caller must call Close on the WriteCloser when done for the last chunk to be encrypted and flushed to dst.
(dst io.Writer, recipients ...Recipient)
| 152 | // file. The caller must call Close on the WriteCloser when done for the last |
| 153 | // chunk to be encrypted and flushed to dst. |
| 154 | func Encrypt(dst io.Writer, recipients ...Recipient) (io.WriteCloser, error) { |
| 155 | fileKey := make([]byte, fileKeySize) |
| 156 | rand.Read(fileKey) |
| 157 | |
| 158 | hdr, err := encryptHdr(fileKey, recipients...) |
| 159 | if err != nil { |
| 160 | return nil, err |
| 161 | } |
| 162 | if err := hdr.Marshal(dst); err != nil { |
| 163 | return nil, fmt.Errorf("failed to write header: %w", err) |
| 164 | } |
| 165 | |
| 166 | nonce := make([]byte, streamNonceSize) |
| 167 | rand.Read(nonce) |
| 168 | if _, err := dst.Write(nonce); err != nil { |
| 169 | return nil, fmt.Errorf("failed to write nonce: %w", err) |
| 170 | } |
| 171 | |
| 172 | return stream.NewEncryptWriter(streamKey(fileKey, nonce), dst) |
| 173 | } |
| 174 | |
| 175 | // EncryptReader encrypts a file to one or more recipients. Every recipient will be |
| 176 | // able to decrypt the file. |
searching dependent graphs…