EncryptReader encrypts a file to one or more recipients. Every recipient will be able to decrypt the file. Reads from the returned Reader produce the encrypted file, where the plaintext is read from src.
(src io.Reader, recipients ...Recipient)
| 178 | // Reads from the returned Reader produce the encrypted file, where the plaintext |
| 179 | // is read from src. |
| 180 | func EncryptReader(src io.Reader, recipients ...Recipient) (io.Reader, error) { |
| 181 | fileKey := make([]byte, fileKeySize) |
| 182 | rand.Read(fileKey) |
| 183 | |
| 184 | hdr, err := encryptHdr(fileKey, recipients...) |
| 185 | if err != nil { |
| 186 | return nil, err |
| 187 | } |
| 188 | buf := &bytes.Buffer{} |
| 189 | if err := hdr.Marshal(buf); err != nil { |
| 190 | return nil, fmt.Errorf("failed to prepare header: %w", err) |
| 191 | } |
| 192 | |
| 193 | nonce := make([]byte, streamNonceSize) |
| 194 | rand.Read(nonce) |
| 195 | |
| 196 | r, err := stream.NewEncryptReader(streamKey(fileKey, nonce), src) |
| 197 | if err != nil { |
| 198 | return nil, err |
| 199 | } |
| 200 | return io.MultiReader(buf, bytes.NewReader(nonce), r), nil |
| 201 | } |
| 202 | |
| 203 | func wrapWithLabels(r Recipient, fileKey []byte) (s []*Stanza, labels []string, err error) { |
| 204 | if r, ok := r.(RecipientWithLabels); ok { |
searching dependent graphs…