{"id":18418579,"url":"https://github.com/bsm/macdaddy","last_synced_at":"2025-09-15T20:42:07.308Z","repository":{"id":57491117,"uuid":"84481710","full_name":"bsm/macdaddy","owner":"bsm","description":"MAC Daddy is a Go library for generating encrypted messages and verifying their authenticity using the Poly1305 message authentication code with a ChaCha20 cipher","archived":false,"fork":false,"pushed_at":"2024-12-11T23:31:47.000Z","size":19,"stargazers_count":7,"open_issues_count":1,"forks_count":4,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-04-25T14:03:37.351Z","etag":null,"topics":["chacha20-poly1305","cipher","encryption","go","golang","mac"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bsm.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-03-09T19:42:48.000Z","updated_at":"2025-01-12T21:44:10.000Z","dependencies_parsed_at":"2024-01-11T11:37:08.236Z","dependency_job_id":"6eb9a4af-7920-42a6-9d16-cd1b7f491931","html_url":"https://github.com/bsm/macdaddy","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/bsm/macdaddy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bsm%2Fmacdaddy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bsm%2Fmacdaddy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bsm%2Fmacdaddy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bsm%2Fmacdaddy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bsm","download_url":"https://codeload.github.com/bsm/macdaddy/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bsm%2Fmacdaddy/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265297044,"owners_count":23742585,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["chacha20-poly1305","cipher","encryption","go","golang","mac"],"created_at":"2024-11-06T04:14:05.014Z","updated_at":"2025-09-15T20:42:02.230Z","avatar_url":"https://github.com/bsm.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# MAC Daddy\n\n[![GoDoc](https://godoc.org/github.com/bsm/macdaddy?status.svg)](https://godoc.org/github.com/bsm/macdaddy)\n[![Build Status](https://travis-ci.org/bsm/macdaddy.svg?branch=master)](https://travis-ci.org/bsm/macdaddy)\n[![Go Report Card](https://goreportcard.com/badge/github.com/bsm/macdaddy)](https://goreportcard.com/report/github.com/bsm/macdaddy)\n\nMAC Daddy is a [Go](https://golang.org) library for generating encrypted messages and verifying their authenticity using the [Poly1305](https://en.wikipedia.org/wiki/Poly1305) [message authentication code](https://en.wikipedia.org/wiki/Message_authentication_code) with a [ChaCha20](https://en.wikipedia.org/wiki/Salsa20#ChaCha_variant) cipher.\n\n## Documentation\n\nFor documentation and examples, please see https://godoc.org/github.com/bsm/macdaddy.\n\n## Install\n\n```\ngo get -u github.com/bsm/macdaddy\n```\n\n## Basic Usage\n\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/bsm/macdaddy\"\n)\n\nfunc main() {\n\t// Secrets must be 32 bytes long.\n\tsecret := []byte(\"ThisMustNotBeSharedWithStrangers\")\n\n\t// Epochs are numeric and must match.\n\tepoch := uint32(20170308)\n\n\t// Generate a MAC, using a secret, an epoch and a random seed.\n\tmac1, err := macdaddy.New(secret, epoch, time.Now().Unix())\n\tif err != nil {\n\t\tpanic(err)\n\t}\n\n\t// Encrypt a message\n\tencrypted := mac1.Encrypt(nil, []byte(\"plaintext\"))\n\n\t// Decrypt the message again\n\tplain1, err := mac1.Decrypt(nil, encrypted)\n\tif err != nil {\n\t\tpanic(err)\n\t}\n\tfmt.Printf(\"%q\\n\", plain1)\n\n\t// To decrypt each other's messages, MACs must share\n\t// the secret and the epoch, but not the seed\n\tmac2, err := macdaddy.New(secret, epoch, 451)\n\tif err != nil {\n\t\tpanic(err)\n\t}\n\tplain2, err := mac2.Decrypt(nil, encrypted)\n\tif err != nil {\n\t\tpanic(err)\n\t}\n\tfmt.Printf(\"%q\\n\", plain2)\n\n}\n```\n\nOutput:\n\n```go\n\"plaintext\"\n\"plaintext\"\n```\n\n## Ring Usage\n\nTo simplify key rotation MAC Daddy comes with a Ring which can use a variety\nof registered MACs. It always uses a primary MAC for encryption while capable\nof decrypting messages created by MACs from previous epochs.\n\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/bsm/macdaddy\"\n)\n\nfunc main() {\n\tconst seed = 1234567890\n\n\t// This is our latest/primary MAC\n\tlatest, err := macdaddy.New([]byte(\"ThisIsOurVeryLatestSecretKey2017\"), 2017, seed)\n\tif err != nil {\n\t\tpanic(err)\n\t}\n\n\t// This is a MAC we have used previously\n\tprevious, err := macdaddy.New([]byte(\"ThisIsAKeyWeUsedPreviouslyIn2016\"), 2016, seed)\n\tif err != nil {\n\t\tpanic(err)\n\t}\n\n\t// This is another legacy MAC we have used before\n\tlegacy, err := macdaddy.New([]byte(\"ThisOneIsLegacyWeStillKeepAround\"), 2010, seed)\n\tif err != nil {\n\t\tpanic(err)\n\t}\n\n\t// Create a new ring, register legacy MACc\n\tring := macdaddy.NewRing(latest)\n\tring.Register(previous)\n\tring.Register(legacy)\n\n\t// Encrypt a new message\n\tencrypted := ring.Encrypt(nil, []byte(\"I was encrypted with the latest key\"))\n\n\t// Decrypt the message\n\tplain, err := ring.Decrypt(nil, encrypted)\n\tif err != nil {\n\t\tpanic(err)\n\t}\n\tfmt.Printf(\"%q\\n\", plain)\n\n\t// Now, decrypt a message encrypted with a previous MACs\n\toldmsg := previous.Encrypt(nil, []byte(\"I may from a different epoch but still decryptable\"))\n\tplain, err = ring.Decrypt(plain[:0], oldmsg)\n\tif err != nil {\n\t\tpanic(err)\n\t}\n\tfmt.Printf(\"%q\\n\", plain)\n\n}\n```\n\nOutput:\n\n```go\n\"I was encrypted with the latest key\"\n\"I may from a different epoch but still decryptable\"\n```\n\n## Licence\n\n```\nCopyright 2017 Black Square Media Ltd\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n\thttp://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbsm%2Fmacdaddy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbsm%2Fmacdaddy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbsm%2Fmacdaddy/lists"}