{"id":27135582,"url":"https://github.com/nthnn/xbin25","last_synced_at":"2025-08-17T12:40:50.690Z","repository":{"id":285959189,"uuid":"959605417","full_name":"nthnn/xbin25","owner":"nthnn","description":"Go package designed for secure data serialization, combining state-of-the-art encryption, digital signatures, and multi-layer compression ensuring confidentiality, integrity, and authenticity.","archived":false,"fork":false,"pushed_at":"2025-04-03T15:13:18.000Z","size":205,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-10T00:11:23.024Z","etag":null,"topics":["cryptography","cryptography-algorithms","encryption","encryption-decryption","golang","golang-library","golang-package"],"latest_commit_sha":null,"homepage":"https://pkg.go.dev/github.com/nthnn/xbin25","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nthnn.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-04-03T04:01:11.000Z","updated_at":"2025-04-03T15:14:30.000Z","dependencies_parsed_at":"2025-04-03T15:39:37.176Z","dependency_job_id":"5f6dd14f-2cec-4993-adf3-86cf01192068","html_url":"https://github.com/nthnn/xbin25","commit_stats":null,"previous_names":["nthnn/xbin25"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/nthnn/xbin25","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nthnn%2Fxbin25","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nthnn%2Fxbin25/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nthnn%2Fxbin25/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nthnn%2Fxbin25/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nthnn","download_url":"https://codeload.github.com/nthnn/xbin25/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nthnn%2Fxbin25/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":270850057,"owners_count":24656443,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-17T02:00:09.016Z","response_time":129,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cryptography","cryptography-algorithms","encryption","encryption-decryption","golang","golang-library","golang-package"],"created_at":"2025-04-08T01:48:47.062Z","updated_at":"2025-08-17T12:40:50.653Z","avatar_url":"https://github.com/nthnn.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n    \u003cimg src=\"assets/xbin25-logo.png\" width=\"220\" /\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n    \u003csmall\u003eSecure Data Serialization for Go\u003c/small\u003e\n\u003c/p\u003e\n\u003ch1 align=\"center\"\u003eXBin25\u003c/h1\u003e\n\n![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)\n\nXBin25 is a Go package designed for secure data serialization, combining state-of-the-art encryption, digital signatures, and multi-layer compression. It ensures confidentiality, integrity, and authenticity for sensitive data in transit or at rest.\n\n## Features\n\n- **Military-Grade Encryption**: AES-256-GCM encryption with unique per-message keys\n- **Secure Key Exchange**: RSA-OAEP for AES key encryption (3072-bit or stronger)\n- **Tamper Evidence**: RSA-PSS digital signatures for data authenticity\n- **Compression Layers**: Parallelized zstd (inner) and pgzip (outer) compression\n- **Replay Protection**: Configurable timestamp validity windows\n- **Memory Hardening**: Sensitive keys guarded by `memguard` against memory leaks\n- **Modern Serialization**: Efficient MessagePack encoding for structured data\n\n## Installation\n\n```bash\ngo get github.com/nthnn/xbin25\n```\n\n## Dependencies\n\n- Go 1.20+\n- `memguard` (secure memory)\n- `msgpack/v5` (serialization)\n- `pgzip/zstd` (compression)\n- `rsa/aes` (crypto primitives)\n\n## Usage\n\n### Basic Usage\n\n```go\nimport \"github.com/nthnn/xbin25\"\n\nfunc main() {\n    // Initialize configuration\n    config := xbin25.NewConfig(\n        \"encrypt-cert.pem\",  // RSA public key for encryption\n        \"encrypt-key.pem\",   // RSA private key for decryption\n        \"sign-cert.pem\",     // RSA public key for signature verification\n        \"sign-key.pem\",      // RSA private key for signing\n        \"user-auth-system\",  // Context label\n        30*time.Minute,      // Max message age\n        1024*1024,           // 1MB compression blocks\n    )\n\n    // Marshall sensitive data\n    data := map[string]interface{}{\n        \"session_id\": \"7a4e3b1c-89f2-4d65-9128-cc9a4b1d0e7f\",\n        \"permissions\": []string{\"read:logs\", \"write:config\"},\n    }\n\n    encryptedData, err := config.Marshall(data)\n    if err != nil {\n        panic(err)\n    }\n\n    // Unmarshall securely\n    decrypted, err := config.Unmarshall(encryptedData)\n    if err != nil {\n        panic(err)\n    }\n\n    restored := decrypted.(map[string]interface{})\n}\n```\n\n### Configuration Guide\n\n#### XBin25Config Parameters\n\n| Parameter\t            | Description                                                               |\n|-----------------------|---------------------------------------------------------------------------|\n| EncryptCertFile       | Path to PEM-encoded X.509 certificate with RSA public key for encryption  |\n| EncryptKeyFile\t    | Path to PEM-encoded RSA private key for decryption                        |\n| SignCertFile\t        | Path to PEM-encoded X.509 certificate for signature verification          |\n| SignKeyFile\t        | Path to PEM-encoded RSA private key for signing                           |\n| BlockSize\t            | Compression block size (typically 1MB-4MB)                                |\n| Label                 | Auto-derived from label string (SHA-256 hash of provided label)           |\n| Duration              | Maximum allowed message age (e.g., 30*time.Minute)                        |\n\n### Security Architecture\n\n#### Marshalling Process\n\n1. MessagePack serialization\n2. AES-256-GCM encryption with random key\n3. RSA-OAEP encryption of AES key\n4. zstd compression\n5. RSA-PSS signing\n6. Timestamp embedding\n7. pgzip outer compression\n\n#### Unmarshalling Process\n\n1. pgzip decompression\n2. Timestamp validation\n3. RSA-PSS signature verification\n4. zstd decompression\n5. RSA-OAEP decryption\n6. AES-GCM decryption\n7. MessagePack deserialization\n\n### Best Practices\n\n1. **Key Management**\n\n    - Use 4096-bit RSA keys minimum\n    - Store private keys in hardware security modules (HSMs) where possible\n    - Rotate signing keys quarterly\n\n2. **Operational Security**\n\n    - Keep system clocks synchronized (NTP)\n    - Use unique labels for different data contexts\n    - Set conservative duration windows (15-60 minutes)\n\n3. **Performance Tuning**\n\n    - Adjust BlockSize based on payload characteristics\n    - Balance between zstd compression level and CPU usage\n    - Utilize hardware-accelerated AES (AES-NI)\n\n## License\n\nApache 2.0 - See [LICENSE](LICENSE) for details.\n\n```\nCopyright 2025 Nathanne Isip\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnthnn%2Fxbin25","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnthnn%2Fxbin25","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnthnn%2Fxbin25/lists"}