Go Platform Guide
Overview
MetaMUI Crypto for Go provides idiomatic Go implementations of all 48 cryptographic algorithms. Available through enterprise licensing with private module proxy support, it offers both individual algorithm modules and convenient suite packages.
Installation
Enterprise Setup
# Download and extract enterprise package
# Contact sales@metamui.id for access
tar -xzf metamui-crypto-go-enterprise-3.0.0.tar.gz
cd metamui-crypto-go-enterprise
# Run setup script with license
./setup-enterprise.sh --license-key YOUR_LICENSE_KEY
# Configure Go environment
export GOPROXY=file:///opt/metamui/crypto/proxy,direct
export GONOSUMDB=github.com/metamui/crypto
export GOPRIVATE=github.com/metamui/crypto
Module Configuration
Add to your .bashrc or .zshrc:
# MetaMUI Crypto Go configuration
export METAMUI_LICENSE_KEY="YOUR_LICENSE_KEY"
export GOPROXY="file:///opt/metamui/crypto/proxy,direct"
export GONOSUMDB="github.com/metamui/crypto"
export GOPRIVATE="github.com/metamui/crypto"
Module Installation
Individual Algorithms
# Initialize your module
go mod init myproject
# Install individual algorithm modules
go get github.com/metamui/crypto/blake3@v3.0.0-enterprise
go get github.com/metamui/crypto/mlkem768@v3.0.0-enterprise
go get github.com/metamui/crypto/chacha20poly1305@v3.0.0-enterprise
Suite Packages
# PQC Suite - All NIST post-quantum algorithms
go get github.com/metamui/crypto/suites/pqc@v3.0.0-enterprise
# KPQC Suite - Korean post-quantum algorithms
go get github.com/metamui/crypto/suites/kpqc@v3.0.0-enterprise
# Recommended Suite - Curated algorithm selection
go get github.com/metamui/crypto/suites/recommended@v3.0.0-enterprise
Usage Examples
Basic Hashing with BLAKE3
package main
import (
"encoding/hex"
"fmt"
"github.com/metamui/crypto/blake3"
)
func main() {
// Simple hashing
data := []byte("Hello, World!")
hash := blake3.Sum256(data)
fmt.Printf("BLAKE3 Hash: %s\n", hex.EncodeToString(hash[:]))
// Streaming hash
hasher := blake3.New()
hasher.Write([]byte("First part"))
hasher.Write([]byte("Second part"))
result := hasher.Sum(nil)
fmt.Printf("Streaming hash: %s\n", hex.EncodeToString(result))
// Keyed hashing (MAC)
key := make([]byte, 32)
// Fill key with random bytes
keyedHasher := blake3.NewKeyed(key)
keyedHasher.Write(data)
mac := keyedHasher.Sum(nil)
fmt.Printf("MAC: %s\n", hex.EncodeToString(mac))
}
Post-Quantum Key Exchange (ML-KEM-768)
package main
import (
"bytes"
"fmt"
"github.com/metamui/crypto/mlkem768"
)
func demonstrateKEM() {
// Generate keypair
publicKey, privateKey, err := mlkem768.GenerateKeypair()
if err != nil {
panic(err)
}
// Sender: Encapsulate shared secret
ciphertext, sharedSecretSender, err := mlkem768.Encapsulate(publicKey)
if err != nil {
panic(err)
}
// Receiver: Decapsulate shared secret
sharedSecretReceiver, err := mlkem768.Decapsulate(ciphertext, privateKey)
if err != nil {
panic(err)
}
// Verify shared secrets match
if bytes.Equal(sharedSecretSender, sharedSecretReceiver) {
fmt.Println("Shared secrets match!")
}
}
Authenticated Encryption (ChaCha20-Poly1305)
package main
import (
"crypto/rand"
"fmt"
"github.com/metamui/crypto/chacha20poly1305"
)
func secureEncryption() error {
// Generate key
key := make([]byte, chacha20poly1305.KeySize)
if _, err := rand.Read(key); err != nil {
return err
}
// Create AEAD cipher
aead, err := chacha20poly1305.New(key)
if err != nil {
return err
}
// Generate nonce
nonce := make([]byte, chacha20poly1305.NonceSize)
if _, err := rand.Read(nonce); err != nil {
return err
}
// Encrypt
plaintext := []byte("Secret message")
additionalData := []byte("metadata")
ciphertext := aead.Seal(nil, nonce, plaintext, additionalData)
// Decrypt
decrypted, err := aead.Open(nil, nonce, ciphertext, additionalData)
if err != nil {
return err
}
fmt.Printf("Decrypted: %s\n", decrypted)
return nil
}
Digital Signatures with Dilithium
package main
import (
"fmt"
"github.com/metamui/crypto/dilithium"
)
func quantumSafeSignatures() {
// Generate signing keypair
publicKey, privateKey, err := dilithium.GenerateKeypair(dilithium.Mode3)
if err != nil {
panic(err)
}
// Sign a message
message := []byte("Important document")
signature, err := dilithium.Sign(privateKey, message)
if err != nil {
panic(err)
}
// Verify signature
valid := dilithium.Verify(publicKey, message, signature)
fmt.Printf("Signature valid: %v\n", valid)
// Secure cleanup
privateKey.Clear()
}
Password Hashing with Argon2id
package main
import (
"fmt"
"github.com/metamui/crypto/argon2"
)
func passwordHashing() {
password := []byte("user_password")
// Hash password
hash, err := argon2.Hash(password, argon2.Config{
Time: 4,
Memory: 64 * 1024, // 64 MB
Threads: 2,
KeyLen: 32,
})
if err != nil {
panic(err)
}
// Store encoded hash (includes salt and parameters)
encoded := hash.Encode()
fmt.Printf("Encoded hash: %s\n", encoded)
// Verify password
valid, err := argon2.Verify(encoded, password)
if err != nil {
panic(err)
}
fmt.Printf("Password valid: %v\n", valid)
}
Suite Package Usage
PQC Suite
package main
import (
"github.com/metamui/crypto/suites/pqc"
)
func usePQCSuite() {
// ML-KEM for key exchange
kemPub, kemPriv, _ := pqc.MlKem768.GenerateKeypair()
ct, shared, _ := pqc.MlKem768.Encapsulate(kemPub)
// ML-DSA for signatures
dsaPub, dsaPriv, _ := pqc.MlDsa65.GenerateKeypair()
signature, _ := pqc.MlDsa65.Sign(dsaPriv, message)
// Falcon for compact signatures
falconPub, falconPriv, _ := pqc.Falcon512.GenerateKeypair()
compactSig, _ := pqc.Falcon512.Sign(falconPriv, message)
// SLH-DSA for stateless signatures
slhPub, slhPriv, _ := pqc.SlhDsaShake256f.GenerateKeypair()
statelessSig, _ := pqc.SlhDsaShake256f.Sign(slhPriv, message)
}
KPQC Suite
package main
import (
"github.com/metamui/crypto/suites/kpqc"
)
func useKPQCSuite() {
// SMAUG-T for key encapsulation
smaugPub, smaugPriv, _ := kpqc.SmaugT3.GenerateKeypair()
// Haetae for signatures
haetaePub, haetaePriv, _ := kpqc.Haetae3.GenerateKeypair()
// AIMer for MPC-based signatures
aimerPub, aimerPriv, _ := kpqc.Aimer128f.GenerateKeypair()
// NTRU+ for alternative KEM
ntruPub, ntruPriv, _ := kpqc.NtruPlus768.GenerateKeypair()
}
Concurrent Operations
package main
import (
"sync"
"github.com/metamui/crypto/blake3"
)
func concurrentHashing(files []string) map[string][]byte {
results := make(map[string][]byte)
var mu sync.Mutex
var wg sync.WaitGroup
for _, file := range files {
wg.Add(1)
go func(filename string) {
defer wg.Done()
data, _ := os.ReadFile(filename)
hash := blake3.Sum256(data)
mu.Lock()
results[filename] = hash[:]
mu.Unlock()
}(file)
}
wg.Wait()
return results
}
Secure Memory Management
package main
import (
"github.com/metamui/crypto/secure"
)
func secureOperations() {
// Allocate secure memory
secret := secure.NewBuffer(32)
defer secret.Destroy() // Automatically zeros memory
// Use the secure buffer
copy(secret.Bytes(), sensitiveData)
// Secure string
password := secure.NewString("sensitive_password")
defer password.Clear()
// Lock memory pages (prevent swapping)
if err := secure.LockMemory(secret.Bytes()); err != nil {
// Handle error
}
defer secure.UnlockMemory(secret.Bytes())
}
Error Handling
package main
import (
"errors"
"github.com/metamui/crypto/mlkem768"
"github.com/metamui/crypto/errors"
)
func handleErrors() error {
pub, priv, err := mlkem768.GenerateKeypair()
if err != nil {
switch {
case errors.Is(err, metacrypto.ErrInvalidKey):
return fmt.Errorf("invalid key: %w", err)
case errors.Is(err, metacrypto.ErrLicenseExpired):
return fmt.Errorf("license expired: %w", err)
case errors.Is(err, metacrypto.ErrNotSupported):
return fmt.Errorf("algorithm not supported: %w", err)
default:
return fmt.Errorf("unexpected error: %w", err)
}
}
return nil
}
Performance Optimization
package main
import (
"runtime"
"github.com/metamui/crypto/blake3"
)
func optimizedProcessing() {
// Use all CPU cores
runtime.GOMAXPROCS(runtime.NumCPU())
// Check for hardware acceleration
if blake3.HasAVX2() {
// AVX2 optimized path
blake3.EnableAVX2()
}
// Batch processing
hasher := blake3.NewBatch()
for _, data := range dataSlices {
hasher.Add(data)
}
results := hasher.Finalize()
}
Testing
package main
import (
"testing"
"github.com/metamui/crypto/blake3"
)
func TestBlake3(t *testing.T) {
testCases := []struct {
input []byte
expected string
}{
{[]byte(""), "af13..."},
{[]byte("abc"), "6437..."},
}
for _, tc := range testCases {
result := blake3.Sum256(tc.input)
if hex.EncodeToString(result[:]) != tc.expected {
t.Errorf("unexpected hash for %q", tc.input)
}
}
}
func BenchmarkBlake3(b *testing.B) {
data := make([]byte, 1024*1024) // 1 MB
b.SetBytes(int64(len(data)))
b.ResetTimer()
for i := 0; i < b.N; i++ {
_ = blake3.Sum256(data)
}
}
Build Tags
// +build enterprise
package main
// This file is only compiled with enterprise license
import "github.com/metamui/crypto/enterprise"
# Build with enterprise features
go build -tags enterprise
# Build without certain algorithms
go build -tags "!pqc,!kpqc"
License Verification
package main
import (
"fmt"
"github.com/metamui/crypto/license"
)
func checkLicense() {
info, err := license.Verify()
if err != nil {
panic(err)
}
fmt.Printf("License valid until: %s\n", info.ExpiryDate)
fmt.Printf("Algorithms licensed: %d\n", info.AlgorithmCount)
fmt.Printf("Support tier: %s\n", info.SupportTier)
// Check specific algorithm
if license.IsAlgorithmLicensed("mlkem768") {
// Use ML-KEM-768
}
}
Module Structure
github.com/metamui/crypto/
├── blake3/ # Individual algorithm
├── mlkem768/ # Individual algorithm
├── chacha20poly1305/ # Individual algorithm
├── suites/
│ ├── pqc/ # PQC suite
│ ├── kpqc/ # KPQC suite
│ └── recommended/ # Recommended suite
├── secure/ # Secure memory utilities
├── license/ # License management
└── errors/ # Error definitions
Support Resources
- Documentation:
/opt/metamui/crypto/docs/ - Examples:
/opt/metamui/crypto/examples/ - Support Portal: support.metamui.id
- Enterprise Support: enterprise-support@metamui.id
- Go Package Docs: Local godoc server