tokencrypt

package module

v0.0.0-...-e23263c Latest Latest Go to latest Published: Jul 8, 2023 License: MIT Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/3ncr/tokencrypt

Links

Open Source Insights

README ¶

tokencrypt (3ncr.org)

3ncr.org is a standard for string encryption/decryption (algorithms + storage format). Originally it was intended for encryption tokens in configuration files.

3ncr.org v1 uses modern cryptographic primitives (SHA3-256, AES-256-GCM) and is fairly simple:

    header + base64(iv + data + tag)

Encrypted data looks like this 3ncr.org/1#pHRufQld0SajqjHx+FmLMcORfNQi1d674ziOPpG52hqW5+0zfJD91hjXsBsvULVtB017mEghGy3Ohj+GgQY5MQ

This is a golang implementation.

Usage

tokenCrypt := tokencrypt.NewTokenCrypt(secret, salt, 1000);

secret and salt - are encryption keys (technically one of them is key, another is salt, but you need to store them both somewhere, preferably in different places).

You can store them any preferred places: environment variables, files, shared memory, drive from hardware serial numbers or MAC addresses. Be creative.

1000 - is a number of PBKDF2 rounds. The more is better and slower. If you are sure that your secrets are long and random, you can keep this value reasonable low.

After you created an instance, you can just use Encrypt3ncr and DecryptIf3ncr methods:

token := "08019215-B205-4416-B2FB-132962F9952F"; // your secret you want to encrypt 
encryptedSecretToken, _ := tokenCrypt.Encrypt3ncr(token);
// now encryptedSecretToken == "3ncr.org/1#pHRufQld0SajqjHx+FmLMcORfNQi1d674ziOPpG52hqW5+0zfJD91hjXsBsvULVtB017mEghGy3Ohj+GgQY5MQ"

// ... some time later in another context ...  

decryptedSecretToken, _ = tokenCrypt.DecryptIf3ncr(encryptedSecretToken); 
// now decryptedSecretToken == "08019215-B205-4416-B2FB-132962F9952F";

Method DecryptIf3ncr returns the same string if supplied argument does not start with 3ncr.org value. It is safe to pass through it all values from your configuration file.

Command line utility

tokencrypt-cmd is an interactive command-line utility that does encryption/decryption

Documentation ¶

Index ¶

type EncToken
- func NewRawTokenCrypt(key []byte) (*EncToken, error)
- func NewTokenCrypt(secret []byte, salt []byte, iter int) (*EncToken, error)
- func (c *EncToken) DecryptIf3ncr(source string) (string, error)
- func (c *EncToken) Encrypt3ncr(source string) (string, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type EncToken ¶

type EncToken struct {
	// contains filtered or unexported fields
}

func NewRawTokenCrypt ¶

func NewRawTokenCrypt(key []byte) (*EncToken, error)

func NewTokenCrypt ¶

func NewTokenCrypt(secret []byte, salt []byte, iter int) (*EncToken, error)

NewTokenCrypt returns a new 3ncr.org encrypter / decrypter. It derives AES-256 key using PBKDF2 with SHA3-256

func (*EncToken) DecryptIf3ncr ¶

func (c *EncToken) DecryptIf3ncr(source string) (string, error)

DecryptIf3ncr decrypts a 3ncr.org string If the string does not starts with 3ncr.org header, it returns the argument unmodified and no error

func (*EncToken) Encrypt3ncr ¶

func (c *EncToken) Encrypt3ncr(source string) (string, error)

Encrypt3ncr encrypts a string using most recent 3ncr.org version available

Source Files ¶

View all Source files

tokencrypt.go

Directories ¶

Path	Synopsis
tokencrypt-cmd

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL