Documentation
¶
Index ¶
- func AesCbcDecrypt(data string, passphrase string) (string, error)
- func AesCbcEncrypt(data string, passphrase string) (string, error)
- func AesCfbDecrypt(data string, passphrase string) (string, error)
- func AesCfbEncrypt(data string, passphrase string) (string, error)
- func AesGcmDecrypt(data string, passphrase string) (string, error)
- func AesGcmEncrypt(data string, passphrase string) (string, error)
- func AppendHmac(encryptedData string, key string) (string, error)
- func Generate32ByteRandomKey(passphrase string) (string, error)
- func Md5(data string, salt string) string
- func PasswordHash(password string, cost int) (string, error)
- func PasswordVerify(password string, hash string) (bool, error)
- func RsaAesParseTPKHashFromEncryptedPayload(encryptedData string) string
- func RsaAesPrivateKeyDecryptAndVerify(encryptedData string, recipientPrivateKeyHexOrPem string) (plainText string, senderPublicKeyHexOrPem string, err error)
- func RsaAesPublicKeyEncryptAndSign(plainText string, recipientPublicKeyHexOrPem string, ...) (encryptedData string, err error)
- func RsaCreateKey() (privateKey string, publicKey string, err error)
- func RsaPrivateKeyDecrypt(data string, privateKeyHexOrPem string) (string, error)
- func RsaPrivateKeyDecryptAndPublicKeyVerify(data string, recipientPrivateKeyHexOrPem string, signatureHex string, ...) (plaintext string, verified bool, err error)
- func RsaPrivateKeySign(data string, privateKeyHexOrPem string) (string, error)
- func RsaPublicKeyEncrypt(data string, publicKeyHexOrPem string) (string, error)
- func RsaPublicKeyEncryptAndPrivateKeySign(data string, recipientPublicKeyHexOrPem string, ...) (encryptedData string, signature string, err error)
- func RsaPublicKeyVerify(data string, publicKeyHexOrPem string, signatureHex string) error
- func Sha256(data string, salt string) string
- func ValidateHmac(encryptedDataWithHmac string, key string) (string, error)
- type TlsConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AesCbcDecrypt ¶
AesCbcDecrypt will decrypt using aes cbc 256 bit, passphrase must be 32 bytes, if over 32 bytes, it be truncated
func AesCbcEncrypt ¶
AesCbcEncrypt will encrypt using aes cbc 256 bit, passphrase must be 32 bytes, if over 32 bytes, it be truncated, encrypted data is represented in hex value
func AesCfbDecrypt ¶
AesCfbDecrypt will decrypt using aes cfb 256 bit, passphrase must be 32 bytes, if over 32 bytes, it be truncated
func AesCfbEncrypt ¶
AesCfbEncrypt will encrypt using aes cfb 256 bit, passphrase must be 32 bytes, if over 32 bytes, it be truncated, encrypted data is represented in hex value
func AesGcmDecrypt ¶
AesGcmDecrypt will decrypt using aes gcm 256 bit, passphrase must be 32 bytes, if over 32 bytes, it be truncated
func AesGcmEncrypt ¶
AesGcmEncrypt will encrypt using aes gcm 256 bit, passphrase must be 32 bytes, if over 32 bytes, it be truncated, encrypted data is represented in hex value
func AppendHmac ¶
AppendHmac will calculate the hmac for the given encrypted data based on the given key, and append the Hmac to the end of the encrypted data and return the newly assembled encrypted data with hmac key must be 32 bytes
func Generate32ByteRandomKey ¶
Generate32ByteRandomKey will generate a random 32 byte key based on passphrase and random salt, passphrase does not need to be any specific length
func PasswordHash ¶
PasswordHash uses BCrypt to hash the given password and return a corresponding hash, suggested cost = 13 (440ms), if cost is left as 0, then default 13 is assumed
func PasswordVerify ¶
PasswordVerify uses BCrypt to verify the input password against a prior hash version to see if match
func RsaAesParseTPKHashFromEncryptedPayload ¶
RsaAesParseTPKHashFromEncryptedPayload will get the public key TPK hash from the embedded encrypted data string
func RsaAesPrivateKeyDecryptAndVerify ¶
func RsaAesPrivateKeyDecryptAndVerify(encryptedData string, recipientPrivateKeyHexOrPem string) (plainText string, senderPublicKeyHexOrPem string, err error)
RsaAesPrivateKeyDecryptAndVerify is a simplified wrapper method to decrypt incoming encrypted payload envelop that was previously encrypted using the RsaAesPublicKeyEncryptAndSign(), this function will use recipient's private key to decrypt the rsa encrypted dynamic aes key and then using the dynamic aes key to decrypt the aes encrypted data payload, this function will then parse the decrypted payload and perform a verification of signature using the sender's public key
usage tip: the sender's public key can then be used to encrypt the return data back to the sender as a reply using RsaAesPublicKeyEncryptedAndSign(),
in this usage pattern, only the public key is used in each messaging cycle, while the aes key is dynamically generated each time and no prior knowledge of it is known, since the public key encrypted data cannot be decrypted unless with private key, then as long as the private key is protected, then the messaging pipeline will be secured, furthermore, by using sender private key sign and sender public key verify into the message authentication, we further ensure the plain text data is coming from the expected source
recipientPrivateKeyHexOrPem = can be either HEX or PEM
func RsaAesPublicKeyEncryptAndSign ¶
func RsaAesPublicKeyEncryptAndSign(plainText string, recipientPublicKeyHexOrPem string, senderPublicKeyHexOrPem string, senderPrivateKeyHexOrPem string) (encryptedData string, err error)
RsaAesPublicKeyEncryptAndSign is a simplified wrapper method to generate a random AES key, then encrypt plainText using AES GCM, and then sign plain text data using sender's private key, and then using recipient's public key to encrypt the dynamic aes key, and finally compose the encrypted payload that encapsulates a full envelop:
<STX>RsaPublicKeyEncryptedAESKeyData + AesGcmEncryptedPayload(PlainTextData<VT>SenderPublicKey<VT>PlainTextDataSignature)<ETX> warning: VT is used in encrypted payload as separator, make sure to escape VT if it is to be used inside the plainTextData <<< IMPORTANT
recipientPublicKeyHexOrPem = can be either HEX or PEM senderPublicKeyHexOrPem = can be either HEX or PEM senderPrivateKeyHexOrPem = can be either HEX or PEM
func RsaCreateKey ¶
RsaCreateKey generates the private and public key pair, expressed in hex code value
func RsaPrivateKeyDecrypt ¶
RsaPrivateKeyDecrypt will decrypt rsa public key encrypted data using its corresponding rsa private key
privateKeyHexOrPem = can be either HEX or PEM
func RsaPrivateKeyDecryptAndPublicKeyVerify ¶
func RsaPrivateKeyDecryptAndPublicKeyVerify(data string, recipientPrivateKeyHexOrPem string, signatureHex string, senderPublicKeyHexOrPem string) (plaintext string, verified bool, err error)
RsaPrivateKeyDecryptAndPublicKeyVerify will decrypt given data using recipient's rsa private key, and then using sender's rsa public key to verify if the signature given is a match, NOTE: data represents the encrypted data
recipientPrivateKeyHexOrPem = can be either HEX or PEM senderPublicKeyHexOrPem = can be either HEX or PEM
func RsaPrivateKeySign ¶
RsaPrivateKeySign will sign the plaintext data using the given private key, NOTE: data must be plain text before encryption as signature verification is against plain text data signature is returned via hex
privateKeyHexOrPem = can be either HEX or PEM
func RsaPublicKeyEncrypt ¶
RsaPublicKeyEncrypt will encrypt given data using rsa public key, encrypted data is represented in hex value
publicKeyHexOrPem = can be either HEX or PEM
func RsaPublicKeyEncryptAndPrivateKeySign ¶
func RsaPublicKeyEncryptAndPrivateKeySign(data string, recipientPublicKeyHexOrPem string, senderPrivateKeyHexOrPem string) (encryptedData string, signature string, err error)
RsaPublicKeyEncryptAndPrivateKeySign will encrypt given data using recipient's rsa public key, and then using sender's rsa private key to sign, NOTE: data represents the plaintext data, encrypted data and signature are represented in hex values
recipientPublicKeyHexOrPem = can be either HEX or PEM senderPrivateKeyHexOrPem = can be either HEX or PEM
func RsaPublicKeyVerify ¶
RsaPublicKeyVerify will verify the plaintext data using the given public key, NOTE: data must be plain text before encryption as signature verification is against plain text data if verification is successful, nil is returned, otherwise error is returned
publicKeyHexOrPem = can be either HEX or PEM
func ValidateHmac ¶
ValidateHmac will verify if the appended hmac validates against the message based on the given key, and parse the hmac out and return the actual message if hmac validation succeeds, if hmac validation fails, then blank is returned and the error contains the failure reason
Types ¶
type TlsConfig ¶
type TlsConfig struct{}
func (*TlsConfig) GetClientTlsConfig ¶
func (t *TlsConfig) GetClientTlsConfig(serverCaCertPemPath []string, clientCertPemPath string, clientKeyPemPath string) (*tls.Config, error)
GetClientTlsConfig returns *tls.config configured for server TLS or mTLS based on parameters
serverCaCertPath = (required) one or more server ca cert path and file name, required for both server TLS or mTLS clientCertPemPath = (optional) for mTLS setup, path and file name to the client cert pem (unencrypted version) clientKeyPemPath = (optional) for mTLS setup, path and file name to the client key pem (unencrypted version)
func (*TlsConfig) GetServerTlsConfig ¶
func (t *TlsConfig) GetServerTlsConfig(serverCertPemPath string, serverKeyPemPath string, clientCaCertPemPath []string) (*tls.Config, error)
GetServerTlsConfig returns *tls.config configured for server TLS or mTLS based on parameters
serverCertPemPath = (required) path and file name to the server cert pem (unencrypted version) serverKeyPemPath = (required) path and file name to the server key pem (unencrypted version) clientCaCertPath = (optional) one or more client ca cert path and file name, in case tls.config is for mTLS
Source Files