security

Documentation

Index

• func Decrypt(ciphertext []byte, key [32]byte) (plaintext []byte, err error)
• func Encrypt(plaintext []byte) (ciphertext []byte, key [32]byte)
• func GenerateKey() [32]byte
• func Hash(tag string, data []byte) (sum []byte)
• func IsPasswordValid(ciphertext, plaintext []byte) bool
• func NewServer(mux *http.ServeMux, domains ...string) *http.Server
• func Password(plaintext []byte) ([]byte, error)

Functions

func Decrypt

func Decrypt(ciphertext []byte, key [32]byte) (plaintext []byte, err error)

Decrypt takes an encrypted byte slice (ciphertext) and a 256-bit AES key, and decrypts the ciphertext using AES-GCM.

func Encrypt

func Encrypt(plaintext []byte) (ciphertext []byte, key [32]byte)

Encrypt takes an input byte slice (plaintext) and encrypts it using AES-GCM. It returns the encrypted data (ciphertext) and the key used for encryption.

func GenerateKey

func GenerateKey() [32]byte

GenerateKey generates a 256-bit (32-byte) random key for AES encryption. It uses a cryptographically secure random number generator.

func Hash

func Hash(tag string, data []byte) (sum []byte)

Hash generates an HMAC hash using the SHA-512/256 algorithm.

func IsPasswordValid

func IsPasswordValid(ciphertext, plaintext []byte) bool

IsPasswordValid checks if a given plaintext password matches a hashed password.

func NewServer

func NewServer(mux *http.ServeMux, domains ...string) *http.Server

NewServer creates and returns a configured HTTP server with secure TLS settings. Accepts an HTTP request multiplexer (mux) and a list of domains for certificate management.

func Password

func Password(plaintext []byte) ([]byte, error)

Password hashes a plaintext password using bcrypt with a cost of 14.