crypto

package

v0.2.0 Latest Latest Go to latest Published: May 5, 2026 License: AGPL-3.0 Imports: 12 Imported by: 0

Details

This section is empty.

This section is empty.

func Decrypt(encoded string, key []byte) (string, error)

Decrypt decrypts a base64-encoded AES-256-GCM ciphertext with the given 32-byte key.

func Encrypt(plaintext string, key []byte) (string, error)

Encrypt encrypts plaintext using AES-256-GCM with the given 32-byte key. Returns a base64-encoded ciphertext (nonce prepended).

func GeneratePresignedToken(secretKey, method, bucket, key string, expiresAt time.Time) string

GeneratePresignedToken creates a token for presigned URLs

func GenerateSignature(secretKey, method, path, timestamp string) string

GenerateSignature creates an HMAC-SHA256 signature for a request

func GetEncryptionKey() []byte

GetEncryptionKey returns the current encryption key.

func HashPassword(password string) (string, error)

HashPassword creates a bcrypt hash of a password (for shareable link passwords).

func HashSecret(secret string) string

HashSecret creates a SHA-256 hash of a secret key for storage

func IsTimestampValid(timestamp string) bool

IsTimestampValid checks if a timestamp is within acceptable range (15 minutes)

func SetEncryptionKey(key []byte)

SetEncryptionKey stores the 32-byte key used for encrypting secrets at rest.

func VerifyPassword(password, hash string) bool

VerifyPassword checks if a password matches a bcrypt hash. Also supports legacy SHA-256 hashes for backward compatibility.

func VerifyPresignedToken(secretKey, method, bucket, key string, expiresAt time.Time, token string) bool

VerifyPresignedToken verifies a presigned URL token

func VerifySecret(secret, hash string) bool

VerifySecret checks if a secret matches a stored hash

func VerifySignature(secretKey, method, path, timestamp, signature string) bool

VerifySignature verifies an HMAC-SHA256 signature

This section is empty.