crypto

package

v1.0.2 Latest Latest Go to latest Published: Nov 26, 2023 License: MIT Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/nidorx/chain

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func Decrypt(secret, encrypted, aad []byte) (plain []byte, err error)
func Encrypt(secret, data, aad []byte) (encrypted []byte, err error)
func SecureBytesCompare(input, secret []byte) bool
func ValidateKey(key []byte) error
type KeyGenerator
- func (g *KeyGenerator) Generate(secret []byte, salt []byte, iterations int, length int, digest string) []byte
type Keyring
type MessageEncryptor
- func (e *MessageEncryptor) Decrypt(secret, encoded, aad []byte) (content []byte, err error)
- func (e *MessageEncryptor) Encrypt(secret, content, aad []byte) (encoded string, err error)
type MessageVerifier
- func (v *MessageVerifier) Sign(secret []byte, content []byte, digest string) string
- func (v *MessageVerifier) Verify(secret []byte, signed []byte) (decoded []byte, err error)

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrKeyringEmpty         = errors.New("no installed keys")
	ErrKeyringCannotDecrypt = errors.New("no installed keys could decrypt the message")
	ErrKeyringCannotVerify  = errors.New("no installed keys could verify the message")
)

View Source

var (
	HEADER            = []byte("A128GCM")
	ErrInvalidMessage = errors.New("invalid message")
)

View Source

var ErrInvalidSignature = errors.New("invalid signature")

View Source

var ErrKeySize = errors.New("key size must be 16, 24 or 32 bytes")

Functions ¶

func Decrypt ¶

func Decrypt(secret, encrypted, aad []byte) (plain []byte, err error)

Decrypt is used to decrypt a message with a given key, and verify it's contents.

func Encrypt ¶

func Encrypt(secret, data, aad []byte) (encrypted []byte, err error)

Encrypt is used to encrypt a data with a given key.

func SecureBytesCompare ¶

func SecureBytesCompare(input, secret []byte) bool

SecureBytesCompare Compares the two binaries in constant-time to avoid timing attacks.

See: http://codahale.com/a-lesson-in-timing-attacks/ Source: https://go.dev/play/p/pICufdp1zA

func ValidateKey ¶

func ValidateKey(key []byte) error

ValidateKey will check to see if the key is valid and returns an error if not.

key should be either 16, 24, or 32 bytes to select AES-128, AES-192, or AES-256.

Types ¶

type KeyGenerator ¶

type KeyGenerator struct {
}

KeyGenerator uses PBKDF2 (Password-Based Key Derivation Function 2), part of PKCS #5 v2.0 (Password-Based Cryptography Specification).

It can be used to derive a number of keys for various purposes from a given secret. This lets applications have a single secure secret, but avoid reusing that key in multiple incompatible contexts.

The returned key is a binary. You may invoke functions in the `base64` module, such as `base64.StdEncoding.EncodeToString()`, to convert this binary into a textual representation.

See http://tools.ietf.org/html/rfc2898#section-5.2

func (*KeyGenerator) Generate ¶

func (g *KeyGenerator) Generate(secret []byte, salt []byte, iterations int, length int, digest string) []byte

Generate Returns a derived key suitable for use.

`iterations` - defaults to 1000 (increase to at least 2^16 if used for passwords);
`length` - a length in octets for the derived key. Defaults to 32;
`digest` - an hmac function to use as the pseudo-random function. Defaults to `sha256`;

type Keyring ¶

type Keyring struct {
	// contains filtered or unexported fields
}

func (*Keyring) AddKey ¶

func (k *Keyring) AddKey(key []byte) error

AddKey will install a new key on the ring. Adding a key to the ring will make it available for use in decryption. If the key already exists on the ring, this function will just return noop.

func (*Keyring) Decrypt ¶

func (k *Keyring) Decrypt(cipherText, aad []byte) (plain []byte, err error)

Decrypt is used to decrypt a message using Keyring keys, and verify it's contents.

func (*Keyring) Encrypt ¶

func (k *Keyring) Encrypt(data, aad []byte) (cipherText []byte, err error)

Encrypt is used to encrypt a data using Keyring primary key.

func (*Keyring) GetKeys ¶

func (k *Keyring) GetKeys() [][]byte

GetKeys returns the current set of keys on the ring.

func (*Keyring) GetPrimaryKey ¶

func (k *Keyring) GetPrimaryKey() (key []byte)

GetPrimaryKey returns the key on the ring at position 0. This is the key used for encrypting messages, and is the first key tried for decrypting messages.

func (*Keyring) MessageDecrypt ¶

func (k *Keyring) MessageDecrypt(encrypted []byte, aad []byte) ([]byte, error)

MessageDecrypt a message using authenticated encryption.

func (*Keyring) MessageEncrypt ¶

func (k *Keyring) MessageEncrypt(content []byte, aad []byte) (encrypted string, err error)

MessageEncrypt a message using authenticated encryption.

func (*Keyring) MessageSign ¶

func (k *Keyring) MessageSign(message []byte, digest string) (string, error)

MessageSign Generates a signed message for the provided value.

func (*Keyring) MessageVerify ¶

func (k *Keyring) MessageVerify(signed []byte) (decoded []byte, err error)

MessageVerify Decodes and verifies the encoded binary was not tampered with.

type MessageEncryptor ¶

type MessageEncryptor struct {
}

func (*MessageEncryptor) Decrypt ¶

func (e *MessageEncryptor) Decrypt(secret, encoded, aad []byte) (content []byte, err error)

Decrypt a message using authenticated encryption. Accepts keys of 128, 192, or 256 bits based on the length of the secret key. Verifies and decrypts a message using AES128-GCM mode.

Decryption will never be performed prior to verification.

The encrypted content encryption key (CEK) is decrypted with aesGCMKeyUnwrap.

func (*MessageEncryptor) Encrypt ¶

func (e *MessageEncryptor) Encrypt(secret, content, aad []byte) (encoded string, err error)

Encrypt encrypts and authenticates a message using AES128-GCM mode.

A random 128-bit content encryption key (CEK) is generated for every message which is then encrypted with secret and aad using AES GCM mode.

See: https://tools.ietf.org/html/rfc7518#section-4.7

type MessageVerifier ¶

type MessageVerifier struct {
}

MessageVerifier makes it easy to generate and verify messages which are signed to prevent tampering.

func (*MessageVerifier) Sign ¶

func (v *MessageVerifier) Sign(secret []byte, content []byte, digest string) string

Sign Generates a signed message for the provided value.

See https://www.rfc-editor.org/rfc/rfc7515#section-3.2 See https://www.rfc-editor.org/rfc/rfc7515#section-7

func (*MessageVerifier) Verify ¶

func (v *MessageVerifier) Verify(secret []byte, signed []byte) (decoded []byte, err error)

Verify Decodes and verifies the encoded binary was not tampered with.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL