README ¶
go-crypto-guard
Language
Introduction
This repository contains a comprehensive password hashing library written in Go. The library supports multiple hashing algorithms,it allows for customizable salt length, iterations, key length, and algorithm selection. This open-source project aims to provide developers with a versatile tool for secure password storage and validation.
Algorithms supported:
- SHA512
- SHA384
- SHA256
- SHA1
- Md5
- HMAC
- Argon2
- Bcrypt
- Scrypt
- Blake2b
- Blake2s
- AES
- DES
- 3DES
- RSA
- RC4
- Blowfish
- ECC
The format of the some passwords
is same as the encryption algorithm format that comes with Django:
<algorithm>$<iterations>$<salt>$<hash>
others may be like:
<algorithm>$<hash>
Installation
go get -u github.com/palp1tate/go-crypto-guard
Usage
Some examples of usage are provided below:
SHA512
// SHA512 encrypts a password using PBKDF2 and SHA-512.
// It takes a password, salt length, key length, and iterations as input.If you pass in an invalid value, the function takes the default value.
// It generates a salt, derives a key using PBKDF2 and SHA-512, and returns the encrypted password.
//The format of password:<algorithm>$<iterations>$<salt>$<hash>
//pbkdf2_sha512$100$40fde046f66c1d9e55b4435d$1fdd34c50a98e576b612d66be507f019
password := "12345678"
encodedPassword, _ := pwd.GenSHA512(password, 12, 16, 100)
ok, _ := pwd.VerifySHA512(password, encodedPassword)
The use of SHA384、SHA256、SHA1、Md5 and Argon2 are the same as for SHA512.
HMAC
// HMAC encrypts a password using HMAC and SHA-256.
// It takes a password and salt length as input.
// It generates a salt, computes the HMAC of the password using the salt and SHA-256, and returns the encrypted password.
//The format of password:<algorithm>$<salt>$<hash>
//hmac$3bf4e2c1a9ed54575d0d1f937eb363ab$a6ed73f8fe48867db2bd58c69ebe6c0fb91ecdd8147c4352fecf018d07cb4f43
password := "12345678"
encodedPassword, _ := pwd.GenHMAC(password, 16)
ok, _ := pwd.VerifyHMAC(password, encodedPassword)
Bcrypt
// Bcrypt encrypts a password using the Bcrypt hashing function.
// It takes a password as input, generates a hash from the password using Bcrypt's default cost, and returns the encrypted password.
//The format of password:<algorithm>$<hash>
//bcrypt$243261243130246769545174546869684f565835616a694a4e3578432e6e387a4c426451526932692e443067756758334a436d3532717365784e5661
password := "12345678"
encodedPassword, _ := pwd.GenBcrypt(password)
ok, _ := pwd.VerifyBcrypt(password, encodedPassword)
The use of Blake2b、Blake2s、 are the same as for Bcrypt.
Scrypt
// Scrypt encrypts a password using the Scrypt key derivation function.
// It takes a password, salt length, and key length as input.
// It generates a salt, derives a key using Scrypt and the provided parameters, and returns the encrypted password.
//The format of password:<algorithm>$<salt>$<hash>
//scrypt$679a0a3c8336a9ff36b809862e7d494c$c4cec5ca742fa984045457f76d217acf245f032251c6a3952c4d68e1cba4a488
password := "12345678"
encodedPassword, _ := pwd.GenScrypt(password, 16, 32)
ok, _ := pwd.VerifyScrypt(password, encodedPassword)
AES
// AES encrypts a password using the AES encryption algorithm.
// It takes a password and an AES key as input.
// It creates a new cipher block from the AES key, applies PKCS7 padding to the password, and encrypts the password using CBC mode.
// It returns the encrypted password.
//The format of password:<algorithm>$<hash>
//aes$BhV9oJiePwpsEwDWizJoCA==
password := "12345678"
//the length of aes key must be 32
aesKey := "palpitateabcdefghijklmn123456789"
encodedPassword, _ := pwd.GenAES(password, aesKey)
ok, _ := pwd.VerifyAES(password, encodedPassword, aesKey)
The use of DES 、ThreeDES、RC4 and Blowfish are the same as for Bcrypt.For DES,the length of des key must be 8.For ThreeDES,the length of threedes key must be 24.There is no limit to the length of the rc4Key and blowfishKey ,but for Blowfish, the length of password must be 8.
RSA
// GenRSAKey generates a pair of RSA keys and saves them to files.
// It takes the number of bits for the key as input.2048 or 4096 is recommended.
// It generates a private key and a public key, and writes them to "privateKey.pem" and "publicKey.pem" respectively.
// RSA encrypts a password using the RSA encryption algorithm.
// It takes a password and the path to a public key file as input.
// It reads the public key from the file, encrypts the password using RSA and PKCS1v15 padding, and returns the encrypted password.
//The format of password:<algorithm>$<hash>
//rsa$3p1+X80iFIDtwtKOQFjXm+deyv+cxkEIbpXuwXcqbcCvean6zyWvcrogQtDj2MkYOE2ScHpARR93RYxs3y+RXetKAHhrDqWURYcyJwuTwShBmR4hz+3WkFzhqm44IgPdlgdt70uO7TXx6fj1WmUTsZpNDTF/WNdEUO7Rzc8wahYBcnMOnPgUXrnUCYRSX7OBjuLwThnd9FTgh8CdaqESHWh6UPgkj9xz3G2uRplx2Tae0Pbsk8vQTuJXsqT//Q8yoC+ELo+5S6wTE6H8AMBdgvJgNHzFDldQD8UsZ7Ta/u2uF/joHwBA6V6IS4+1ithspE9ceJZCBWo2Cj6fMIbvjg==
//Before you can encrypt a password, you must first generate a pair of keys.This function can be called only once, remembering that the same key pair is required when verifying the password.
_ = pwd.GenRSAKey(2048) //It only needs to be called once
password := "12345678"
encodedPassword, _ := pwd.GenRSA(password, "publicKey.pem")
ok, _ := pwd.VerifyRSA(password, encodedPassword, "privateKey.pem")
ECC
// ECC encrypts a password using the ECC encryption algorithm.
// It takes a password and a private key as input.
// It computes the SHA-256 digest of the password, signs the digest using the private key, and returns the encrypted password.
//The format of password:<algorithm>$<hash>
//ecc$BQOoQvBhRHKi9GsV0qpPiyMJ5hRwdiXlQL7CcMsPCo1GvIomtb8xzjNnmq7RNRWmS9AKXo+i0Cg4fmAdLeCN8w==
password := "12345678"
privateKey, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
encodedPassword, _ := pwd.GenECC(password, privateKey)
publicKey := privateKey.PublicKey
ok, _ := pwd.VerifyECC(password, encodedPassword publicKey)
Contribute
Welcome contributions to the repository. Here are a few ways you can help:
- Report bugs: If you encounter any issues or bugs, please open an issue on the GitHub repository.
- Suggest enhancements: If you have ideas for new features or improvements, feel free to open an issue detailing your suggestion.
- Submit pull requests: If you’ve fixed a bug or developed a new feature, we’d love to see it. Please submit a pull request with your changes.
Before contributing, please make sure to read and follow our code of conduct and contribution guidelines (if available).
License
This project is licensed under the Apache License 2.0. See the Apache License 2.0 file for more details.
Documentation ¶
Index ¶
- Constants
- Variables
- func Decode2byte(s string) ([]byte, error)
- func DecodeString(s string) ([]byte, error)
- func Encode2string(dk []byte) string
- func EncodeToString(dk []byte) string
- func GeneratePBKDF2(password string, salt string, iter int, keyLen int, hashFunc func() hash.Hash) []byte
- func GenerateSalt(length int) (string, error)
- func PKCS7Padding(ciphertext []byte, blockSize int) []byte
- func PKCS7UnPadding(origData []byte) ([]byte, error)
- func ParseParameters(password string, saltLength, keyLength, iterations int) (string, int, int, int, error)
- type Algorithm
Constants ¶
const ( DefaultSaltLength = 16 DefaultIterations = 50 DefaultKeyLength = 32 )
Variables ¶
Functions ¶
func Decode2byte ¶ added in v1.0.0
func DecodeString ¶ added in v1.0.0
func Encode2string ¶ added in v1.0.0
func EncodeToString ¶ added in v1.0.0
func GeneratePBKDF2 ¶ added in v1.0.0
func GenerateSalt ¶ added in v1.0.0
func PKCS7Padding ¶ added in v1.0.0
func PKCS7UnPadding ¶ added in v1.0.0
Types ¶
type Algorithm ¶ added in v0.6.0
type Algorithm string
const ( SHA512 Algorithm = "pbkdf2_sha512" SHA384 Algorithm = "pbkdf2_sha384" SHA256 Algorithm = "pbkdf2_sha256" SHA1 Algorithm = "pbkdf2_sha1" Md5 Algorithm = "pbkdf2_md5" Bcrypt Algorithm = "bcrypt" Scrypt Algorithm = "scrypt" Argon2 Algorithm = "argon2" HMAC Algorithm = "hmac" Blake2b Algorithm = "blake2b" Blake2s Algorithm = "blake2s" AES Algorithm = "aes" Blowfish Algorithm = "blowfish" DES Algorithm = "des" ThreeDES Algorithm = "3des" ECC Algorithm = "ecc" RC4 Algorithm = "rc4" RSA Algorithm = "rsa" )