Documentation ¶
Overview ¶
ThreatSpec package github.com/pki-io/core/crypto as crypto
The crypto package contains a number of cryptographic helper functions. It is intended that these are called from other packages, not directly from application code.
ThreatSpec package github.com/pki-io/core/crypto as crypto
Index ¶
- func AESDecrypt(ciphertext, iv, key []byte) ([]byte, error)
- func AESEncrypt(plaintext, key []byte) (ciphertext []byte, iv []byte, err error)
- func Authenticate(message string, key []byte, signature *Signed) error
- func Base64Decode(input []byte) (decoded []byte, err error)
- func Base64Encode(input []byte) []byte
- func Decrypt(cipherText []byte, privateKey crypto.PrivateKey) ([]byte, error)
- func Encrypt(plaintext []byte, publicKey crypto.PublicKey) ([]byte, error)
- func ExpandKey(key, salt []byte) ([]byte, []byte, error)
- func GenerateECKey() (*ecdsa.PrivateKey, error)
- func GenerateRSAKey() (*rsa.PrivateKey, error)
- func GroupDecrypt(encrypted *Encrypted, keyID string, privateKeyPem string) (string, error)
- func HMAC(message []byte, key []byte, signature *Signed) error
- func HMACVerify(message, key, signature []byte) error
- func Pad(src []byte, blockSize int) []byte
- func PemDecodePrivate(in []byte) (crypto.PrivateKey, error)
- func PemDecodePublic(in []byte) (crypto.PublicKey, error)
- func PemEncodePrivate(key crypto.PrivateKey) ([]byte, error)
- func PemEncodePublic(key crypto.PublicKey) ([]byte, error)
- func RandomBytes(size int) ([]byte, error)
- func Sign(message string, privateKeyString string, signature *Signed) error
- func SignMessage(message []byte, privateKey crypto.PrivateKey) ([]byte, error)
- func SymmetricDecrypt(encrypted *Encrypted, key string) (string, error)
- func TimeOrderedUUID() string
- func UUID() string
- func UnPad(src []byte) []byte
- func Verify(signed *Signed, key []byte) error
- func VerifySignature(message []byte, signature []byte, publicKey crypto.PublicKey) error
- type Encrypted
- type KeyType
- type Mode
- type Signed
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AESDecrypt ¶
AESDecrypt is an opinionated helper function that decryptes a ciphertext encrypted with 256 bit AES in CBC mode and returns the plaintext.
func AESEncrypt ¶
AESEncrypt is an opinionated helper function that implements 256 bit AES in CBC mode. It creates a random 128 bit IV which is returned along with the ciphertext.
func Authenticate ¶
Authenticate takes a message and MACs using the given key. The signature and inputs are added to the provided Signed input.
func Base64Decode ¶
Base64Decode returns the base64 decoded input.
func Base64Encode ¶
Base64Encode returns the base64 encoding of the input.
func Decrypt ¶
func Decrypt(cipherText []byte, privateKey crypto.PrivateKey) ([]byte, error)
Decrypt is a wrapper function that will decrypt a ciphertext using the provided private key, and returns the plaintext. It supports RSA and ECDSA private keys.
func Encrypt ¶
Encrypt is a wrapper function that will encrypt a plaintext using the provided public key, and returns the ciphertext. It supports RSA and ECDSA public keys.
func ExpandKey ¶
ExpandKey is an opinionated helper function to cryptographically expand a key using a 128 bit salt and PBKDF2. If the salt is of 0 length, it generates a new salt, and returns the expanded key and salt as byte arrays.
A salt should only be provided as part of a decryption or verification process. When using ExpandKey to create a new key, let ExpandKey generate the salt. This is to lessen the risk of a weak or non-unique salt being used.
func GenerateECKey ¶
func GenerateECKey() (*ecdsa.PrivateKey, error)
GenerateECKey is an opinionated helper function to generate a P256 ECDSA key pair.
func GenerateRSAKey ¶
func GenerateRSAKey() (*rsa.PrivateKey, error)
GenerateRSAKey is an opinionated helper function to generate a 2048 bit RSA key pair
func GroupDecrypt ¶
GroupDecrypt takes an Encrypted struct and decrypts for the given private key, returning a plaintext string.
func HMAC ¶
HMAC is a wrapper function that calculates a HMAC for a given message and symmetric key.
func HMACVerify ¶
HMACVerify verifies the HMAC of the given message. If verified, the function returns nil, otherwise it returns an error.
func Pad ¶
Pad takes the src byte array and PKCS5 pads it to blockSize, returning the padded byte array.
Taken from the tutorial available here: https://www.socketloop.com/tutorials/golang-padding-un-padding-data
func PemDecodePrivate ¶
func PemDecodePrivate(in []byte) (crypto.PrivateKey, error)
PemDecodePrivate decodes a PEM encoded private key. It supports PKCS1 and EC private keys.
func PemDecodePublic ¶
PemDecodePublic decodes a PEM encoded public key. It supports any PKIX public key.
func PemEncodePrivate ¶
func PemEncodePrivate(key crypto.PrivateKey) ([]byte, error)
PemEncodePrivate PEM encodes a private key. It supports RSA and ECDSA key types.
func PemEncodePublic ¶
PemEncodePublic PEM encodes a public key. It supports RSA and ECDSA.
func RandomBytes ¶
RandomBytes generates and returns size number of random bytes.
func Sign ¶
Sign takes a message string and signs using the given private key. The signature and inputs are added to the provided Signed input.
func SignMessage ¶
func SignMessage(message []byte, privateKey crypto.PrivateKey) ([]byte, error)
SignMessage signs a message using the provided private key. It supports RSA and ECDSA and returns the message signature.
func SymmetricDecrypt ¶
SymmetricDecrypt takes an Encrypted struct and decrypts with the given symmetric key, returning a plaintext string.
func TimeOrderedUUID ¶
func TimeOrderedUUID() string
TimeOrderedUUID taken directly from https://github.com/mitchellh/packer/blob/master/common/uuid/uuid.go
func UUID ¶
func UUID() string
UUID is an opinionated helper function that generate a 128 bit time-ordered UUID string.
Documentation for the TimeOrderedUUID function is available here: TODO
From the source docs: Top 32 bits are a timestamp, bottom 96 bytes are random.
func UnPad ¶
UnPad takes the src byte array and PKCS5 unpads it.
Taken from the tutorial available here: https://www.socketloop.com/tutorials/golang-padding-un-padding-data
Types ¶
type Encrypted ¶
type Encrypted struct { Ciphertext string Mode string Inputs map[string]string Keys map[string]string }
Encrypted represents a ciphertext with related inputs
func GroupEncrypt ¶
GroupEncrypt takes a plaintext and encrypts with one or more public keys.
func SymmetricEncrypt ¶
SymmetricEncrypt takes a plaintext and symmetrically encrypts using the given key.
type KeyType ¶
type KeyType string
KeyType represents a supported public key pair type
func GetKeyType ¶
GetKeyType returns the key type for a given key