crypto

package
v0.0.0-...-5f4467c Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 12, 2017 License: Apache-2.0 Imports: 21 Imported by: 3

Documentation

Overview

ThreatSpec package github.com/pki-io/core/crypto as crypto

The crypto package contains a number of cryptographic helper functions. It is intended that these are called from other packages, not directly from application code.

ThreatSpec package github.com/pki-io/core/crypto as crypto

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AESDecrypt 

func AESDecrypt(ciphertext, iv, key []byte) ([]byte, error)

AESDecrypt is an opinionated helper function that decryptes a ciphertext encrypted with 256 bit AES in CBC mode and returns the plaintext.

func AESEncrypt 

func AESEncrypt(plaintext, key []byte) (ciphertext []byte, iv []byte, err error)

AESEncrypt is an opinionated helper function that implements 256 bit AES in CBC mode. It creates a random 128 bit IV which is returned along with the ciphertext.

func Authenticate 

func Authenticate(message string, key []byte, signature *Signed) error

Authenticate takes a message and MACs using the given key. The signature and inputs are added to the provided Signed input.

func Base64Decode 

func Base64Decode(input []byte) (decoded []byte, err error)

Base64Decode returns the base64 decoded input.

func Base64Encode 

func Base64Encode(input []byte) []byte

Base64Encode returns the base64 encoding of the input.

func Decrypt 

func Decrypt(cipherText []byte, privateKey crypto.PrivateKey) ([]byte, error)

Decrypt is a wrapper function that will decrypt a ciphertext using the provided private key, and returns the plaintext. It supports RSA and ECDSA private keys.

func Encrypt 

func Encrypt(plaintext []byte, publicKey crypto.PublicKey) ([]byte, error)

Encrypt is a wrapper function that will encrypt a plaintext using the provided public key, and returns the ciphertext. It supports RSA and ECDSA public keys.

func ExpandKey 

func ExpandKey(key, salt []byte) ([]byte, []byte, error)

ExpandKey is an opinionated helper function to cryptographically expand a key using a 128 bit salt and PBKDF2. If the salt is of 0 length, it generates a new salt, and returns the expanded key and salt as byte arrays.

A salt should only be provided as part of a decryption or verification process. When using ExpandKey to create a new key, let ExpandKey generate the salt. This is to lessen the risk of a weak or non-unique salt being used.

func GenerateECKey 

func GenerateECKey() (*ecdsa.PrivateKey, error)

GenerateECKey is an opinionated helper function to generate a P256 ECDSA key pair.

func GenerateRSAKey 

func GenerateRSAKey() (*rsa.PrivateKey, error)

GenerateRSAKey is an opinionated helper function to generate a 2048 bit RSA key pair

func GroupDecrypt 

func GroupDecrypt(encrypted *Encrypted, keyID string, privateKeyPem string) (string, error)

GroupDecrypt takes an Encrypted struct and decrypts for the given private key, returning a plaintext string.

func HMAC 

func HMAC(message []byte, key []byte, signature *Signed) error

HMAC is a wrapper function that calculates a HMAC for a given message and symmetric key.

func HMACVerify 

func HMACVerify(message, key, signature []byte) error

HMACVerify verifies the HMAC of the given message. If verified, the function returns nil, otherwise it returns an error.

func Pad 

func Pad(src []byte, blockSize int) []byte

Pad takes the src byte array and PKCS5 pads it to blockSize, returning the padded byte array.

Taken from the tutorial available here: https://www.socketloop.com/tutorials/golang-padding-un-padding-data

func PemDecodePrivate 

func PemDecodePrivate(in []byte) (crypto.PrivateKey, error)

PemDecodePrivate decodes a PEM encoded private key. It supports PKCS1 and EC private keys.

func PemDecodePublic 

func PemDecodePublic(in []byte) (crypto.PublicKey, error)

PemDecodePublic decodes a PEM encoded public key. It supports any PKIX public key.

func PemEncodePrivate 

func PemEncodePrivate(key crypto.PrivateKey) ([]byte, error)

PemEncodePrivate PEM encodes a private key. It supports RSA and ECDSA key types.

func PemEncodePublic 

func PemEncodePublic(key crypto.PublicKey) ([]byte, error)

PemEncodePublic PEM encodes a public key. It supports RSA and ECDSA.

func RandomBytes 

func RandomBytes(size int) ([]byte, error)

RandomBytes generates and returns size number of random bytes.

func Sign 

func Sign(message string, privateKeyString string, signature *Signed) error

Sign takes a message string and signs using the given private key. The signature and inputs are added to the provided Signed input.

func SignMessage 

func SignMessage(message []byte, privateKey crypto.PrivateKey) ([]byte, error)

SignMessage signs a message using the provided private key. It supports RSA and ECDSA and returns the message signature.

func SymmetricDecrypt 

func SymmetricDecrypt(encrypted *Encrypted, key string) (string, error)

SymmetricDecrypt takes an Encrypted struct and decrypts with the given symmetric key, returning a plaintext string.

func TimeOrderedUUID 

func TimeOrderedUUID() string

TimeOrderedUUID taken directly from https://github.com/mitchellh/packer/blob/master/common/uuid/uuid.go

func UUID 

func UUID() string

UUID is an opinionated helper function that generate a 128 bit time-ordered UUID string.

Documentation for the TimeOrderedUUID function is available here: TODO

From the source docs: Top 32 bits are a timestamp, bottom 96 bytes are random.

func UnPad 

func UnPad(src []byte) []byte

UnPad takes the src byte array and PKCS5 unpads it.

Taken from the tutorial available here: https://www.socketloop.com/tutorials/golang-padding-un-padding-data

func Verify 

func Verify(signed *Signed, key []byte) error

Verify takes a Signed struct and verifies the signature using the given key. It supports both symmetric (MAC) and public key signatures.

func VerifySignature 

func VerifySignature(message []byte, signature []byte, publicKey crypto.PublicKey) error

VerifySignature verifies a message for a given signature and public key. If verified, the function returns nil, otherwise it returns an error. It supports RSA and ECDSA public keys.

Types

type Encrypted 

type Encrypted struct {
	Ciphertext string
	Mode       string
	Inputs     map[string]string
	Keys       map[string]string
}

Encrypted represents a ciphertext with related inputs

func GroupEncrypt 

func GroupEncrypt(plaintext string, publicKeys map[string]string) (*Encrypted, error)

GroupEncrypt takes a plaintext and encrypts with one or more public keys.

func SymmetricEncrypt 

func SymmetricEncrypt(plaintext, id, key string) (*Encrypted, error)

SymmetricEncrypt takes a plaintext and symmetrically encrypts using the given key.

type KeyType 

type KeyType string

KeyType represents a supported public key pair type 

const (
	KeyTypeRSA KeyType = "rsa"
	KeyTypeEC  KeyType = "ec"
)

Key types

func GetKeyType 

func GetKeyType(key interface{}) (KeyType, error)

GetKeyType returns the key type for a given key

type Mode 

type Mode string

Mode of signature or encryption 

const (
	SignatureModeSha256Rsa   Mode = "sha256+rsa"
	SignatureModeSha256Ecdsa Mode = "sha256+ecdsa"
	SignatureModeSha256Hmac  Mode = "sha256+hmac"
)

Signature modes

type Signed 

type Signed struct {
	Message   string
	Mode      Mode
	Signature string
}

Signed represents a signature and related inputs

func NewSignature 

func NewSignature(mode Mode) *Signed

NewSignature returns a new Signed

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.