crypto

package
Version: v0.33.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 20, 2021 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Overview

Package crypto provides the all cryptographic functions used by the client (e.g. to encrypt/decrypt secrets).

Index

Constants

View Source
const (
	// DefaultSaltLength defines the recommended length of salts used in
	// key derivation algorithms. The minimum value recommended by Section
	// 4.1 of  RFC 2898, Password-Based Cryptography (September 2000), is
	// 8 octets (64-bits).
	//
	// As recommended by the RFC, two non-random octets (16 bits) are prepended
	// to the salt. These 16 bits define the 'salt purpose' and are used to
	// distinguish between between different algorithms (e.g. AES-GCM), key
	// lengths (e.g. 256 bits) and operation types (e.g. credential encryption).
	// This distinction ensures salts are never reused for different purposes.
	// So, whenever a salt or it's derived value is used, the salt's
	// purpose should be verified.
	//
	// Because salt length does not significantly impact performance, we have
	// chosen the salt length to be very long. With 32 octet (256 bits) long
	// salts, we don't have to worry about world-wide uniqueness and collisions
	// are only likely to occur after generating 2^128 salts according to the
	// Birthday Paradox.
	//
	// Summarizing the RFC, choosing a sufficiently large salt length has
	// the following two benefits:
	//
	// 1. 	It is difficult for an opponent to precompute all the keys
	//		corresponding to a dictionary of passwords, or even the most
	//		likely keys. An opponent is thus limited to searching for
	//		passwords after a password-based operation has been performed
	//		and the salt is known.
	//
	// 2.	It is unlikely that the same key will be selected twice. This
	//      addresses some of the concerns about interactions between
	//      multiple uses of the same key, which may apply for some
	//      encryption and authentication techniques.
	//
	// Read more about this in the RFC itself: https://www.ietf.org/rfc/rfc2898.txt
	DefaultSaltLength = 32

	// MinSaltLength defines the minimal salt length as 8 random octets.
	// See DefaultSaltLength for a more extensive explanation.
	MinSaltLength = 8
)
View Source
const (
	// SaltAlgoNone is defined here so it isn't left open
	// for potential initialization errors. Note that it is
	// not a valid algorithm.
	SaltAlgoNone      = 0x00
	SaltAlgoAES128GCM = 0x01
	SaltAlgoAES196GCM = 0x02
	SaltAlgoAES256GCM = 0x03
)

Salt algorithms

View Source
const (
	// SaltOperationNone is defined here so it isn't left open
	// for potential initialization errors. Note that it is
	// not a valid operation.
	SaltOperationNone                      = 0x00
	SaltOperationLocalCredentialEncryption = 0x01
	SaltOperationHTTPAuthentication        = 0x02
)

Salt operations

View Source
const (
	// DefaultScryptKeyLength defines the default key length (256 bits) of the derived key.
	DefaultScryptKeyLength = SymmetricKeyLength

	// DefaultScryptN is the work factor of the scrypt key derivation
	// function. Changing the work factor N linearly scales the memory
	// and CPU usage of the key derivation function. N must be a power
	// of 2 to allow for optimizations inside the algorithm using bit
	// masking.
	//
	// The value has been set to 2^15, which is the biggest power of two
	// that will run the scrypt key derivation function in approximately
	// 100ms on "most commodity workstations". The 100ms is the recommended
	// time cost for interactive use cases that won't bother the user, e.g.
	// typing in CLI commands and providing a passphrase each time which is
	// used to derive a key.
	//
	// Read more about the parameters, how they work and how to determine their values
	// in this blog post: https://blog.filippo.io/the-scrypt-parameters/
	//
	// Also, this the value recommended in the official GoDocs.
	DefaultScryptN = 1 << 15

	// DefaultScryptR determines the sequential read size of the scrypt
	// key derivation function. Together with the N parameter, the r
	// parameter determines the memory block size and number of hashing
	// iterations. However, it is recommended to only change the r parameter
	// if you know what you're doing and if you have custom hardware with
	// different memory characteristics. Use the N parameter instead to
	// increase or decrease work.
	//
	// The value has been set to 8, which is the value recommended in
	// the official GoDocs.
	DefaultScryptR = 8

	// DefaultScryptP determines the number of parallelizable iterations
	// if the scrypt key derivation function. Increasing the value of p
	// can be used to optimize for processing or memory cost, but it cannot
	// be used to decrease the wall-clock-time of the key derivation
	// function. Use the N parameter for that.
	//
	// The value has been set to 1, which is the value recommended in
	// the official GoDocs.
	DefaultScryptP = 1
)
View Source
const (
	// HMACSize defines the number of bytes in the resulting hash,
	//  i.e. the number of bits divided by 8.
	HMACSize = SymmetricKeyLength

	// SymmetricKeyLength defines number of bytes to use as key length (256 bits)
	// for symmetric encryption, i.e. the number of bits divided by 8.
	SymmetricKeyLength = sha256.Size // 32
)
View Source
const (
	// RSAKeyLength defines the number of bits to use as key length for RSA keys.
	//
	// The size of 4096 bits has been chosen because 2048 bits is assumed to
	// last up to the year 2020. Have a look at https://keylength.org
	// Additionally, because 2048 bits and 4096 bits are the most commonly used
	// key lengths, we expect those key lengths to be more future proof in terms
	// of usability and we expect (more) efficient implementations to be developed
	// for those key lengths over less frequently used ones (e.g. 3072).
	RSAKeyLength = 4096
)

Variables

View Source
var (
	ErrInvalidCiphertext = errCrypto.Code("invalid_ciphertext").Error("ciphertext contains invalid data")
	ErrWrongAlgorithm    = errCrypto.Code("wrong_algorithm").Error("unexpected algorithm of the encoded ciphertext")
	ErrInvalidMetadata   = errCrypto.Code("invalid_metadata").Error("metadata of encrypted key is invalid")
)

Errors

View Source
var (
	ErrCannotDecryptKey       = errCrypto.Code("decrypt_error").ErrorPref("cannot decrypt key: %s")
	ErrIncorrectPassphrase    = errCrypto.Code("incorrect_passphrase").Error("cannot decrypt key: passphrase is incorrect")
	ErrNoPassphraseProvided   = errCrypto.Code("no_passphrase_provided").Error("cannot decode key: no passphrase provided")
	ErrDecryptionUnarmoredKey = errCrypto.Code("decryption_unarmored_key").Error("cannot decode key: trying to decrypt unarmored key")
)

Errors

View Source
var (
	ErrGenerateRSAKey                  = errCrypto.Code("rsa_generate_fail").Error("could not generate RSA key")
	ErrRSADecrypt                      = errCrypto.Code("rsa_decrypt_failed").ErrorPref("could not decrypt data: %s")
	ErrRSAEncrypt                      = errCrypto.Code("rsa_encrypt_failed").ErrorPref("could not encrypt data: %s")
	ErrNoKeyInFile                     = errCrypto.Code("no_key_in_file").Error("no key found in file")
	ErrMultipleKeysInFile              = errCrypto.Code("multiple_keys_in_file").Error("multiple keys found in file")
	ErrNotPKCS1Format                  = errCrypto.Code("key_wrong_format").Error("key must be in pkcs1 format")
	ErrNoPublicKeyFoundInImport        = errCrypto.Code("no_public_key_in_import").Error("no public key found in import")
	ErrMultiplePublicKeysFoundInImport = errCrypto.Code("multiple_public_keys_in_import").Error("multiple public keys found in import")
	ErrKeyTypeNotSupported             = errCrypto.Code("key_type_not_supported").Error("key type is not supported")
	ErrEmptyPassphrase                 = errCrypto.Code("empty_passphrase").Error("passphrase is empty")

	ErrEmptyPublicKey = errors.New("public key should not be empty")
)

Errors

View Source
var (
	ErrInvalidSalt          = errCrypto.Code("invalid_salt").Error("salt must contain 2 purpose bytes and at least 8 bytes (64 bits) random bits")
	ErrInvalidSaltPurpose   = errCrypto.Code("invalid_salt_purpose").Error("salt purpose is invalid")
	ErrInvalidSaltOperation = errCrypto.Code("invalid_salt_operation").Error("salt operation type is invalid")
	ErrInvalidSaltAlgo      = errCrypto.Code("invalid_salt_algo").Error("salt algorithm is invalid")
)

Errors

View Source
var (
	ErrInvalidKeyLength = errCrypto.Code("invalid_key_length").Error("key length must be either 16, 24, or 32 bytes long (128, 196 or 256 bits)")
	ErrInvalidN         = errCrypto.Code("invalid_n").Error("scrypt parameter N must be a power of 2 and at least 2^15")
	ErrInvalidR         = errCrypto.Code("invalid_r").Error("scrypt parameter r must be 8")
	ErrInvalidP         = errCrypto.Code("invalid_p").Error("scrypt parameter p must be 1")
)

Errors

View Source
var (
	ErrInvalidCipher = errCrypto.Code("aes_cipher_invalid").ErrorPref("cipher is invalid: %v")
	ErrAESDecrypt    = errCrypto.Code("aes_decrypt_failed").ErrorPref("could not decrypt data: %s")
	ErrAESEncrypt    = errCrypto.Code("aes_encrypt_failed").ErrorPref("could not encrypt data: %s")
)

Errors

Functions

func IsWrongKey

func IsWrongKey(err error) bool

IsWrongKey returns true when the error can be the result of a wrong key being used for decryption.

func SHA256 added in v0.25.0

func SHA256(in []byte) []byte

SHA256 creates a SHA256 hash of the given bytes.

func ValidatePassphrase

func ValidatePassphrase(passphrase []byte) error

ValidatePassphrase validates that a passphrase isn't empty.

func Verify

func Verify(encodedPublicKey, message, signature []byte) error

Verify decodes the given public key and returns nil when the given signature is the result of hashing the given message and signing it with the private key that corresponds to the given public key. It returns an error when the signature is not valid (for this public key).

Types

type CiphertextAES

type CiphertextAES struct {
	Data  []byte
	Nonce []byte
}

CiphertextAES represents data encrypted with AES-GCM.

func DecodeCiphertextAESFromString added in v0.18.0

func DecodeCiphertextAESFromString(s string) (CiphertextAES, error)

DecodeCiphertextAESFromString decodes an encoded ciphertext string to an CiphertextAES.

func (CiphertextAES) EncodeToString added in v0.18.0

func (ct CiphertextAES) EncodeToString() string

EncodeToString encodes the ciphertext in a string.

func (CiphertextAES) MarshalJSON

func (ct CiphertextAES) MarshalJSON() ([]byte, error)

MarshalJSON encodes the ciphertext in JSON.

func (*CiphertextAES) UnmarshalJSON

func (ct *CiphertextAES) UnmarshalJSON(b []byte) error

UnmarshalJSON decodes JSON into a ciphertext.

type CiphertextRSA

type CiphertextRSA struct {
	Data []byte
}

CiphertextRSA represents data encrypted with RSA-OAEP.

func DecodeCiphertextRSAFromString added in v0.18.0

func DecodeCiphertextRSAFromString(s string) (CiphertextRSA, error)

DecodeCiphertextRSAFromString decodes an encoded ciphertext string to an CiphertextRSA.

func (CiphertextRSA) EncodeToString added in v0.18.0

func (ct CiphertextRSA) EncodeToString() string

EncodeToString encodes the ciphertext in a string.

func (CiphertextRSA) MarshalJSON

func (ct CiphertextRSA) MarshalJSON() ([]byte, error)

MarshalJSON encodes the ciphertext in JSON.

func (*CiphertextRSA) UnmarshalJSON

func (ct *CiphertextRSA) UnmarshalJSON(b []byte) error

UnmarshalJSON decodes JSON into a ciphertext.

type CiphertextRSAAES

type CiphertextRSAAES struct {
	AES CiphertextAES
	RSA CiphertextRSA
}

CiphertextRSAAES represents data encrypted with AES-GCM, where the AES key is encrypted with RSA-OAEP.

func DecodeCiphertextRSAAESFromString added in v0.18.0

func DecodeCiphertextRSAAESFromString(s string) (CiphertextRSAAES, error)

DecodeCiphertextRSAAESFromString decodes an encoded ciphertext string to an CiphertextRSAAES.

func (CiphertextRSAAES) EncodeToString added in v0.18.0

func (ct CiphertextRSAAES) EncodeToString() string

EncodeToString encodes the ciphertext in a string.

func (CiphertextRSAAES) MarshalJSON

func (ct CiphertextRSAAES) MarshalJSON() ([]byte, error)

MarshalJSON encodes the ciphertext in JSON.

func (*CiphertextRSAAES) UnmarshalJSON

func (ct *CiphertextRSAAES) UnmarshalJSON(b []byte) error

UnmarshalJSON decodes JSON into a ciphertext.

type PEMKey

type PEMKey struct {
	// contains filtered or unexported fields
}

PEMKey contains a PEM encoded key and provides decode functions to RSAPrivateKey. Note that PEM encoded keys will be deprecated, so only decoding functions remain in the code base. To encode keys, check out RSAPrivateKey.Export instead.

func ReadPEM

func ReadPEM(key []byte) (*PEMKey, error)

ReadPEM reads a single PEM key from a []byte.

func (PEMKey) Decode

func (k PEMKey) Decode() (RSAPrivateKey, error)

Decode decodes the pem key to an RSA Key. If the key is encrypted it returns ErrNoPassphraseProvided and Decrypt should have been called. Use IsEncrypted to determine whether to Decrypt or only Decode the key.

func (*PEMKey) Decrypt

func (k *PEMKey) Decrypt(password []byte) (RSAPrivateKey, error)

Decrypt decrypts the key using the password and decodes the PEM key to an RSA Key. If the key is not encrypted it returns ErrDecryptionUnarmoredKey and Decode should have been called instead. Use IsEncrypted to determine whether to Decrypt or only Decode the key.

func (PEMKey) IsEncrypted

func (k PEMKey) IsEncrypted() bool

IsEncrypted checks if the key is encrypted or not. This can be useful for determining whether to Decrypt or Decode the key.

type RSAPrivateKey

type RSAPrivateKey struct {
	// contains filtered or unexported fields
}

RSAPrivateKey provides asymmetric decryption and signing functionality using the RSA algorithm. For encryption and signature verification, see RSAPublicKey instead.

func GenerateRSAPrivateKey

func GenerateRSAPrivateKey(length int) (RSAPrivateKey, error)

GenerateRSAPrivateKey generates a new RSA key with the given key length.

func ImportRSAPrivateKeyPEM

func ImportRSAPrivateKeyPEM(privateKey []byte) (RSAPrivateKey, error)

ImportRSAPrivateKeyPEM decodes a given PEM encoded private key into an RSA private key.

func NewRSAPrivateKey

func NewRSAPrivateKey(privateKey *rsa.PrivateKey) RSAPrivateKey

NewRSAPrivateKey is used to construct an RSA key from the given private key. Use GenerateRSAPrivateKey to randomly generate a new RSA key.

func (RSAPrivateKey) Decrypt

func (prv RSAPrivateKey) Decrypt(ciphertext CiphertextRSAAES) ([]byte, error)

Decrypt uses the private key to decrypt the provided ciphertext, returning the resulting decrypted bytes. In order to decrypt the given ciphertext, it first unwraps the encrypted symmetric key using the RSA-OAEP algorithm and then uses the decrypted symmetric key to decrypt the rest of the ciphertext with the AES-GCM algorithm.

func (RSAPrivateKey) Encode added in v0.21.0

func (prv RSAPrivateKey) Encode() []byte

Export returns the private key in ASN.1 DER encoded format.

func (RSAPrivateKey) ExportPEM

func (prv RSAPrivateKey) ExportPEM() ([]byte, error)

ExportPEM returns the private key in PEM encoded format. After using ExportPEM, make sure to keep the result private.

func (RSAPrivateKey) ExportPrivateKeyWithPassphrase

func (prv RSAPrivateKey) ExportPrivateKeyWithPassphrase(pass string) ([]byte, error)

ExportPrivateKeyWithPassphrase exports the rsa private key in a PKIX pem encoded format, encrypted with the given passphrase.

Note that this function will be deprecated. Use Export instead.

func (RSAPrivateKey) Public

func (prv RSAPrivateKey) Public() RSAPublicKey

Public returns the public part of the RSA key pair.

func (RSAPrivateKey) ReWrapBytes

func (prv RSAPrivateKey) ReWrapBytes(pub RSAPublicKey, encData []byte) ([]byte, error)

ReWrapBytes uses the private key to re-encrypt a small number of encrypted bytes for the given public key. Note that this function will be deprecated. Directly use Unwrap and Wrap when possible.

func (RSAPrivateKey) Sign

func (prv RSAPrivateKey) Sign(message []byte) ([]byte, error)

Sign creates a SHA256 hash of the given message and uses the private key to sign the hash, returning the resulting signature.

func (RSAPrivateKey) Unwrap

func (prv RSAPrivateKey) Unwrap(ciphertext CiphertextRSA) ([]byte, error)

Unwrap uses the private key to decrypt a small ciphertext that has been encrypted with the RSA-OAEP algorithm, returning the resulting decrypted bytes. Note that this should only be used for ciphertexts encrypted with RSA-OAEP. Use the Decrypt function for decrypting large ciphertexts.

func (RSAPrivateKey) UnwrapBytes

func (prv RSAPrivateKey) UnwrapBytes(encryptedData []byte) ([]byte, error)

UnwrapBytes uses the private key to decrypt a small number of encrypted bytes with the RSA-OAEP algorithm, returning the resulting decrypted bytes. Note that this function will be deprecated. Directly use Unwrap instead when possible.

type RSAPublicKey

type RSAPublicKey struct {
	// contains filtered or unexported fields
}

RSAPublicKey provides asymmetric encryption and signature verification functions.

func ImportRSAPublicKey

func ImportRSAPublicKey(encodedPublicKey []byte) (RSAPublicKey, error)

ImportRSAPublicKey decodes a PEM encoded RSA public key into a public key that can be used for encryption and signature verification.

func (RSAPublicKey) Encode added in v0.21.0

func (pub RSAPublicKey) Encode() ([]byte, error)

Encode uses PEM encoding to encode the public key as bytes so it can be easily stored and transferred between systems.

func (RSAPublicKey) Encrypt

func (pub RSAPublicKey) Encrypt(data []byte) (CiphertextRSAAES, error)

Encrypt uses the public key to encrypt given data with the RSA-OAEP algorithm, returning the resulting ciphertext. In order to encrypt the given bytes, it first generates a random symmetric key and uses the AES-GCM algorithm to encrypt the data. Then, it uses the RSA public key to encrypt the intermediate symmetric key with the RSA-OAEP algorithm and combines both ciphertexts into one result.

func (RSAPublicKey) Fingerprint

func (pub RSAPublicKey) Fingerprint() (string, error)

Fingerprint returns the SHA256 hash of the public key, encoded as a hexadecimal string.

func (RSAPublicKey) MaxWrapSize

func (pub RSAPublicKey) MaxWrapSize() int

MaxWrapSize returns the maximum number of bytes that can be used as input of the Wrap function. To encrypt an arbitrary number of bytes, use the Encrypt function instead.

The maximum size for RSA-OAEP is defined RFC8017 section 7.1.1 and is related to the key length used and padding overhead of the encryption and hashing algorithms chosen.

func (RSAPublicKey) Verify

func (pub RSAPublicKey) Verify(message, signature []byte) error

Verify returns nil when the given signature is the result of hashing the given message and signing it with the private key that corresponds to this public key. It returns an error when the signature is not valid (for this public key).

func (RSAPublicKey) Wrap

func (pub RSAPublicKey) Wrap(data []byte) (CiphertextRSA, error)

Wrap uses the public key to encrypt a small number of bytes with the RSA-OAEP algorithm, returning the resulting ciphertext. The number of bytes may not exceed the maximum input length of the key, which can be calculated using the MaxWrapSize function. To encrypt an arbitrary number of bytes, use the Encrypt function instead.

func (RSAPublicKey) WrapBytes

func (pub RSAPublicKey) WrapBytes(data []byte) ([]byte, error)

WrapBytes uses the public key to encrypt a small number of bytes with the RSA-OAEP algorithm, returning the resulting encrypted bytes. Note that this function will be deprecated soon, so use Wrap instead.

type Salt

type Salt []byte

Salt defines a cryptographic salt to be used for key derivation functions, encryption schemes or message authentication schemes.

func (Salt) Purpose

func (s Salt) Purpose() SaltPurpose

Purpose returns a salt's purpose octet.

func (Salt) Validate

func (s Salt) Validate() error

Validate validates a salt.

type SaltAlgo

type SaltAlgo byte

SaltAlgo distinguishes between different algorithms and different key lengths for which the salt should be used.

func (SaltAlgo) Alg

func (sa SaltAlgo) Alg() string

Alg returns the algorithm to be used for the salt's designated algorithm.

func (SaltAlgo) KeyLen

func (sa SaltAlgo) KeyLen() int

KeyLen returns the key length to be used for the salt's designated algorithm.

func (SaltAlgo) Validate

func (sa SaltAlgo) Validate() error

Validate validates a salt algorithm.

type SaltOperation

type SaltOperation byte

SaltOperation distinguishes between different operations for which a salt should be used.

func (SaltOperation) String

func (so SaltOperation) String() string

func (SaltOperation) Validate

func (so SaltOperation) Validate() error

Validate validates a salt operation.

type SaltPurpose

type SaltPurpose struct {
	Algo      SaltAlgo
	Operation SaltOperation
}

SaltPurpose distinguishes between different use cases for which a salt should be used, distinguishing between algorithms, key lengths and operation types.

func (SaltPurpose) Bytes

func (sp SaltPurpose) Bytes() []byte

Bytes returns the byte representation of a salt purpose.

func (SaltPurpose) Validate

func (sp SaltPurpose) Validate() error

Validate validates a salt purpose.

func (SaltPurpose) Verify

func (sp SaltPurpose) Verify(keyLen int, alg string, operation SaltOperation) error

Verify verifies whether a salt is intended for a given algorithm, key length, and operation type, returning an error when it is not.

func (SaltPurpose) VerifyAlgo

func (sp SaltPurpose) VerifyAlgo(keyLen int, alg string) error

VerifyAlgo verifies whether a salt is intended for a given algorithm and key length, returning an error when it is not.

type ScryptKey

type ScryptKey struct {
	KeyLen int
	Salt   Salt
	N      int
	R      int
	P      int
	// contains filtered or unexported fields
}

ScryptKey is a key derived using the scrypt algorithm with configured parameters.

func DeriveScryptKey

func DeriveScryptKey(passphrase []byte, salt Salt, N, r, p, keyLen int) (*ScryptKey, error)

DeriveScryptKey derives a key using the scrypt algorithm with the given parameters.

func GenerateScryptKey

func GenerateScryptKey(passphrase []byte) (*ScryptKey, error)

GenerateScryptKey derives a key from a passphrase, using the default parameters and a randomly generated salt for the key derivation function. To use other parameters or to supply an elsewhere generated salt, use DeriveScryptKey.

func (*ScryptKey) Decrypt

func (k *ScryptKey) Decrypt(ciphertext CiphertextAES, operation SaltOperation) ([]byte, error)

Decrypt uses the key with the provided nonce to decrypt a given ciphertext with the AES-GCM algorithm, returning the resulting decrypted bytes. The key's salt purpose must allow for the given operation.

func (*ScryptKey) Encrypt

func (k *ScryptKey) Encrypt(data []byte, operation SaltOperation) (CiphertextAES, error)

Encrypt uses the key to encrypt given bytes with the AES-GCM algorithm, returning the resulting ciphertext. The key's salt purpose must allow for the given operation.

func (ScryptKey) Validate

func (k ScryptKey) Validate() error

Validate validates the key's parameters.

type SymmetricKey

type SymmetricKey struct {
	// contains filtered or unexported fields
}

SymmetricKey provides symmetric encryption functions.

func GenerateSymmetricKey

func GenerateSymmetricKey() (*SymmetricKey, error)

GenerateSymmetricKey generates a 256-bit symmetric key.

func NewSymmetricKey

func NewSymmetricKey(key []byte) *SymmetricKey

NewSymmetricKey is used to construct a symmetric key from given bytes. Make sure the key bytes have enough entropy. When in doubt, use GenerateSymmetricKey instead.

func (*SymmetricKey) Decrypt

func (k *SymmetricKey) Decrypt(ciphertext CiphertextAES) ([]byte, error)

Decrypt uses the key to decrypt a given ciphertext with the AES-GCM algorithm, returning the decrypted bytes.

func (*SymmetricKey) Encrypt

func (k *SymmetricKey) Encrypt(data []byte) (CiphertextAES, error)

Encrypt uses the key to encrypt given data with the AES-GCM algorithm, returning the resulting ciphertext.

func (*SymmetricKey) Export

func (k *SymmetricKey) Export() []byte

Export returns the bytes that form the basis of the symmetric key. After using Export, make sure to keep the result private.

func (SymmetricKey) HMAC

func (k SymmetricKey) HMAC(data []byte) ([]byte, error)

HMAC uses the key to create a Hash-based Message Authentication Code of the given data with the SHA256 hashing algorithm, returning the given hash bytes.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL