paseto

package module
v2.0.0-alpha1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 2, 2024 License: MIT Imports: 23 Imported by: 0

README

Go Paseto Go-Paseto

A Go implementation of PASETO.

Paseto is everything you love about JOSE (JWT, JWE, JWS) without any of the many design deficits that plague the JOSE standards.

Contents

What is Paseto?

Paseto (Platform-Agnostic SEcurity TOkens) is a specification for secure stateless tokens.

Key Differences between Paseto and JWT

Unlike JSON Web Tokens (JWT), which gives developers more than enough rope with which to hang themselves, Paseto only allows secure operations. JWT gives you "algorithm agility", Paseto gives you "versioned protocols". It's incredibly unlikely that you'll be able to use Paseto in an insecure way.

Caution: Neither JWT nor Paseto were designed for stateless session management. Paseto is suitable for tamper-proof cookies, but cannot prevent replay attacks by itself.

Installation

go get -u aidanwoods.dev/go-paseto

Overview of the Go library

Okay, let's create a token:

token := paseto.NewToken()

token.SetIssuedAt(time.Now())
token.SetNotBefore(time.Now())
token.SetExpiration(time.Now().Add(2 * time.Hour))

token.SetString("user-id", "<uuid>")

Now encrypt it:

key := paseto.NewV4SymmetricKey() // don't share this!!

encrypted := token.V4Encrypt(key, nil)

Or sign it (this allows recievers to verify it without sharing secrets):


secretKey := paseto.NewV4AsymmetricSecretKey() // don't share this!!!
publicKey := secretKey.Public() // DO share this one

signed := token.V4Sign(secretKey, nil)

To handle a recieved token, let's use an example from Paseto's test vectors:

The Paseto token is as follows

v4.public.eyJkYXRhIjoidGhpcyBpcyBhIHNpZ25lZCBtZXNzYWdlIiwiZXhwIjoiMjAyMi0wMS0wMVQwMDowMDowMCswMDowMCJ9v3Jt8mx_TdM2ceTGoqwrh4yDFn0XsHvvV_D0DtwQxVrJEBMl0F2caAdgnpKlt4p7xBnx1HcO-SPo8FPp214HDw.eyJraWQiOiJ6VmhNaVBCUDlmUmYyc25FY1Q3Z0ZUaW9lQTlDT2NOeTlEZmdMMVc2MGhhTiJ9

And the public key, given in hex is:

1eb9dbbbbc047c03fd70604e0071f0987e16b28b757225c11f00415d0e20b1a2

Importing a public key, and then verifying a token:

publicKey, err := paseto.NewV4AsymmetricPublicKeyFromHex("1eb9dbbbbc047c03fd70604e0071f0987e16b28b757225c11f00415d0e20b1a2") // this wil fail if given key in an invalid format
signed := "v4.public.eyJkYXRhIjoidGhpcyBpcyBhIHNpZ25lZCBtZXNzYWdlIiwiZXhwIjoiMjAyMi0wMS0wMVQwMDowMDowMCswMDowMCJ9v3Jt8mx_TdM2ceTGoqwrh4yDFn0XsHvvV_D0DtwQxVrJEBMl0F2caAdgnpKlt4p7xBnx1HcO-SPo8FPp214HDw.eyJraWQiOiJ6VmhNaVBCUDlmUmYyc25FY1Q3Z0ZUaW9lQTlDT2NOeTlEZmdMMVc2MGhhTiJ9"

parser := paseto.NewParserWithoutExpiryCheck() // only used because this example token has expired, use NewParser() (which checks expiry by default)
token, err := parser.ParseV4Public(publicKey, signed, nil) // this will fail if parsing failes, cryptographic checks fail, or validation rules fail

// the following will succeed
require.JSONEq(t,
    "{\"data\":\"this is a signed message\",\"exp\":\"2022-01-01T00:00:00+00:00\"}",
    string(token.ClaimsJSON()),
)
require.Equal(t,
    "{\"kid\":\"zVhMiPBP9fRf2snEcT7gFTioeA9COcNy9DfgL1W60haN\"}",
    string(token.Footer()),
)
require.NoError(t, err)

Supported Claims Validators

The following validators are supported:

func ForAudience(audience string) Rule
func IdentifiedBy(identifier string) Rule
func IssuedBy(issuer string) Rule
func NotExpired() Rule
func Subject(subject string) Rule
func ValidAt(t time.Time) Rule

A token using claims all the claims which can be validated can be constructed as follows:

token := paseto.NewToken()

token.SetAudience("audience")
token.SetJti("identifier")
token.SetIssuer("issuer")
token.SetSubject("subject")

token.SetExpiration(time.Now().Add(time.Minute))
token.SetNotBefore(time.Now())
token.SetIssuedAt(time.Now())

secretKeyHex := "b4cbfb43df4ce210727d953e4a713307fa19bb7d9f85041438d9e11b942a37741eb9dbbbbc047c03fd70604e0071f0987e16b28b757225c11f00415d0e20b1a2"
secretKey, _ := paseto.NewV4AsymmetricSecretKeyFromHex(secretKeyHex)

signed := token.V4Sign(secretKey, nil)

The token in signed can then be validated using a public key as follows:

parser := paseto.NewParser()
parser.AddRule(paseto.ForAudience("audience"))
parser.AddRule(paseto.IdentifiedBy("identifier"))
parser.AddRule(paseto.IssuedBy("issuer"))
parser.AddRule(paseto.Subject("subject"))
parser.AddRule(paseto.NotExpired())
parser.AddRule(paseto.ValidAt(time.Now()))

publicKeyHex := "1eb9dbbbbc047c03fd70604e0071f0987e16b28b757225c11f00415d0e20b1a2"
publicKey, err := paseto.NewV4AsymmetricPublicKeyFromHex(publicKeyHex)
if err != nil {
    // panic or deal with error of invalid key
}

parsedToken, err := parser.ParseV4Public(publicKey, signed, nil)
if err != nil {
    // deal with error of token which failed to be validated, or cryptographically verified
}

If everything succeeds, the value in parsedToken will be equivalent to that in token.

Supported Paseto Versions

Version 4

Version 4 is fully supported.

Version 3

Version 3 is fully supported.

Version 2

Version 2 is fully supported.

Supported Go Versions

Only officially supported versions of Go will be supported by Go Paseto. Versions of Go which have recently gone out of support may continue to work with this library for some time, however this is not guarenteed and should not be relied on.

When support for an out of date version of Go is dropped, this will be done as part of a minor version bump.

Documentation

Overview

A Go implementation of PASETO. Paseto is everything you love about JOSE (JWT, JWE, JWS) without any of the many design deficits that plague the JOSE standards.

Index

Constants

This section is empty.

Variables

View Source 
var (
	// V2Local represents a v2 protocol in local mode
	V2Local = Protocol{Version2, Local}
	// V2Public represents a v2 protocol in public mode
	V2Public = Protocol{Version2, Public}
	// V3Local represents a v3 protocol in local mode
	V3Local = Protocol{Version3, Local}
	// V3Public represents a v3 protocol in public mode
	V3Public = Protocol{Version3, Public}
	// V4Local represents a v4 protocol in local mode
	V4Local = Protocol{Version4, Local}
	// V4Public represents a v4 protocol in public mode
	V4Public = Protocol{Version4, Public}
)
View Source 
var ForAudience = ForAudienceT[Token]

ForAudience requires that the given audience matches the "aud" field of the token.

View Source 
var IdentifiedBy = IdentifiedByT[Token]

IdentifiedBy requires that the given identifier matches the "jti" field of the token.

View Source 
var IssuedBy = IssuedByT[Token]

IssuedBy requires that the given issuer matches the "iss" field of the token.

View Source 
var NotBeforeNbf = NotBeforeNbfT[Token]

NotBeforeNbf requires that the token is allowed to be used according to the time when this rule is checked and the not before field of a token. Beware that this rule does not validate the token's issued at or expiration fields, or even require their presence.

View Source 
var NotExpired = NotExpiredT[Token]

NotExpired requires that the token has not expired according to the time when this rule is checked and the expiration field of a token. Beware that this rule does not validate the token's issued at or not before fields, or even require their presence.

View Source 
var Subject = SubjectT[Token]

Subject requires that the given subject matches the subject field of the token.

View Source 
var ValidAt = ValidAtT[Token]

ValidAt requires that the token has not expired according to the given time and the expiration field, and that the given time is both after the token's issued at time, and the token's not before time.

Functions

func Get 

func Get[T any](token Token, key string) t.Result[T]

Types

type Parser 

type Parser[T any] struct {
	// contains filtered or unexported fields
}

Parser is used to verify or decrypt a token, and can be provided with a set of rules.

func MakeParser 

func MakeParser(rules []Rule[Token]) Parser[Token]

MakeParser allows a parser to be constructed with a specified set of rules.

func MakeParserT 

func MakeParserT[T any](decoder TokenDecoder[T], rules []Rule[T]) Parser[T]

MakeParser allows a parser to be constructed with a specified set of rules.

func NewParser 

func NewParser() Parser[Token]

NewParser returns a parser with NotExpired rule preloaded.

func NewParserForValidNow 

func NewParserForValidNow() Parser[Token]

NewParserForValidNow returns a parser that will require parsed tokens to be valid "now".

func NewParserT 

func NewParserT[T TokenExpiration](decoder TokenDecoder[T]) Parser[T]

NewParser returns a parser with NotExpired rule preloaded.

func NewParserWithoutExpiryCheck 

func NewParserWithoutExpiryCheck() Parser[Token]

NewParserWithoutExpiryCheck returns a parser with no currently set rules.

func (*Parser[T]) AddRule 

func (p *Parser[T]) AddRule(rule ...Rule[T])

AddRule will add the given rule(s) to any already specified.

func (Parser[T]) ParseV2Local 

func (p Parser[T]) ParseV2Local(key V2SymmetricKey, tainted string) (*T, error)

ParseV2Local will parse and decrypt a v2 local paseto and validate against any parser rules. Error if parsing, decryption, or any rule fails.

func (Parser[T]) ParseV2Public 

func (p Parser[T]) ParseV2Public(key V2AsymmetricPublicKey, tainted string) (*T, error)

ParseV2Public will parse and verify a v2 public paseto and validate against any parser rules. Error if parsing, verification, or any rule fails.

func (Parser[T]) ParseV3Local 

func (p Parser[T]) ParseV3Local(key V3SymmetricKey, tainted string, implicit []byte) (*T, error)

ParseV3Local will parse and decrypt a v3 local paseto and validate against any parser rules. Error if parsing, decryption, or any rule fails.

func (Parser[T]) ParseV3Public 

func (p Parser[T]) ParseV3Public(key V3AsymmetricPublicKey, tainted string, implicit []byte) (*T, error)

ParseV3Public will parse and verify a v3 public paseto and validate against any parser rules. Error if parsing, verification, or any rule fails.

func (Parser[T]) ParseV4Local 

func (p Parser[T]) ParseV4Local(key V4SymmetricKey, tainted string, implicit []byte) (*T, error)

ParseV4Local will parse and decrypt a v4 local paseto and validate against any parser rules. Error if parsing, decryption, or any rule fails.

func (Parser[T]) ParseV4Public 

func (p Parser[T]) ParseV4Public(key V4AsymmetricPublicKey, tainted string, implicit []byte) (*T, error)

ParseV4Public will parse and verify a v4 public paseto and validate against any parser rules. Error if parsing, verification, or any rule fails.

func (*Parser[T]) SetRules 

func (p *Parser[T]) SetRules(rules []Rule[T])

SetRules will overwrite any currently set rules with those specified.

func (Parser[T]) UnsafeParseFooter 

func (p Parser[T]) UnsafeParseFooter(protocol Protocol, tainted string) ([]byte, error)

UnsafeParseFooter returns the footer of a Paseto message. Beware that this footer is not cryptographically verified at this stage, nor are any claims validated.

type Protocol 

type Protocol struct {
	// contains filtered or unexported fields
}

Protocol represents a set of cryptographic operations for paseto

func NewProtocol 

func NewProtocol(version Version, purpose Purpose) (Protocol, error)

NewProtocol creates a new protocol with a given version and purpose (both must be valid)

func (Protocol) Header 

func (p Protocol) Header() string

Header computes the header for the protocol

func (Protocol) Purpose 

func (p Protocol) Purpose() Purpose

Purpose returns the purpose for a protocol

func (Protocol) Version 

func (p Protocol) Version() Version

Version returns the version for a protocol

type Purpose 

type Purpose string

Purpose represents either local or public paseto mode 

const (
	// Local is a paseto mode which encrypts the token
	Local Purpose = "local"
	// Public is a paseto mode which signs the token
	Public Purpose = "public"
)

type Rule 

type Rule[T any] func(token T) error

Rule validates a given token for certain required preconditions (defined by the rule itself). If validation fails a Rule MUST return an error, otherwise error MUST be nil.

func ForAudienceT 

func ForAudienceT[T TokenAudience](audience string) Rule[T]

ForAudienceT requires that the given audience matches the audience field of the token.

func IdentifiedByT 

func IdentifiedByT[T TokenJti](identifier string) Rule[T]

IdentifiedByT requires that the given identifier matches the jti field of the token.

func IssuedByT 

func IssuedByT[T TokenIssuer](issuer string) Rule[T]

IssuedByT requires that the given issuer matches the issuer field of the token.

func NotBeforeNbfT 

func NotBeforeNbfT[T TokenNotBefore]() Rule[T]

NotBeforeNbfT requires that the token is allowed to be used according to the time when this rule is checked and the not before field of a token. Beware that this rule does not validate the token's issued at or expiration fields, or even require their presence.

func NotExpiredT 

func NotExpiredT[T TokenExpiration]() Rule[T]

NotExpiredT requires that the token has not expired according to the time when this rule is checked and the expiration field of a token. Beware that this rule does not validate the token's issued at or not before fields, or even require their presence.

func SubjectT 

func SubjectT[T TokenSubject](subject string) Rule[T]

SubjectT requires that the given subject matches the subject field of the token.

func ValidAtT 

func ValidAtT[T TokenValidAt](t time.Time) Rule[T]

ValidAtT requires that the token has not expired according to the given time and the expiration field, and that the given time is both after the token's issued at time, and the token's not before time.

type RuleError 

type RuleError struct {
	// contains filtered or unexported fields
}

Any error which is the result of a rule failure (distinct from a TokenError) Can be used to detect cryptographically valid tokens which have failed only due to a rule failure: which may warrant a slightly different processing follow up.

func (RuleError) Error 

func (e RuleError) Error() string

func (RuleError) Is 

func (_ RuleError) Is(e error) bool

func (RuleError) Unwrap 

func (e RuleError) Unwrap() error

type Token 

type Token struct {
	// contains filtered or unexported fields
}

Token is a set of paseto claims, and a footer

func MakeToken 

func MakeToken(claims map[string]interface{}, footer []byte) (*Token, error)

MakeToken allows specifying both claims and a footer.

func NewToken 

func NewToken() Token

NewToken returns a token with no claims and no footer.

func NewTokenFromClaimsJSON 

func NewTokenFromClaimsJSON(claimsData []byte, footer []byte) (*Token, error)

NewTokenFromClaimsJSON parses the JSON using encoding/json in claimsData and returns a token with those claims, and the specified footer.

func StdDecoder 

func StdDecoder(caf TokenClaimsAndFooter) (*Token, error)

func (Token) Claims 

func (t Token) Claims() map[string]interface{}

Claims gets the stored claims.

func (Token) ClaimsJSON 

func (token Token) ClaimsJSON() []byte

ClaimsJSON gets the stored claims as JSON.

func (Token) Footer 

func (t Token) Footer() []byte

Footer returns the token's footer

func (Token) Get 

func (t Token) Get(key string, output any) (err error)

Get gets the given key and writes the value into output (which should be a a pointer), if present by parsing the JSON using encoding/json.

func (Token) GetAudience 

func (t Token) GetAudience() (string, error)

GetAudience returns the token's "aud" field, or error if not found or not a string.

func (Token) GetExpiration 

func (t Token) GetExpiration() (time.Time, error)

GetExpiration returns the token's "exp" field, or error if not found or not a a RFC3339 compliant time.

func (Token) GetIssuedAt 

func (t Token) GetIssuedAt() (time.Time, error)

GetIssuedAt returns the token's "iat" field, or error if not found or not a a RFC3339 compliant time.

func (Token) GetIssuer 

func (t Token) GetIssuer() (string, error)

GetIssuer returns the token's "iss" field, or error if not found or not a string.

func (Token) GetJti 

func (t Token) GetJti() (string, error)

GetJti returns the token's "jti" field, or error if not found or not a string.

func (Token) GetNotBefore 

func (t Token) GetNotBefore() (time.Time, error)

GetNotBefore returns the token's "nbf" field, or error if not found or not a a RFC3339 compliant time.

func (Token) GetString 

func (t Token) GetString(key string) (string, error)

GetString returns the value for a given key as a string, or error if this is not possible (cannot be a string, or value does not exist)

func (Token) GetSubject 

func (t Token) GetSubject() (string, error)

GetSubject returns the token's "sub" field, or error if not found or not a string.

func (Token) GetTime 

func (t Token) GetTime(key string) (time.Time, error)

GetTime returns the time for a given key as a string, or error if this is not possible (cannot parse as a time, or value does not exist)

func (*Token) Set 

func (token *Token) Set(key string, value any) error

Set sets the key with the specified value. Note that this value needs to be serialisable to JSON using encoding/json. Set will check this and return an error if it is not serialisable.

func (*Token) SetAudience 

func (t *Token) SetAudience(audience string)

SetAudience sets the token's "aud" field.

func (*Token) SetExpiration 

func (t *Token) SetExpiration(exp time.Time)

SetExpiration sets the token's "exp" field.

func (*Token) SetFooter 

func (t *Token) SetFooter(footer []byte)

SetFooter sets the token's footer

func (*Token) SetIssuedAt 

func (t *Token) SetIssuedAt(iat time.Time)

SetIssuedAt sets the token's "iat" field.

func (*Token) SetIssuer 

func (t *Token) SetIssuer(issuer string)

SetIssuer sets the token's "iss" field.

func (*Token) SetJti 

func (t *Token) SetJti(identifier string)

SetJti sets the token's "jti" field.

func (*Token) SetNotBefore 

func (t *Token) SetNotBefore(nbf time.Time)

SetNotBefore sets the token's "nbf" field.

func (*Token) SetString 

func (t *Token) SetString(key string, value string)

SetString sets the given key with value. If, for some reason, the provided string cannot be serialised as JSON SetString will panic.

func (*Token) SetSubject 

func (t *Token) SetSubject(subject string)

SetSubject sets the token's "sub" field.

func (*Token) SetTime 

func (t *Token) SetTime(key string, value time.Time)

SetTime sets the given key with the given time, encoded using RFC3339 (the time format used by common PASETO claims).

func (Token) V2Encrypt 

func (t Token) V2Encrypt(key V2SymmetricKey) string

V2Encrypt signs the token, using the given key.

func (Token) V2Sign 

func (t Token) V2Sign(key V2AsymmetricSecretKey) string

V2Sign signs the token, using the given key.

func (Token) V3Encrypt 

func (t Token) V3Encrypt(key V3SymmetricKey, implicit []byte) string

V3Encrypt signs the token, using the given key and implicit bytes. Implicit bytes are bytes used to calculate the encrypted token, but which are not present in the final token (or its decrypted value). Implicit must be reprovided for successful decryption, and can not be recovered.

func (Token) V3Sign 

func (t Token) V3Sign(key V3AsymmetricSecretKey, implicit []byte) string

V3Sign signs the token, using the given key and implicit bytes. Implicit bytes are bytes used to calculate the signature, but which are not present in the final token. Implicit must be reprovided for successful verification, and can not be recovered.

func (Token) V4Encrypt 

func (t Token) V4Encrypt(key V4SymmetricKey, implicit []byte) string

V4Encrypt signs the token, using the given key and implicit bytes. Implicit bytes are bytes used to calculate the encrypted token, but which are not present in the final token (or its decrypted value). Implicit must be reprovided for successful decryption, and can not be recovered.

func (Token) V4Sign 

func (t Token) V4Sign(key V4AsymmetricSecretKey, implicit []byte) string

V4Sign signs the token, using the given key and implicit bytes. Implicit bytes are bytes used to calculate the signature, but which are not present in the final token. Implicit must be reprovided for successful verification, and can not be recovered.

type TokenAudience 

type TokenAudience interface {
	GetAudience() (string, error)
}

type TokenClaimsAndFooter 

type TokenClaimsAndFooter struct {
	// Serialised token claims. These claims MUST be serialised JSON.
	Claims []byte
	// Serialised token footer. This footer SHOULD be serialised JSON.
	Footer []byte
}

func NewClaimsAndFooter 

func NewClaimsAndFooter(claims []byte, footer []byte) TokenClaimsAndFooter

NewClaimsAndFooter creates a claims and footer pair from custom encoded data. This should be used to transform a custom type into this pair, which can then be signed or encrypted as a paseto token.

func (TokenClaimsAndFooter) V2Encrypt 

func (p TokenClaimsAndFooter) V2Encrypt(key V2SymmetricKey) string

V2Encrypt signs the token, using the given key.

func (TokenClaimsAndFooter) V2Sign 

func (p TokenClaimsAndFooter) V2Sign(key V2AsymmetricSecretKey) string

V2Sign signs the token, using the given key.

func (TokenClaimsAndFooter) V3Encrypt 

func (p TokenClaimsAndFooter) V3Encrypt(key V3SymmetricKey, implicit []byte) string

V3Encrypt signs the token, using the given key and implicit bytes. Implicit bytes are bytes used to calculate the encrypted token, but which are not present in the final token (or its decrypted value). Implicit must be reprovided for successful decryption, and can not be recovered.

func (TokenClaimsAndFooter) V3Sign 

func (p TokenClaimsAndFooter) V3Sign(key V3AsymmetricSecretKey, implicit []byte) string

V3Sign signs the token, using the given key and implicit bytes. Implicit bytes are bytes used to calculate the signature, but which are not present in the final token. Implicit must be reprovided for successful verification, and can not be recovered.

func (TokenClaimsAndFooter) V4Encrypt 

func (p TokenClaimsAndFooter) V4Encrypt(key V4SymmetricKey, implicit []byte) string

V4Encrypt signs the token, using the given key and implicit bytes. Implicit bytes are bytes used to calculate the encrypted token, but which are not present in the final token (or its decrypted value). Implicit must be reprovided for successful decryption, and can not be recovered.

func (TokenClaimsAndFooter) V4Sign 

func (p TokenClaimsAndFooter) V4Sign(key V4AsymmetricSecretKey, implicit []byte) string

V4Sign signs the token, using the given key and implicit bytes. Implicit bytes are bytes used to calculate the signature, but which are not present in the final token. Implicit must be reprovided for successful verification, and can not be recovered.

type TokenDecoder 

type TokenDecoder[T any] func(TokenClaimsAndFooter) (*T, error)

type TokenError 

type TokenError struct {
	// contains filtered or unexported fields
}

Any cryptography issue (with the token) or formatting error. This does not include cryptography errors with input key material, these will return regular errors.

func (TokenError) Error 

func (e TokenError) Error() string

func (TokenError) Is 

func (_ TokenError) Is(e error) bool

func (TokenError) Unwrap 

func (e TokenError) Unwrap() error

type TokenExpiration 

type TokenExpiration interface {
	GetExpiration() (time.Time, error)
}

type TokenIssuedAt 

type TokenIssuedAt interface {
	GetIssuedAt() (time.Time, error)
}

type TokenIssuer 

type TokenIssuer interface {
	GetIssuer() (string, error)
}

type TokenJti 

type TokenJti interface {
	GetJti() (string, error)
}

type TokenNotBefore 

type TokenNotBefore interface {
	GetNotBefore() (time.Time, error)
}

type TokenSubject 

type TokenSubject interface {
	GetSubject() (string, error)
}

type TokenValidAt 

type TokenValidAt interface {
	TokenIssuedAt
	TokenNotBefore
	TokenExpiration
}

type V2AsymmetricPublicKey 

type V2AsymmetricPublicKey struct {
	// contains filtered or unexported fields
}

V2AsymmetricPublicKey V2 public public key

func NewV2AsymmetricPublicKeyFromBytes 

func NewV2AsymmetricPublicKeyFromBytes(publicKey []byte) (V2AsymmetricPublicKey, error)

NewV2AsymmetricPublicKeyFromBytes Construct a v2 public key from bytes

func NewV2AsymmetricPublicKeyFromEd25519 

func NewV2AsymmetricPublicKeyFromEd25519(publicKey ed25519.PublicKey) (V2AsymmetricPublicKey, error)

NewV2AsymmetricPublicKeyFromEd25519 Construct a v2 public key from a standard Go object

func NewV2AsymmetricPublicKeyFromHex 

func NewV2AsymmetricPublicKeyFromHex(hexEncoded string) (V2AsymmetricPublicKey, error)

NewV2AsymmetricPublicKeyFromHex Construct a v2 public key from hex

func (V2AsymmetricPublicKey) ExportBytes 

func (k V2AsymmetricPublicKey) ExportBytes() []byte

ExportBytes export a V2AsymmetricPublicKey to raw byte array

func (V2AsymmetricPublicKey) ExportHex 

func (k V2AsymmetricPublicKey) ExportHex() string

ExportHex export a V2AsymmetricPublicKey to hex for storage

type V2AsymmetricSecretKey 

type V2AsymmetricSecretKey struct {
	// contains filtered or unexported fields
}

V2AsymmetricSecretKey V2 public private key

func NewV2AsymmetricSecretKey 

func NewV2AsymmetricSecretKey() V2AsymmetricSecretKey

NewV2AsymmetricSecretKey generate a new secret key for use with asymmetric cryptography. Don't forget to export the public key for sharing, DO NOT share this secret key.

func NewV2AsymmetricSecretKeyFromBytes 

func NewV2AsymmetricSecretKeyFromBytes(privateKey []byte) (V2AsymmetricSecretKey, error)

NewV2AsymmetricSecretKeyFromBytes creates a secret key from bytes

func NewV2AsymmetricSecretKeyFromEd25519 

func NewV2AsymmetricSecretKeyFromEd25519(privateKey ed25519.PrivateKey) (V2AsymmetricSecretKey, error)

NewV2AsymmetricSecretKeyFromEd25519 creates a secret key from a standard Go object

func NewV2AsymmetricSecretKeyFromHex 

func NewV2AsymmetricSecretKeyFromHex(hexEncoded string) (V2AsymmetricSecretKey, error)

NewV2AsymmetricSecretKeyFromHex creates a secret key from hex

func NewV2AsymmetricSecretKeyFromSeed 

func NewV2AsymmetricSecretKeyFromSeed(hexEncoded string) (V2AsymmetricSecretKey, error)

NewV2AsymmetricSecretKeyFromSeed creates a secret key from a seed (hex)

func (V2AsymmetricSecretKey) ExportBytes 

func (k V2AsymmetricSecretKey) ExportBytes() []byte

ExportBytes export a V2AsymmetricSecretKey to raw byte array

func (V2AsymmetricSecretKey) ExportHex 

func (k V2AsymmetricSecretKey) ExportHex() string

ExportHex export a V2AsymmetricSecretKey to hex for storage

func (V2AsymmetricSecretKey) ExportSeedHex 

func (k V2AsymmetricSecretKey) ExportSeedHex() string

ExportSeedHex export a V2AsymmetricSecretKey's seed to hex for storage

func (V2AsymmetricSecretKey) Public 

func (k V2AsymmetricSecretKey) Public() V2AsymmetricPublicKey

Public returns the corresponding public key for a secret key

type V2SymmetricKey 

type V2SymmetricKey struct {
	// contains filtered or unexported fields
}

V2SymmetricKey v2 local symmetric key

func NewV2SymmetricKey 

func NewV2SymmetricKey() V2SymmetricKey

NewV2SymmetricKey generates a new symmetric key for encryption

func V2SymmetricKeyFromBytes 

func V2SymmetricKeyFromBytes(bytes []byte) (V2SymmetricKey, error)

V2SymmetricKeyFromBytes constructs a key from bytes

func V2SymmetricKeyFromHex 

func V2SymmetricKeyFromHex(hexEncoded string) (V2SymmetricKey, error)

V2SymmetricKeyFromHex constructs a key from hex

func (V2SymmetricKey) ExportBytes 

func (k V2SymmetricKey) ExportBytes() []byte

ExportBytes exports the key as raw bytes

func (V2SymmetricKey) ExportHex 

func (k V2SymmetricKey) ExportHex() string

ExportHex exports the key as hex for storage

type V3AsymmetricPublicKey 

type V3AsymmetricPublicKey struct {
	// contains filtered or unexported fields
}

V3AsymmetricPublicKey v3 public public key

func NewV3AsymmetricPublicKeyFromBytes 

func NewV3AsymmetricPublicKeyFromBytes(publicKeyBytes []byte) (V3AsymmetricPublicKey, error)

NewV3AsymmetricPublicKeyFromBytes Construct a v3 public key from bytes

func NewV3AsymmetricPublicKeyFromEcdsa 

func NewV3AsymmetricPublicKeyFromEcdsa(publicKey ecdsa.PublicKey) (V3AsymmetricPublicKey, error)

NewV3AsymmetricPublicKeyFromEcdsa Construct a v3 public key from a standard Go object

func NewV3AsymmetricPublicKeyFromHex 

func NewV3AsymmetricPublicKeyFromHex(hexEncoded string) (V3AsymmetricPublicKey, error)

NewV3AsymmetricPublicKeyFromHex Construct a v3 public key from hex

func (V3AsymmetricPublicKey) ExportBytes 

func (k V3AsymmetricPublicKey) ExportBytes() []byte

ExportBytes export a V3AsymmetricPublicKey to raw byte array

func (V3AsymmetricPublicKey) ExportHex 

func (k V3AsymmetricPublicKey) ExportHex() string

ExportHex export a V3AsymmetricPublicKey to hex for storage

type V3AsymmetricSecretKey 

type V3AsymmetricSecretKey struct {
	// contains filtered or unexported fields
}

V3AsymmetricSecretKey v3 public private key

func NewV3AsymmetricSecretKey 

func NewV3AsymmetricSecretKey() V3AsymmetricSecretKey

NewV3AsymmetricSecretKey generate a new secret key for use with asymmetric cryptography. Don't forget to export the public key for sharing, DO NOT share this secret key.

func NewV3AsymmetricSecretKeyFromBytes 

func NewV3AsymmetricSecretKeyFromBytes(secretBytes []byte) (V3AsymmetricSecretKey, error)

NewV3AsymmetricSecretKeyFromBytes creates a secret key from bytes

func NewV3AsymmetricSecretKeyFromEcdsa 

func NewV3AsymmetricSecretKeyFromEcdsa(privateKey ecdsa.PrivateKey) (V3AsymmetricSecretKey, error)

NewV3AsymmetricSecretKeyFromBytes creates a secret key from a standard Go object

func NewV3AsymmetricSecretKeyFromHex 

func NewV3AsymmetricSecretKeyFromHex(hexEncoded string) (V3AsymmetricSecretKey, error)

NewV3AsymmetricSecretKeyFromHex creates a secret key from hex

func (V3AsymmetricSecretKey) ExportBytes 

func (k V3AsymmetricSecretKey) ExportBytes() []byte

ExportBytes export a V3AsymmetricSecretKey to raw byte array

func (V3AsymmetricSecretKey) ExportHex 

func (k V3AsymmetricSecretKey) ExportHex() string

ExportHex export a V3AsymmetricSecretKey to hex for storage

func (V3AsymmetricSecretKey) Public 

func (k V3AsymmetricSecretKey) Public() V3AsymmetricPublicKey

Public returns the corresponding public key for a secret key

type V3SymmetricKey 

type V3SymmetricKey struct {
	// contains filtered or unexported fields
}

V3SymmetricKey v3 local symmetric key

func NewV3SymmetricKey 

func NewV3SymmetricKey() V3SymmetricKey

NewV3SymmetricKey generates a new symmetric key for encryption

func V3SymmetricKeyFromBytes 

func V3SymmetricKeyFromBytes(bytes []byte) (V3SymmetricKey, error)

V3SymmetricKeyFromBytes constructs a key from bytes

func V3SymmetricKeyFromHex 

func V3SymmetricKeyFromHex(hexEncoded string) (V3SymmetricKey, error)

V3SymmetricKeyFromHex constructs a key from hex

func (V3SymmetricKey) ExportBytes 

func (k V3SymmetricKey) ExportBytes() []byte

ExportBytes exports the key as raw byte array

func (V3SymmetricKey) ExportHex 

func (k V3SymmetricKey) ExportHex() string

ExportHex exports the key as hex for storage

type V4AsymmetricPublicKey 

type V4AsymmetricPublicKey struct {
	// contains filtered or unexported fields
}

V4AsymmetricPublicKey v4 public public key

func NewV4AsymmetricPublicKeyFromBytes 

func NewV4AsymmetricPublicKeyFromBytes(publicKey []byte) (V4AsymmetricPublicKey, error)

NewV4AsymmetricPublicKeyFromBytes Construct a v4 public key from bytes

func NewV4AsymmetricPublicKeyFromEd25519 

func NewV4AsymmetricPublicKeyFromEd25519(publicKey ed25519.PublicKey) (V4AsymmetricPublicKey, error)

NewV4AsymmetricPublicKeyFromEd25519 Construct a v2 public key from a standard Go object

func NewV4AsymmetricPublicKeyFromHex 

func NewV4AsymmetricPublicKeyFromHex(hexEncoded string) (V4AsymmetricPublicKey, error)

NewV4AsymmetricPublicKeyFromHex Construct a v4 public key from hex

func (V4AsymmetricPublicKey) ExportBytes 

func (k V4AsymmetricPublicKey) ExportBytes() []byte

ExportBytes export a V4AsymmetricPublicKey to raw byte array

func (V4AsymmetricPublicKey) ExportHex 

func (k V4AsymmetricPublicKey) ExportHex() string

ExportHex export a V4AsymmetricPublicKey to hex for storage

type V4AsymmetricSecretKey 

type V4AsymmetricSecretKey struct {
	// contains filtered or unexported fields
}

V4AsymmetricSecretKey v4 public private key

func NewV4AsymmetricSecretKey 

func NewV4AsymmetricSecretKey() V4AsymmetricSecretKey

NewV4AsymmetricSecretKey generate a new secret key for use with asymmetric cryptography. Don't forget to export the public key for sharing, DO NOT share this secret key.

func NewV4AsymmetricSecretKeyFromBytes 

func NewV4AsymmetricSecretKeyFromBytes(privateKey []byte) (V4AsymmetricSecretKey, error)

NewV4AsymmetricSecretKeyFromBytes creates a secret key from bytes

func NewV4AsymmetricSecretKeyFromEd25519 

func NewV4AsymmetricSecretKeyFromEd25519(privateKey ed25519.PrivateKey) (V4AsymmetricSecretKey, error)

NewV4AsymmetricSecretKeyFromEd25519 creates a secret key from a standard Go object

func NewV4AsymmetricSecretKeyFromHex 

func NewV4AsymmetricSecretKeyFromHex(hexEncoded string) (V4AsymmetricSecretKey, error)

NewV4AsymmetricSecretKeyFromHex creates a secret key from hex

func NewV4AsymmetricSecretKeyFromSeed 

func NewV4AsymmetricSecretKeyFromSeed(hexEncoded string) (V4AsymmetricSecretKey, error)

NewV4AsymmetricSecretKeyFromSeed creates a secret key from a seed (hex)

func (V4AsymmetricSecretKey) ExportBytes 

func (k V4AsymmetricSecretKey) ExportBytes() []byte

ExportBytes export a V4AsymmetricSecretKey to raw byte array

func (V4AsymmetricSecretKey) ExportHex 

func (k V4AsymmetricSecretKey) ExportHex() string

ExportHex export a V4AsymmetricSecretKey to hex for storage

func (V4AsymmetricSecretKey) ExportSeedHex 

func (k V4AsymmetricSecretKey) ExportSeedHex() string

ExportSeedHex export a V4AsymmetricSecretKey's seed to hex for storage

func (V4AsymmetricSecretKey) Public 

func (k V4AsymmetricSecretKey) Public() V4AsymmetricPublicKey

Public returns the corresponding public key for a secret key

type V4SymmetricKey 

type V4SymmetricKey struct {
	// contains filtered or unexported fields
}

V4SymmetricKey v4 local symmetric key

func NewV4SymmetricKey 

func NewV4SymmetricKey() V4SymmetricKey

NewV4SymmetricKey generates a new symmetric key for encryption

func V4SymmetricKeyFromBytes 

func V4SymmetricKeyFromBytes(bytes []byte) (V4SymmetricKey, error)

V4SymmetricKeyFromBytes constructs a key from bytes

func V4SymmetricKeyFromHex 

func V4SymmetricKeyFromHex(hexEncoded string) (V4SymmetricKey, error)

V4SymmetricKeyFromHex constructs a key from hex

func (V4SymmetricKey) ExportBytes 

func (k V4SymmetricKey) ExportBytes() []byte

ExportBytes exports the key as raw byte array

func (V4SymmetricKey) ExportHex 

func (k V4SymmetricKey) ExportHex() string

ExportHex exports the key as hex for storage

type Version 

type Version string

Version represents a valid paseto version 

const (
	// Version2 corresponds to paseto v2 tokens
	Version2 Version = "v2"
	// Version3 corresponds to paseto v3 tokens
	Version3 Version = "v3"
	// Version4 corresponds to paseto v4 tokens
	Version4 Version = "v4"
)

Source Files

View all Source files

Directories

Path Synopsis
internal
encoding
hashing
random

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.