openssl

package

v0.2.40 Latest Latest Go to latest Published: May 23, 2024 License: BSD-3-Clause Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

bitbucket.org/digi-sense/gg-core

Links

Open Source Insights

README ¶

Open SSL

OpenSSL module is a porting of original work https://github.com/Luzifer/go-openssl/

Documentation ¶

Index ¶

Constants
Variables
type Creds
type CredsGenerator
- func NewBytesToKeyGenerator(hashFunc func() hash.Hash) CredsGenerator
- func NewPBKDF2Generator(hashFunc func() hash.Hash, iterations int) CredsGenerator
type OpenSSL
- func NewOpenSSL() *OpenSSL
type OpenSSLHelper
- func (instance *OpenSSLHelper) New() *OpenSSL

Constants ¶

View Source

const DefaultPBKDF2Iterations = 10000

Variables ¶

View Source

var (
	BytesToKeyMD5    = NewBytesToKeyGenerator(md5.New)
	BytesToKeySHA1   = NewBytesToKeyGenerator(sha1.New)
	BytesToKeySHA256 = NewBytesToKeyGenerator(sha256.New)
	BytesToKeySHA384 = NewBytesToKeyGenerator(sha512.New384)
	BytesToKeySHA512 = NewBytesToKeyGenerator(sha512.New)
	PBKDF2MD5        = NewPBKDF2Generator(md5.New, DefaultPBKDF2Iterations)
	PBKDF2SHA1       = NewPBKDF2Generator(sha1.New, DefaultPBKDF2Iterations)
	PBKDF2SHA256     = NewPBKDF2Generator(sha256.New, DefaultPBKDF2Iterations)
	PBKDF2SHA384     = NewPBKDF2Generator(sha512.New384, DefaultPBKDF2Iterations)
	PBKDF2SHA512     = NewPBKDF2Generator(sha512.New, DefaultPBKDF2Iterations)
)

View Source

var ErrInvalidSalt = errors.New("Salt needs to have exactly 8 byte")

ErrInvalidSalt is returned when a salt with a length of != 8 byte is passed

Functions ¶

This section is empty.

Types ¶

type Creds ¶

type Creds struct {
	Key []byte
	IV  []byte
}

Creds holds a key and an IV for encryption methods

type CredsGenerator ¶

type CredsGenerator func(password, salt []byte) (Creds, error)

CredsGenerator are functions to derive a key and iv from a password and a salt

func NewBytesToKeyGenerator ¶

func NewBytesToKeyGenerator(hashFunc func() hash.Hash) CredsGenerator

NewBytesToKeyGenerator openSSLEvpBytesToKey follows the OpenSSL (undocumented?) convention for extracting the key and IV from passphrase. It uses the EVP_BytesToKey() method which is basically: D_i = HASH^count(D_(i-1) || password || salt) where || denotes concatenation, until there are sufficient bytes available 48 bytes since we're expecting to handle AES-256, 32bytes for a key and 16bytes for the IV

func NewPBKDF2Generator ¶

func NewPBKDF2Generator(hashFunc func() hash.Hash, iterations int) CredsGenerator

type OpenSSL ¶

type OpenSSL struct {
	// contains filtered or unexported fields
}

OpenSSL is a helper to generate OpenSSL compatible encryption with autmatic IV derivation and storage. As long as the key is known all data can also get decrypted using OpenSSL CLI. Code from http://dequeue.blogspot.de/2014/11/decrypting-something-encrypted-with.html

func NewOpenSSL ¶

func NewOpenSSL() *OpenSSL

NewOpenSSL New instantiates and initializes a new OpenSSL encrypter

func (OpenSSL) DecryptBinaryBytes ¶

func (instance OpenSSL) DecryptBinaryBytes(passphrase string, encryptedData []byte, cg CredsGenerator) ([]byte, error)

DecryptBinaryBytes takes a slice of binary bytes, encrypted data to decrypt and a key-derivation function. The key-derivation function must match the function used to encrypt the data. (In OpenSSL the value of the `-md` parameter.)

You should not just try to loop the digest functions as this will cause a race condition and you will not be able to decrypt your data properly.

func (OpenSSL) DecryptBytes ¶

func (instance OpenSSL) DecryptBytes(passphrase string, encryptedBase64Data []byte, cg CredsGenerator) ([]byte, error)

DecryptBytes takes a slice of bytes with base64 encoded, encrypted data to decrypt and a key-derivation function. The key-derivation function must match the function used to encrypt the data. (In OpenSSL the value of the `-md` parameter.)

You should not just try to loop the digest functions as this will cause a race condition and you will not be able to decrypt your data properly.

func (OpenSSL) EncryptBinaryBytes ¶

func (instance OpenSSL) EncryptBinaryBytes(passphrase string, plainData []byte, cg CredsGenerator) ([]byte, error)

EncryptBinaryBytes encrypts a slice of bytes in a manner compatible to OpenSSL encryption functions using AES-256-CBC as encryption algorithm. This function generates a random salt on every execution.

func (OpenSSL) EncryptBinaryBytesWithSaltAndDigestFunc ¶

func (instance OpenSSL) EncryptBinaryBytesWithSaltAndDigestFunc(passphrase string, salt, plainData []byte, cg CredsGenerator) ([]byte, error)

EncryptBinaryBytesWithSaltAndDigestFunc encrypts a slice of bytes in a manner compatible to OpenSSL encryption functions using AES-256-CBC as encryption algorithm. The salt needs to be passed in here which ensures the same result on every execution on cost of a much weaker encryption as with EncryptString.

The salt passed into this function needs to have exactly 8 byte.

The hash function corresponds to the `-md` parameter of OpenSSL. For OpenSSL pre-1.1.0c DigestMD5Sum was the default, since then it is DigestSHA256Sum.

If you don't have a good reason to use this, please don't! For more information see this: https://en.wikipedia.org/wiki/Salt_(cryptography)#Common_mistakes

func (OpenSSL) EncryptBytes ¶

func (instance OpenSSL) EncryptBytes(passphrase string, plainData []byte, cg CredsGenerator) ([]byte, error)

EncryptBytes encrypts a slice of bytes that are base64 encoded in a manner compatible to OpenSSL encryption functions using AES-256-CBC as encryption algorithm. This function generates a random salt on every execution.

func (OpenSSL) EncryptBytesWithSaltAndDigestFunc ¶

func (instance OpenSSL) EncryptBytesWithSaltAndDigestFunc(passphrase string, salt, plainData []byte, cg CredsGenerator) ([]byte, error)

EncryptBytesWithSaltAndDigestFunc encrypts a slice of bytes that are base64 encoded in a manner compatible to OpenSSL encryption functions using AES-256-CBC as encryption algorithm. The salt needs to be passed in here which ensures the same result on every execution on cost of a much weaker encryption as with EncryptString.

The salt passed into this function needs to have exactly 8 byte.

The hash function corresponds to the `-md` parameter of OpenSSL. For OpenSSL pre-1.1.0c DigestMD5Sum was the default, since then it is DigestSHA256Sum.

If you don't have a good reason to use this, please don't! For more information see this: https://en.wikipedia.org/wiki/Salt_(cryptography)#Common_mistakes

func (OpenSSL) GenerateSalt ¶

func (instance OpenSSL) GenerateSalt() ([]byte, error)

GenerateSalt generates a random 8 byte salt

func (OpenSSL) MustGenerateSalt ¶

func (instance OpenSSL) MustGenerateSalt() []byte

MustGenerateSalt is a wrapper around GenerateSalt which will panic on an error. This allows you to use this function as a parameter to EncryptBytesWithSaltAndDigestFunc

type OpenSSLHelper ¶

type OpenSSLHelper struct {
}

var OpenSSLUtil *OpenSSLHelper

func (*OpenSSLHelper) New ¶

func (instance *OpenSSLHelper) New() *OpenSSL

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL