Documentation ¶
Overview ¶
Package encrypt contains some useful tools to deal with encryption/decryption
Index ¶
- func AESEncryptFilesInDir(dir string, secret []byte, opts ...AESEncryptFilesInDirOption) (err error)
- func AesDecrypt(secret []byte, encrypted []byte) ([]byte, error)
- func AesEncrypt(secret []byte, cnt []byte) ([]byte, error)
- func DecodeECDSAPrivateKey(pemEncoded []byte) (*ecdsa.PrivateKey, error)
- func DecodeECDSAPublicKey(pemEncodedPub []byte) (*ecdsa.PublicKey, error)
- func DecodeES256SignByBase64(sign string) (a, b *big.Int, err error)
- func DecodeES256SignByHex(sign string) (a, b *big.Int, err error)
- func DecodeRSAPrivateKey(pemEncoded []byte) (*rsa.PrivateKey, error)
- func DecodeRSAPublicKey(pemEncodedPub []byte) (*rsa.PublicKey, error)
- func EncodeECDSAPrivateKey(privateKey *ecdsa.PrivateKey) ([]byte, error)
- func EncodeECDSAPublicKey(publicKey *ecdsa.PublicKey) ([]byte, error)
- func EncodeES256SignByBase64(a, b *big.Int) string
- func EncodeES256SignByHex(a, b *big.Int) string
- func EncodeRSAPrivateKey(privateKey *rsa.PrivateKey) ([]byte, error)
- func EncodeRSAPublicKey(publicKey *rsa.PublicKey) ([]byte, error)
- func FormatBig2Base64(b *big.Int) string
- func FormatBig2Hex(b *big.Int) string
- func GeneratePasswordHash(password []byte) ([]byte, error)
- func HashSHA128String(val string) string
- func HashSHA256String(val string) string
- func HashXxhashString(val string) string
- func ParseBase642Big(raw string) (*big.Int, error)
- func ParseHex2Big(hex string) (b *big.Int, ok bool)
- func SecureCipherSuites(filter func(*tls.CipherSuite) bool) []uint16
- func SignByECDSAWithSHA256(priKey *ecdsa.PrivateKey, content []byte) (r, s *big.Int, err error)
- func SignByRSAWithSHA256(priKey *rsa.PrivateKey, content []byte) ([]byte, error)
- func SignReaderByECDSAWithSHA256(priKey *ecdsa.PrivateKey, reader io.Reader) (r, s *big.Int, err error)
- func SignReaderByRSAWithSHA256(priKey *rsa.PrivateKey, reader io.Reader) (sig []byte, err error)
- func ValidatePasswordHash(hashedPassword, password []byte) bool
- func VerifyByECDSAWithSHA256(pubKey *ecdsa.PublicKey, content []byte, r, s *big.Int) bool
- func VerifyByRSAWithSHA256(pubKey *rsa.PublicKey, content []byte, sig []byte) error
- func VerifyReaderByECDSAWithSHA256(pubKey *ecdsa.PublicKey, reader io.Reader, r, s *big.Int) (bool, error)
- func VerifyReaderByRSAWithSHA256(pubKey *rsa.PublicKey, reader io.Reader, sig []byte) error
- type AESEncryptFilesInDirOption
- type AesReaderWrapper
- type DHKX
- type DHKXOptionFunc
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AESEncryptFilesInDir ¶
func AESEncryptFilesInDir(dir string, secret []byte, opts ...AESEncryptFilesInDirOption) (err error)
AESEncryptFilesInDir encrypt files in dir
will generate new encrypted files with <suffix> after ext
xxx.toml -> xxx.toml.enc
func AesDecrypt ¶
AesDecrypt encrypt bytes by aes with key
inspired by https://tutorialedge.net/golang/go-encrypt-decrypt-aes-tutorial/
The key argument should be 16, 24, or 32 bytes
func AesEncrypt ¶
AesEncrypt encrypt bytes by aes with key
inspired by https://tutorialedge.net/golang/go-encrypt-decrypt-aes-tutorial/
The key argument should be the AES key, either 16, 24, or 32 bytes to select AES-128, AES-192, or AES-256.
func DecodeECDSAPrivateKey ¶
func DecodeECDSAPrivateKey(pemEncoded []byte) (*ecdsa.PrivateKey, error)
DecodeECDSAPrivateKey decode ecdsa private key from pem bytes
func DecodeECDSAPublicKey ¶
DecodeECDSAPublicKey decode ecdsa public key from pem bytes
func DecodeES256SignByBase64 ¶
DecodeES256SignByBase64 parse ecdsa signature string to two *big.Int
func DecodeES256SignByHex ¶
DecodeES256SignByHex parse ecdsa signature string to two *big.Int
func DecodeRSAPrivateKey ¶
func DecodeRSAPrivateKey(pemEncoded []byte) (*rsa.PrivateKey, error)
DecodeRSAPrivateKey decode rsa private key from pem bytes
func DecodeRSAPublicKey ¶
DecodeRSAPublicKey decode rsa public key from pem bytes
func EncodeECDSAPrivateKey ¶
func EncodeECDSAPrivateKey(privateKey *ecdsa.PrivateKey) ([]byte, error)
EncodeECDSAPrivateKey encode ecdsa private key to pem bytes
func EncodeECDSAPublicKey ¶
EncodeECDSAPublicKey encode ecdsa public key to pem bytes
func EncodeES256SignByBase64 ¶
EncodeES256SignByBase64 format ecdsa signature to stirng
func EncodeES256SignByHex ¶
EncodeES256SignByHex format ecdsa sign to stirng
func EncodeRSAPrivateKey ¶
func EncodeRSAPrivateKey(privateKey *rsa.PrivateKey) ([]byte, error)
EncodeRSAPrivateKey encode rsa private key to pem bytes
func EncodeRSAPublicKey ¶
EncodeRSAPublicKey encode rsa public key to pem bytes
func FormatBig2Base64 ¶
FormatBig2Base64 format big to base64 string
func GeneratePasswordHash ¶
GeneratePasswordHash generate hashed password by origin password
Example ¶
// generate hashed password rawPassword := []byte("1234567890") hashedPassword, err := GeneratePasswordHash(rawPassword) if err != nil { log.Shared.Error("try to generate password got error", zap.Error(err)) return } fmt.Printf("got new hashed pasword: %v\n", string(hashedPassword)) // validate passowrd if !ValidatePasswordHash(hashedPassword, rawPassword) { log.Shared.Error("password invalidate", zap.Error(err)) return }
Output:
func HashSHA128String ¶
HashSHA128String calculate string's hash by sha256
Example ¶
val := testhashraw got := HashSHA128String(val) log.Shared.Info("hash", zap.String("got", got))
Output:
func HashSHA256String ¶
HashSHA256String calculate string's hash by sha256
Example ¶
val := testhashraw got := HashSHA256String(val) log.Shared.Info("hash", zap.String("got", got))
Output:
func HashXxhashString ¶
HashXxhashString calculate string's hash by sha256
Example ¶
val := testhashraw got := HashXxhashString(val) log.Shared.Info("hash", zap.String("got", got))
Output:
func ParseBase642Big ¶
ParseBase642Big parse base64 string to big
func ParseHex2Big ¶
ParseHex2Big parse hex string to big
func SecureCipherSuites ¶ added in v2.1.1
func SecureCipherSuites(filter func(*tls.CipherSuite) bool) []uint16
SecureCipherSuites get golang built-in cipher suites without known insecure suites
func SignByECDSAWithSHA256 ¶
SignByECDSAWithSHA256 generate signature by ecdsa private key use sha256
Example ¶
priKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) if err != nil { log.Shared.Panic("generate key", zap.Error(err)) } priKey2, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) if err != nil { log.Shared.Panic("generate key", zap.Error(err)) } // case: correct key cnt := []byte("fjijf23lijfl23ijrl32jra9pfie9wpfi") r, s, err := SignByECDSAWithSHA256(priKey, cnt) if err != nil { log.Shared.Panic("sign", zap.Error(err)) } if !VerifyByECDSAWithSHA256(&priKey.PublicKey, cnt, r, s) { log.Shared.Panic("verify failed") } // generate string encoded := EncodeES256SignByBase64(r, s) if _, _, err = DecodeES256SignByBase64(encoded); err != nil { log.Shared.Panic("encode and decode", zap.Error(err)) } // case: incorrect cnt cnt = []byte("fjijf23lijfl23ijrl32jra9pfie9wpfi") r, s, err = SignByECDSAWithSHA256(priKey, cnt) if err != nil { log.Shared.Panic("sign", zap.Error(err)) } if VerifyByECDSAWithSHA256(&priKey.PublicKey, append(cnt, '2'), r, s) { log.Shared.Panic("should not verify") } // case: incorrect key r, s, err = SignByECDSAWithSHA256(priKey2, cnt) if err != nil { log.Shared.Panic("sign", zap.Error(err)) } if VerifyByECDSAWithSHA256(&priKey.PublicKey, cnt, r, s) { log.Shared.Panic("should not verify") }
Output:
func SignByRSAWithSHA256 ¶
func SignByRSAWithSHA256(priKey *rsa.PrivateKey, content []byte) ([]byte, error)
SignByRSAWithSHA256 generate signature by rsa private key use sha256
func SignReaderByECDSAWithSHA256 ¶
func SignReaderByECDSAWithSHA256(priKey *ecdsa.PrivateKey, reader io.Reader) (r, s *big.Int, err error)
SignReaderByECDSAWithSHA256 generate signature by ecdsa private key use sha256
func SignReaderByRSAWithSHA256 ¶
SignReaderByRSAWithSHA256 generate signature by rsa private key use sha256
func ValidatePasswordHash ¶
ValidatePasswordHash validate password is match with hashedPassword
func VerifyByECDSAWithSHA256 ¶
VerifyByECDSAWithSHA256 verify signature by ecdsa public key use sha256
func VerifyByRSAWithSHA256 ¶
VerifyByRSAWithSHA256 verify signature by rsa public key use sha256
Types ¶
type AESEncryptFilesInDirOption ¶
type AESEncryptFilesInDirOption func(*encryptFilesOption) error
AESEncryptFilesInDirOption options to encrypt files in dir
func WithAESFilesInDirFileExt ¶
func WithAESFilesInDirFileExt(ext string) AESEncryptFilesInDirOption
WithAESFilesInDirFileExt only encrypt files with specific ext
func WithAESFilesInDirFileSuffix ¶
func WithAESFilesInDirFileSuffix(suffix string) AESEncryptFilesInDirOption
WithAESFilesInDirFileSuffix will append to encrypted's filename as suffix
xxx.toml -> xxx.toml.enc
type AesReaderWrapper ¶
type AesReaderWrapper struct {
// contains filtered or unexported fields
}
AesReaderWrapper used to decrypt encrypted reader
func NewAesReaderWrapper ¶
func NewAesReaderWrapper(in io.Reader, key []byte) (*AesReaderWrapper, error)
NewAesReaderWrapper wrap reader by aes
type DHKX ¶
type DHKX struct {
// contains filtered or unexported fields
}
Diffie Hellman Key-exchange algorithm
https://pkg.go.dev/github.com/monnand/dhkx
Example
alice, _ := NewDHKX() bob, _ := NewDHKX() alicePub := alice.PublicKey() bobPub := bob.PublicKey() aliceKey, _ := alice.GenerateKey(bobPub) bobKey, _ := bob.GenerateKey(alicePub) // aliceKey == bobKey
Example ¶
alice, _ := NewDHKX() bob, _ := NewDHKX() alicePub := alice.PublicKey() bobPub := bob.PublicKey() aliceKey, _ := alice.GenerateKey(bobPub) bobKey, _ := bob.GenerateKey(alicePub) fmt.Println(reflect.DeepEqual(aliceKey, bobKey))
Output: true
func NewDHKX ¶
func NewDHKX(optfs ...DHKXOptionFunc) (d *DHKX, err error)
NewDHKX create a new DHKX instance
each DHKX instance has it's unique group and private key
func (*DHKX) GenerateKey ¶
GenerateKey generate new key by peer's public key
each side of the DHKX exchange peers will generate the same key
key like:
60a425ca3a4cc313db9c113a0526f3809725305afc68e1accd0e653ae8d0182c6eb05557f4b5d094 f015972b9fda7d60c1b64d79f50baea7365d858ede0fb7a6571403d4b95f682144b56fa17ffcbe9e 70de69dc0045672696e683c423c5b3dfc02a6916be1e50c74e60353ec08a465cc124e8ca88337fb7 4a0370e17a7cedb0b1e76733f43ad3db9e3d29ab43c75686a8bc4a88ee46addbd1590c8277d1b1ef 42aded6cc0bfe0a7ff8933861dae772c755087f2a41021f4ca53867ba49797d111ef21b381cb6441 178f4ccd3748f8e7b1a12ec3799571a49fc0aa793c05ab6e228b559f1fda2912542d7246388ccec1 38b4d8ce9df4a32c198891c4e33b5034
type DHKXOptionFunc ¶
type DHKXOptionFunc func(*dhkxOption) error
DHKXOptionFunc optional func to set dhkx option