Documentation ¶
Overview ¶
Package encrypt contains some useful tools to deal with encryption/decryption
Deprecated: rename to crypto
Index ¶
- func AESEncryptFilesInDir(dir string, secret []byte, opts ...AESEncryptFilesInDirOption) (err error)
- func AesDecrypt(secret []byte, encrypted []byte) ([]byte, error)
- func AesEncrypt(secret []byte, cnt []byte) ([]byte, error)
- func Base32Secret(key []byte) string
- func CSR2Der(csr *x509.CertificateRequest) []byte
- func CSRDer2Pem(CSRInDer []byte) (CSRInPem []byte)
- func Cert2Der(cert *x509.Certificate) []byte
- func Cert2Pem(cert *x509.Certificate) []byte
- func CertDer2Pem(certInDer []byte) (certInPem []byte)
- func DecodeES256SignByBase64(sign string) (r, s *big.Int, err error)
- func DecodeES256SignByHex(sign string) (r, s *big.Int, err error)
- func Der2CRL(crlDer []byte) (*x509.RevocationList, error)
- func Der2CRLPkix(crlBytes []byte) (*pkix.CertificateList, error)
- func Der2CSR(csrDer []byte) (*x509.CertificateRequest, error)
- func Der2Cert(certInDer []byte) (*x509.Certificate, error)
- func Der2Certs(certInDer []byte) ([]*x509.Certificate, error)
- func Der2Prikey(prikeyDer []byte) (crypto.PrivateKey, error)
- func Der2Pubkey(pubkeyDer []byte) (crypto.PublicKey, error)
- func DeriveKey(rawKey []byte, newKeyLength int) (newKey []byte, err error)deprecated
- func DeriveKeyByHKDF(rawKey, salt []byte, newKeyLength int) (newKey []byte, err error)
- func DeriveKeyBySMHF(rawKey, salt []byte) (newKey []byte, err error)
- func EncodeES256SignByBase64(r, s *big.Int) string
- func EncodeES256SignByHex(r, s *big.Int) string
- func FormatBig2Base64(b *big.Int) string
- func FormatBig2Hex(b *big.Int) string
- func GeneratePasswordHash(password []byte) ([]byte, error)
- func GetPubkeyFromPrikey(priv crypto.PrivateKey) crypto.PublicKey
- func HKDFWithSHA256(secret, salt, info []byte, results [][]byte) error
- func HashSHA128String(val string) string
- func HashSHA256String(val string) string
- func HashXxhashString(val string) string
- func MatchPrefix() func(o *oidContainsOption) error
- func NewECDSAPrikey(curve ECDSACurve) (*ecdsa.PrivateKey, error)
- func NewEd25519Prikey() (ed25519.PrivateKey, error)
- func NewRSAPrikey(bits RSAPrikeyBits) (*rsa.PrivateKey, error)
- func NewRSAPrikeyAndCert(rsaBits RSAPrikeyBits, opts ...X509CertOption) (prikeyPem, certDer []byte, err error)
- func NewX509CRL(ca *x509.Certificate, prikey crypto.PrivateKey, seriaNumber *big.Int, ...) (crlDer []byte, err error)
- func NewX509CSR(prikey crypto.PrivateKey, opts ...X509CSROption) (csrDer []byte, err error)
- func NewX509Cert(prikey crypto.PrivateKey, opts ...X509CertOption) (certDer []byte, err error)
- func NewX509CertByCSR(ca *x509.Certificate, prikey crypto.PrivateKey, csrDer []byte, ...) (certDer []byte, err error)
- func OIDContains(oids []asn1.ObjectIdentifier, oid asn1.ObjectIdentifier, ...) bool
- func ParseBase642Big(raw string) (*big.Int, error)
- func ParseHex2Big(hex string) (b *big.Int, ok bool)
- func Pem2CSR(csrInPem []byte) (*x509.CertificateRequest, error)
- func Pem2Cert(certInPem []byte) (*x509.Certificate, error)
- func Pem2Certs(certInPem []byte) ([]*x509.Certificate, error)
- func Pem2Der(pemBytes []byte) (derBytes []byte, err error)
- func Pem2Ders(pemBytes []byte) (dersBytes [][]byte, err error)
- func Pem2Prikey(x509v8Pem []byte) (crypto.PrivateKey, error)
- func Pem2Pubkey(pubkeyPem []byte) (crypto.PublicKey, error)
- func Prikey2Der(key crypto.PrivateKey) ([]byte, error)
- func Prikey2Pem(key crypto.PrivateKey) ([]byte, error)
- func PrikeyDer2Pem(prikeyInDer []byte) (prikeyInPem []byte)
- func Privkey2Signer(privkey crypto.PrivateKey) crypto.Signer
- func Pubkey2Der(key crypto.PublicKey) ([]byte, error)
- func Pubkey2Pem(key crypto.PublicKey) ([]byte, error)
- func PubkeyDer2Pem(pubkeyInDer []byte) (prikeyInPem []byte)
- func RSADecrypt(prikey *rsa.PrivateKey, cipher []byte) (plain []byte, err error)
- func RSADer2Prikey(x509v1Der []byte) (*rsa.PrivateKey, error)
- func RSAEncrypt(pubkey *rsa.PublicKey, plain []byte) (cipher []byte, err error)
- func RSAPem2Prikey(x509v1Pem []byte) (*rsa.PrivateKey, error)
- func ReadableOIDs(oids []asn1.ObjectIdentifier) (names []string)
- func ReadablePkixName(name pkix.Name) map[string]any
- func ReadableX509Cert(cert *x509.Certificate) (map[string]any, error)
- func ReadableX509ExtKeyUsage(usages []x509.ExtKeyUsage) (usageNames []string)
- func ReadableX509KeyUsage(usage x509.KeyUsage) (usageNames []string)
- func Salt(length int) ([]byte, error)
- func SecureCipherSuites(filter func(*tls.CipherSuite) bool) []uint16
- func SignByECDSAWithSHA256(priKey *ecdsa.PrivateKey, content []byte) (r, s *big.Int, err error)
- func SignByECDSAWithSHA256AndBase64(priKey *ecdsa.PrivateKey, content []byte) (signature string, err error)
- func SignByRSAWithSHA256(priKey *rsa.PrivateKey, content []byte) ([]byte, error)
- func SignReaderByECDSAWithSHA256(priKey *ecdsa.PrivateKey, reader io.Reader) (r, s *big.Int, err error)
- func SignReaderByRSAWithSHA256(priKey *rsa.PrivateKey, reader io.Reader) (sig []byte, err error)
- func ValidatePasswordHash(hashedPassword, password []byte) bool
- func VerifyByECDSAWithSHA256(pubKey *ecdsa.PublicKey, content []byte, r, s *big.Int) bool
- func VerifyByECDSAWithSHA256AndBase64(pubKey *ecdsa.PublicKey, content []byte, signature string) (bool, error)
- func VerifyByRSAWithSHA256(pubKey *rsa.PublicKey, content []byte, sig []byte) error
- func VerifyCRL(ca *x509.Certificate, crl *x509.RevocationList) error
- func VerifyCRLPkix(ca *x509.Certificate, crl *pkix.CertificateList) error
- func VerifyCertByPrikey(certPem []byte, prikeyPem []byte) error
- func VerifyReaderByECDSAWithSHA256(pubKey *ecdsa.PublicKey, reader io.Reader, r, s *big.Int) (bool, error)
- func VerifyReaderByRSAWithSHA256(pubKey *rsa.PublicKey, reader io.Reader, sig []byte) error
- func X509CertSubjectKeyID(pubkey crypto.PublicKey) ([]byte, error)
- type AESEncryptFilesInDirOption
- type AesReaderWrapper
- type DHKX
- type DHKXOptionFunc
- type DefaultX509CertSerialNumGenerator
- type ECDSACurve
- type OTPAlgorithm
- type OTPArgs
- type OTPType
- type RSAPrikeyBits
- type SignCSROption
- func WithX509SerialNumGenerator(gen X509CertSerialNumberGenerator) SignCSROption
- func WithX509SignCSRCRLs(crlEndpoint ...string) SignCSROption
- func WithX509SignCSRExtKeyUsage(usage ...x509.ExtKeyUsage) SignCSROption
- func WithX509SignCSRIsCA() SignCSROption
- func WithX509SignCSRIsCRLCA() SignCSROption
- func WithX509SignCSRKeyUsage(usage ...x509.KeyUsage) SignCSROption
- func WithX509SignCSROCSPServers(ocsp ...string) SignCSROption
- func WithX509SignCSRPolicies(policies ...asn1.ObjectIdentifier) SignCSROption
- func WithX509SignCSRSeriaNumber(serialNumber *big.Int) SignCSROption
- func WithX509SignCSRValidFor(validFor time.Duration) SignCSROption
- func WithX509SignCSRValidFrom(validFrom time.Time) SignCSROption
- type TOTP
- type TOTPInterface
- type X509CRLOption
- type X509CSROption
- func WithX509CSRCommonName(commonName string) X509CSROption
- func WithX509CSRCountry(values ...string) X509CSROption
- func WithX509CSRDNSNames(dnsNames ...string) X509CSROption
- func WithX509CSREmailAddrs(emailAddresses ...string) X509CSROption
- func WithX509CSRIPAddrs(ipAddresses ...net.IP) X509CSROption
- func WithX509CSRLocality(l ...string) X509CSROption
- func WithX509CSROrganization(organization ...string) X509CSROption
- func WithX509CSROrganizationUnit(ou ...string) X509CSROption
- func WithX509CSRPostalCode(codes ...string) X509CSROption
- func WithX509CSRProvince(values ...string) X509CSROption
- func WithX509CSRPublicKeyAlgorithm(pubAlg x509.PublicKeyAlgorithm) X509CSROption
- func WithX509CSRSANS(sans ...string) X509CSROption
- func WithX509CSRSignatureAlgorithm(sigAlg x509.SignatureAlgorithm) X509CSROption
- func WithX509CSRStreetAddrs(addrs ...string) X509CSROption
- func WithX509CSRSubject(subject pkix.Name) X509CSROption
- func WithX509CSRURIs(uris ...*url.URL) X509CSROption
- type X509CertOption
- func WithX509CertCRLs(crlEndpoint ...string) X509CertOption
- func WithX509CertCommonName(commonName string) X509CertOption
- func WithX509CertCountry(values ...string) X509CertOption
- func WithX509CertDNSNames(dnsNames ...string) X509CertOption
- func WithX509CertEmailAddrs(emailAddresses ...string) X509CertOption
- func WithX509CertExtKeyUsage(usage ...x509.ExtKeyUsage) X509CertOption
- func WithX509CertIPAddrs(ipAddresses ...net.IP) X509CertOption
- func WithX509CertIsCA() X509CertOption
- func WithX509CertIsCRLCA() X509CertOption
- func WithX509CertKeyUsage(usage ...x509.KeyUsage) X509CertOption
- func WithX509CertLocality(l ...string) X509CertOption
- func WithX509CertOCSPServers(ocsp ...string) X509CertOption
- func WithX509CertOrganization(organization ...string) X509CertOption
- func WithX509CertOrganizationUnit(ou ...string) X509CertOption
- func WithX509CertParent(parent *x509.Certificate) X509CertOption
- func WithX509CertPolicies(policies ...asn1.ObjectIdentifier) X509CertOption
- func WithX509CertPostalCode(codes ...string) X509CertOption
- func WithX509CertProvince(values ...string) X509CertOption
- func WithX509CertPubkey(pubkey crypto.PublicKey) X509CertOption
- func WithX509CertPublicKeyAlgorithm(pubkeyAlg x509.PublicKeyAlgorithm) X509CertOption
- func WithX509CertSANS(sans ...string) X509CertOption
- func WithX509CertSeriaNumber(serialNumber *big.Int) X509CertOption
- func WithX509CertSerialNumGenerator(gen X509CertSerialNumberGenerator) X509CertOption
- func WithX509CertSignatureAlgorithm(sigAlg x509.SignatureAlgorithm) X509CertOption
- func WithX509CertStreetAddrs(addrs ...string) X509CertOption
- func WithX509CertURIs(uris ...*url.URL) X509CertOption
- func WithX509CertValidFor(validFor time.Duration) X509CertOption
- func WithX509CertValidFrom(validFrom time.Time) X509CertOption
- func WithX509Subject(subject pkix.Name) X509CertOption
- type X509CertSerialNumberGenerator
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AESEncryptFilesInDir ¶
func AESEncryptFilesInDir(dir string, secret []byte, opts ...AESEncryptFilesInDirOption) (err error)
AESEncryptFilesInDir encrypt files in dir
will generate new encrypted files with <suffix> after ext
xxx.toml -> xxx.toml.enc
func AesDecrypt ¶
AesDecrypt encrypt bytes by AES GCM
inspired by https://tutorialedge.net/golang/go-encrypt-decrypt-aes-tutorial/
The key argument should be 16, 24, or 32 bytes
func AesEncrypt ¶
AesEncrypt encrypt bytes by AES GCM
inspired by https://tutorialedge.net/golang/go-encrypt-decrypt-aes-tutorial/
The key argument should be the AES key, either 16, 24, or 32 bytes to select AES-128, AES-192, or AES-256.
func Base32Secret ¶ added in v3.2.0
Base32Secret generate base32 encoded secret
func CSR2Der ¶ added in v3.1.0
func CSR2Der(csr *x509.CertificateRequest) []byte
CSR2Der marshal csr to der
func CSRDer2Pem ¶ added in v3.1.0
CSRDer2Pem convert CSR in der to pem
func Cert2Pem ¶
func Cert2Pem(cert *x509.Certificate) []byte
Cert2Pem marshal x509 certificate to pem
func CertDer2Pem ¶
CertDer2Pem convert certificate in der to pem
func DecodeES256SignByBase64 ¶
DecodeES256SignByBase64 parse ecdsa signature string to two *big.Int
func DecodeES256SignByHex ¶
DecodeES256SignByHex parse ecdsa signature string to two *big.Int
func Der2CRLPkix ¶ added in v3.3.0
func Der2CRLPkix(crlBytes []byte) (*pkix.CertificateList, error)
Der2CRLPkix parse crl der or pem
func Der2Cert ¶
func Der2Cert(certInDer []byte) (*x509.Certificate, error)
Der2Cert parse sigle certificate in der
func Der2Certs ¶
func Der2Certs(certInDer []byte) ([]*x509.Certificate, error)
Der2Cert parse multiple certificates in der
func Der2Prikey ¶
func Der2Prikey(prikeyDer []byte) (crypto.PrivateKey, error)
Der2Prikey parse private key from der in x509 v8/v1
func Der2Pubkey ¶ added in v3.1.0
Der2Pubkey parse public key from der in x509 pkcs1/pkix
func DeriveKeyByHKDF ¶ added in v3.4.0
DeriveKeyByHKDF derive key by hkdf
func DeriveKeyBySMHF ¶ added in v3.4.0
DeriveKeyBySMHF derive key by Stronger Key Derivation via Sequential Memory-Hard Functions
func EncodeES256SignByBase64 ¶
EncodeES256SignByBase64 format ecdsa signature to stirng
func EncodeES256SignByHex ¶
EncodeES256SignByHex format ecdsa sign to stirng
func FormatBig2Base64 ¶
FormatBig2Base64 format big to base64 string
func GeneratePasswordHash ¶
GeneratePasswordHash generate hashed password by origin password
Example ¶
// generate hashed password rawPassword := []byte("1234567890") hashedPassword, err := GeneratePasswordHash(rawPassword) if err != nil { log.Shared.Error("try to generate password got error", zap.Error(err)) return } fmt.Printf("got new hashed pasword: %v\n", string(hashedPassword)) // validate passowrd if !ValidatePasswordHash(hashedPassword, rawPassword) { log.Shared.Error("password invalidate", zap.Error(err)) return }
Output:
func GetPubkeyFromPrikey ¶
func GetPubkeyFromPrikey(priv crypto.PrivateKey) crypto.PublicKey
GetPubkeyFromPrikey get pubkey from private key
func HKDFWithSHA256 ¶
HKDFWithSHA256 derivative keys by HKDF with sha256. same key & salt will derivative same keys
Example ¶
derivative multiple keys:
results := make([][]byte, 10) for i := range results { results[i] = make([]byte, 20) } HKDFWithSHA256([]byte("your key"), nil, nil, results)
func HashSHA128String ¶
HashSHA128String calculate string's hash by sha256
Example ¶
val := testhashraw got := HashSHA128String(val) log.Shared.Info("hash", zap.String("got", got))
Output:
func HashSHA256String ¶
HashSHA256String calculate string's hash by sha256
Example ¶
val := testhashraw got := HashSHA256String(val) log.Shared.Info("hash", zap.String("got", got))
Output:
func HashXxhashString ¶
HashXxhashString calculate string's hash by sha256
Example ¶
val := testhashraw got := HashXxhashString(val) log.Shared.Info("hash", zap.String("got", got))
Output:
func MatchPrefix ¶ added in v3.2.0
func MatchPrefix() func(o *oidContainsOption) error
MatchPrefix treat prefix inclusion as a match as well
`1.2.3` contains `1.2.3.4`
func NewECDSAPrikey ¶
func NewECDSAPrikey(curve ECDSACurve) (*ecdsa.PrivateKey, error)
NewECDSAPrikey new ecdsa private key
func NewEd25519Prikey ¶
func NewEd25519Prikey() (ed25519.PrivateKey, error)
NewEd25519Prikey new ed25519 private key
func NewRSAPrikey ¶
func NewRSAPrikey(bits RSAPrikeyBits) (*rsa.PrivateKey, error)
NewRSAPrikey new rsa privat ekey
func NewRSAPrikeyAndCert ¶
func NewRSAPrikeyAndCert(rsaBits RSAPrikeyBits, opts ...X509CertOption) (prikeyPem, certDer []byte, err error)
NewRSAPrikeyAndCert convient function to new rsa private key and cert
func NewX509CRL ¶
func NewX509CRL(ca *x509.Certificate, prikey crypto.PrivateKey, seriaNumber *big.Int, revokeCerts []pkix.RevokedCertificate, opts ...X509CRLOption) (crlDer []byte, err error)
NewX509CRL create and sign CRL
Args ¶
- ca: CA to sign CRL.
- prikey: prikey for CA.
- revokeCerts: certifacates that will be revoked.
- WithX509CertSeriaNumber() is required for NewX509CRL.
according to RFC5280 5.2.3, X.509 v3 CRL could have a monotonically increasing sequence number as serial number.
func NewX509CSR ¶
func NewX509CSR(prikey crypto.PrivateKey, opts ...X509CSROption) (csrDer []byte, err error)
NewX509CSR new CSR
Arguments ¶
if prikey is not RSA private key, you must set SignatureAlgorithm by WithX509CertSignatureAlgorithm.
Warning: CSR do not support set IsCA / KeyUsage / ExtKeyUsage, you should set these attributes in NewX509CertByCSR.
func NewX509Cert ¶
func NewX509Cert(prikey crypto.PrivateKey, opts ...X509CertOption) (certDer []byte, err error)
NewX509Cert new self sign tls cert
func NewX509CertByCSR ¶
func NewX509CertByCSR( ca *x509.Certificate, prikey crypto.PrivateKey, csrDer []byte, opts ...SignCSROption) (certDer []byte, err error)
NewX509CertByCSR sign CSR to certificate
Depends on RFC-5280 4.2.1.12, empty ext key usage is as same as any key usage. so do not set any default ext key usages.
but key usage is required in many cases:
func OIDContains ¶ added in v3.2.0
func OIDContains(oids []asn1.ObjectIdentifier, oid asn1.ObjectIdentifier, opts ...func(o *oidContainsOption) error) bool
OIDContains is oid in oids
func ParseBase642Big ¶
ParseBase642Big parse base64 string to big
func ParseHex2Big ¶
ParseHex2Big parse hex string to big
func Pem2CSR ¶ added in v3.1.0
func Pem2CSR(csrInPem []byte) (*x509.CertificateRequest, error)
Pem2CSR parse csr from pem
func Pem2Cert ¶
func Pem2Cert(certInPem []byte) (*x509.Certificate, error)
Pem2Cert parse single certificate in pem
func Pem2Certs ¶
func Pem2Certs(certInPem []byte) ([]*x509.Certificate, error)
Pem2Certs parse multiple certificate in pem
func Pem2Prikey ¶
func Pem2Prikey(x509v8Pem []byte) (crypto.PrivateKey, error)
Pem2Prikey parse private key from x509 v8(general) pem
func Pem2Pubkey ¶ added in v3.1.0
Pem2Pubkey parse public key from pem
func Prikey2Der ¶
func Prikey2Der(key crypto.PrivateKey) ([]byte, error)
Prikey2Der marshal private key by x509.8
func Prikey2Pem ¶
func Prikey2Pem(key crypto.PrivateKey) ([]byte, error)
Prikey2Pem marshal private key to pem
func PrikeyDer2Pem ¶
PrikeyDer2Pem convert private key in der to pem
func Privkey2Signer ¶
func Privkey2Signer(privkey crypto.PrivateKey) crypto.Signer
Privkey2Signer convert privkey to signer
func Pubkey2Der ¶ added in v3.1.0
Pubkey2Der marshal public key by pkix
func Pubkey2Pem ¶ added in v3.1.0
Pubkey2Pem marshal public key to pem
func PubkeyDer2Pem ¶ added in v3.1.0
PubkeyDer2Pem convert public key in der to pem
func RSADecrypt ¶ added in v3.1.0
func RSADecrypt(prikey *rsa.PrivateKey, cipher []byte) (plain []byte, err error)
RSADecrypt decrypt by rsa PKCS1v15
only accept cipher encrypted by RSAEncrypt
func RSADer2Prikey ¶
func RSADer2Prikey(x509v1Der []byte) (*rsa.PrivateKey, error)
RSADer2Prikey parse private key from x509 v1(rsa) der
func RSAPem2Prikey ¶
func RSAPem2Prikey(x509v1Pem []byte) (*rsa.PrivateKey, error)
RSAPem2Prikey parse private key from x509 v1(rsa) pem
func ReadableOIDs ¶ added in v3.3.2
func ReadableOIDs(oids []asn1.ObjectIdentifier) (names []string)
ReadableX509ExtKeyUsage convert objectids to readable strings
func ReadablePkixName ¶ added in v3.4.0
ReadablePkixName convert pkix.Name to readable map with strings
func ReadableX509Cert ¶ added in v3.3.2
func ReadableX509Cert(cert *x509.Certificate) (map[string]any, error)
ReadableX509Cert convert x509 certificate to readable jsonable map
func ReadableX509ExtKeyUsage ¶ added in v3.3.2
func ReadableX509ExtKeyUsage(usages []x509.ExtKeyUsage) (usageNames []string)
ReadableX509ExtKeyUsage convert x509 certificate ext key usages to readable strings
func ReadableX509KeyUsage ¶ added in v3.3.2
ReadableX509KeyUsage convert x509 certificate key usages to readable strings
func SecureCipherSuites ¶
func SecureCipherSuites(filter func(*tls.CipherSuite) bool) []uint16
SecureCipherSuites get golang built-in cipher suites without known insecure suites
func SignByECDSAWithSHA256 ¶
SignByECDSAWithSHA256 generate signature by ecdsa private key use sha256
Example ¶
priKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) if err != nil { log.Shared.Panic("generate key", zap.Error(err)) } priKey2, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) if err != nil { log.Shared.Panic("generate key", zap.Error(err)) } // case: correct key cnt := []byte("fjijf23lijfl23ijrl32jra9pfie9wpfi") r, s, err := SignByECDSAWithSHA256(priKey, cnt) if err != nil { log.Shared.Panic("sign", zap.Error(err)) } if !VerifyByECDSAWithSHA256(&priKey.PublicKey, cnt, r, s) { log.Shared.Panic("verify failed") } // generate string encoded := EncodeES256SignByBase64(r, s) if _, _, err = DecodeES256SignByBase64(encoded); err != nil { log.Shared.Panic("encode and decode", zap.Error(err)) } // case: incorrect cnt cnt = []byte("fjijf23lijfl23ijrl32jra9pfie9wpfi") r, s, err = SignByECDSAWithSHA256(priKey, cnt) if err != nil { log.Shared.Panic("sign", zap.Error(err)) } if VerifyByECDSAWithSHA256(&priKey.PublicKey, append(cnt, '2'), r, s) { log.Shared.Panic("should not verify") } // case: incorrect key r, s, err = SignByECDSAWithSHA256(priKey2, cnt) if err != nil { log.Shared.Panic("sign", zap.Error(err)) } if VerifyByECDSAWithSHA256(&priKey.PublicKey, cnt, r, s) { log.Shared.Panic("should not verify") }
Output:
func SignByECDSAWithSHA256AndBase64 ¶
func SignByECDSAWithSHA256AndBase64(priKey *ecdsa.PrivateKey, content []byte) (signature string, err error)
SignByECDSAWithSHA256AndBase64 generate signature by ecdsa private key use sha256
func SignByRSAWithSHA256 ¶
func SignByRSAWithSHA256(priKey *rsa.PrivateKey, content []byte) ([]byte, error)
SignByRSAWithSHA256 generate signature by rsa private key use sha256
func SignReaderByECDSAWithSHA256 ¶
func SignReaderByECDSAWithSHA256(priKey *ecdsa.PrivateKey, reader io.Reader) (r, s *big.Int, err error)
SignReaderByECDSAWithSHA256 generate signature by ecdsa private key use sha256
func SignReaderByRSAWithSHA256 ¶
SignReaderByRSAWithSHA256 generate signature by rsa private key use sha256
func ValidatePasswordHash ¶
ValidatePasswordHash validate password is match with hashedPassword
func VerifyByECDSAWithSHA256 ¶
VerifyByECDSAWithSHA256 verify signature by ecdsa public key use sha256
func VerifyByECDSAWithSHA256AndBase64 ¶
func VerifyByECDSAWithSHA256AndBase64(pubKey *ecdsa.PublicKey, content []byte, signature string) (bool, error)
VerifyByECDSAWithSHA256 verify signature by ecdsa public key use sha256
func VerifyByRSAWithSHA256 ¶
VerifyByRSAWithSHA256 verify signature by rsa public key use sha256
func VerifyCRL ¶
func VerifyCRL(ca *x509.Certificate, crl *x509.RevocationList) error
VerifyCRL verify crl by ca
func VerifyCRLPkix ¶ added in v3.3.0
func VerifyCRLPkix(ca *x509.Certificate, crl *pkix.CertificateList) error
VerifyCRLPkix verify crl by ca
func VerifyCertByPrikey ¶ added in v3.1.0
VerifyCertByPrikey verify cert by prikey
func VerifyReaderByECDSAWithSHA256 ¶
func VerifyReaderByECDSAWithSHA256(pubKey *ecdsa.PublicKey, reader io.Reader, r, s *big.Int) (bool, error)
VerifyReaderByECDSAWithSHA256 verify signature by ecdsa public key use sha256
func VerifyReaderByRSAWithSHA256 ¶
VerifyReaderByRSAWithSHA256 verify signature by rsa public key use sha256
func X509CertSubjectKeyID ¶ added in v3.3.2
X509CertSubjectKeyID generate subject key id for pubkey
if x509 certificate template is a CA, subject key id will generated by golang automatelly
Types ¶
type AESEncryptFilesInDirOption ¶
type AESEncryptFilesInDirOption func(*encryptFilesOption) error
AESEncryptFilesInDirOption options to encrypt files in dir
func WithAESFilesInDirFileExt ¶
func WithAESFilesInDirFileExt(ext string) AESEncryptFilesInDirOption
WithAESFilesInDirFileExt only encrypt files with specific ext
func WithAESFilesInDirFileSuffix ¶
func WithAESFilesInDirFileSuffix(suffix string) AESEncryptFilesInDirOption
WithAESFilesInDirFileSuffix will append to encrypted's filename as suffix
xxx.toml -> xxx.toml.enc
type AesReaderWrapper ¶
type AesReaderWrapper struct {
// contains filtered or unexported fields
}
AesReaderWrapper used to decrypt encrypted reader
func NewAesReaderWrapper ¶
func NewAesReaderWrapper(in io.Reader, key []byte) (*AesReaderWrapper, error)
NewAesReaderWrapper wrap reader by aes
type DHKX ¶
type DHKX struct {
// contains filtered or unexported fields
}
Diffie Hellman Key-exchange algorithm
https://pkg.go.dev/github.com/monnand/dhkx
Example ¶
alice, _ := NewDHKX() bob, _ := NewDHKX() alicePub := alice.PublicKey() bobPub := bob.PublicKey() aliceKey, _ := alice.GenerateKey(bobPub) bobKey, _ := bob.GenerateKey(alicePub) // aliceKey == bobKey
Example ¶
alice, _ := NewDHKX() bob, _ := NewDHKX() alicePub := alice.PublicKey() bobPub := bob.PublicKey() aliceKey, _ := alice.GenerateKey(bobPub) bobKey, _ := bob.GenerateKey(alicePub) fmt.Println(reflect.DeepEqual(aliceKey, bobKey))
Output: true
func NewDHKX ¶
func NewDHKX(optfs ...DHKXOptionFunc) (d *DHKX, err error)
NewDHKX create a new DHKX instance
each DHKX instance has it's unique group and private key
func (*DHKX) GenerateKey ¶
GenerateKey generate new key by peer's public key
each side of the DHKX exchange peers will generate the same key
key like:
60a425ca3a4cc313db9c113a0526f3809725305afc68e1accd0e653ae8d0182c6eb05557f4b5d094 f015972b9fda7d60c1b64d79f50baea7365d858ede0fb7a6571403d4b95f682144b56fa17ffcbe9e 70de69dc0045672696e683c423c5b3dfc02a6916be1e50c74e60353ec08a465cc124e8ca88337fb7 4a0370e17a7cedb0b1e76733f43ad3db9e3d29ab43c75686a8bc4a88ee46addbd1590c8277d1b1ef 42aded6cc0bfe0a7ff8933861dae772c755087f2a41021f4ca53867ba49797d111ef21b381cb6441 178f4ccd3748f8e7b1a12ec3799571a49fc0aa793c05ab6e228b559f1fda2912542d7246388ccec1 38b4d8ce9df4a32c198891c4e33b5034
type DHKXOptionFunc ¶
type DHKXOptionFunc func(*dhkxOption) error
DHKXOptionFunc optional func to set dhkx option
type DefaultX509CertSerialNumGenerator ¶ added in v3.5.0
type DefaultX509CertSerialNumGenerator struct {
// contains filtered or unexported fields
}
DefaultX509CertSerialNumGenerator default cert serial number generator base on epoch time and random int
func NewDefaultX509CertSerialNumGenerator ¶ added in v3.5.0
func NewDefaultX509CertSerialNumGenerator() (*DefaultX509CertSerialNumGenerator, error)
NewDefaultX509CertSerialNumGenerator new DefaultX509CertSerialNumGenerator
func (*DefaultX509CertSerialNumGenerator) SerialNum ¶ added in v3.5.0
func (g *DefaultX509CertSerialNumGenerator) SerialNum() int64
SerialNum get randon serial number
type ECDSACurve ¶
type ECDSACurve string
ECDSACurve algorithms
const ( // ECDSACurveP224 ecdsa with P224 // // Deprecated: use ECDSACurveP256 instead ECDSACurveP224 ECDSACurve = "P224" // ECDSACurveP256 ecdsa with P256 ECDSACurveP256 ECDSACurve = "P256" // ECDSACurveP384 ecdsa with P384 ECDSACurveP384 ECDSACurve = "P384" // ECDSACurveP521 ecdsa with P521 ECDSACurveP521 ECDSACurve = "P521" )
type OTPAlgorithm ¶ added in v3.2.0
type OTPAlgorithm string
OTPAlgorithm hash algorithm for otp
const ( // OTPAlgorithmSHA1 sha1 OTPAlgorithmSHA1 OTPAlgorithm = "sha1" )
type OTPArgs ¶ added in v3.2.0
type OTPArgs struct { // OtpType (readonly) otp type, must in totp/hotp OtpType OTPType // Base32Secret (required) the hotp/totp secret used to generate the URI // // genrate Base32Secret: // // Base32Secret([]byte("xxxxxx")) Base32Secret string // AccountName (optional) name of the account AccountName string // Authenticator (optional) the name of the OTP issuer; // this will be the organization title of the OTP entry in Authenticator IssuerName string // Algorithm (optional) the algorithm used in the OTP generation // // default to sha1 Algorithm OTPAlgorithm // InitialCount (optional) starting counter value. Only works for hotp InitialCount int // Digits (optional) the length of the OTP generated code. // // default to 6 Digits uint // PeriodSecs (optional) the number of seconds the OTP // generator is set to expire every code. // // default to 30 PeriodSecs uint }
OTPArgs arguments for OTP
func ParseOTPUri ¶ added in v3.2.0
ParseOTPUri parse otp uri to otp arguments
Args ¶
- uri: like `otpauth://totp/issuerName:demoAccountName?secret=4S62BZNFXXSZLCRO&issuer=issuerName`
type RSAPrikeyBits ¶
type RSAPrikeyBits int
RSAPrikeyBits width of rsa private key
const ( // RSAPrikeyBits2048 rsa private key with 2048 bits RSAPrikeyBits2048 RSAPrikeyBits = 2048 // RSAPrikeyBits3072 rsa private key with 3072 bits RSAPrikeyBits3072 RSAPrikeyBits = 3072 // RSAPrikeyBits4096 rsa private key with 4096 bits RSAPrikeyBits4096 RSAPrikeyBits = 4096 )
type SignCSROption ¶ added in v3.3.0
type SignCSROption func(*signCSROption) error
SignCSROption options for create certificate from CRL
func WithX509SerialNumGenerator ¶ added in v3.5.0
func WithX509SerialNumGenerator(gen X509CertSerialNumberGenerator) SignCSROption
WithX509SerialNumGenerator set serial number generator
func WithX509SignCSRCRLs ¶ added in v3.3.0
func WithX509SignCSRCRLs(crlEndpoint ...string) SignCSROption
WithX509SignCSRCRLs add crl endpoints
func WithX509SignCSRExtKeyUsage ¶ added in v3.3.0
func WithX509SignCSRExtKeyUsage(usage ...x509.ExtKeyUsage) SignCSROption
WithX509SignCSRExtKeyUsage add ext key usage
func WithX509SignCSRIsCA ¶ added in v3.3.0
func WithX509SignCSRIsCA() SignCSROption
WithX509SignCSRIsCA set is ca
func WithX509SignCSRIsCRLCA ¶ added in v3.3.0
func WithX509SignCSRIsCRLCA() SignCSROption
WithX509SignCSRIsCRLCA set is ca to sign CRL
func WithX509SignCSRKeyUsage ¶ added in v3.3.0
func WithX509SignCSRKeyUsage(usage ...x509.KeyUsage) SignCSROption
WithX509SignCSRKeyUsage add key usage
func WithX509SignCSROCSPServers ¶ added in v3.3.0
func WithX509SignCSROCSPServers(ocsp ...string) SignCSROption
WithX509SignCSROCSPServers set ocsp servers
func WithX509SignCSRPolicies ¶ added in v3.3.0
func WithX509SignCSRPolicies(policies ...asn1.ObjectIdentifier) SignCSROption
WithX509SignCSRPolicies set certificate policies
func WithX509SignCSRSeriaNumber ¶ added in v3.3.0
func WithX509SignCSRSeriaNumber(serialNumber *big.Int) SignCSROption
WithX509SignCSRSeriaNumber set certificate/CRL's serial number
refer to RFC-5280 5.2.3 &
Args ¶
seriaNumber:
- (optional): generate certificate
- (required): generate CRL
func WithX509SignCSRValidFor ¶ added in v3.3.0
func WithX509SignCSRValidFor(validFor time.Duration) SignCSROption
WithX509SignCSRValidFor set valid for duration
func WithX509SignCSRValidFrom ¶ added in v3.3.0
func WithX509SignCSRValidFrom(validFrom time.Time) SignCSROption
WithX509SignCSRValidFrom set valid from
type TOTP ¶ added in v3.2.0
type TOTP struct {
// contains filtered or unexported fields
}
TOTP time-based OTP
type TOTPInterface ¶ added in v3.2.0
type TOTPInterface interface { // Key generate key by totp Key() string // KeyAt generate key by totp at arbitraty time KeyAt(at time.Time) string // URI build uri for otp arguments URI() string }
TOTPInterface interface for TOTP
type X509CRLOption ¶ added in v3.3.2
type X509CRLOption func(*x509CRLOption) error
X509CRLOption options for create x509 CRL
type X509CSROption ¶ added in v3.3.0
type X509CSROption func(*x509CSROption) error
X509CSROption option to generate tls certificate
func WithX509CSRCommonName ¶ added in v3.3.0
func WithX509CSRCommonName(commonName string) X509CSROption
WithX509CSRCommonName set common name
func WithX509CSRCountry ¶ added in v3.3.0
func WithX509CSRCountry(values ...string) X509CSROption
WithX509CSRCountry set subject countries
func WithX509CSRDNSNames ¶ added in v3.3.2
func WithX509CSRDNSNames(dnsNames ...string) X509CSROption
WithX509CSRDNSNames set dns sans
func WithX509CSREmailAddrs ¶ added in v3.3.2
func WithX509CSREmailAddrs(emailAddresses ...string) X509CSROption
WithX509CSREmailAddrs set email sans
func WithX509CSRIPAddrs ¶ added in v3.3.2
func WithX509CSRIPAddrs(ipAddresses ...net.IP) X509CSROption
WithX509CSRIPAddrs set ip sans
func WithX509CSRLocality ¶ added in v3.3.0
func WithX509CSRLocality(l ...string) X509CSROption
WithX509CSRLocality set subject localities
func WithX509CSROrganization ¶ added in v3.3.0
func WithX509CSROrganization(organization ...string) X509CSROption
WithX509CSROrganization set organization
func WithX509CSROrganizationUnit ¶ added in v3.3.0
func WithX509CSROrganizationUnit(ou ...string) X509CSROption
WithX509CSROrganizationUnit set organization units
func WithX509CSRPostalCode ¶ added in v3.3.0
func WithX509CSRPostalCode(codes ...string) X509CSROption
WithX509CSRPostalCode set subjuect postal codes
func WithX509CSRProvince ¶ added in v3.3.0
func WithX509CSRProvince(values ...string) X509CSROption
WithX509CSRProvince set subject provinces
func WithX509CSRPublicKeyAlgorithm ¶ added in v3.3.0
func WithX509CSRPublicKeyAlgorithm(pubAlg x509.PublicKeyAlgorithm) X509CSROption
WithX509CSRPublicKeyAlgorithm set signature algorithm
func WithX509CSRSANS ¶ added in v3.3.0
func WithX509CSRSANS(sans ...string) X509CSROption
WithX509CertSANS set certificate SANs
refer to RFC-5280 4.2.1.6
auto WithX509CSRSANS to ip/email/url/dns
func WithX509CSRSignatureAlgorithm ¶ added in v3.3.0
func WithX509CSRSignatureAlgorithm(sigAlg x509.SignatureAlgorithm) X509CSROption
WithX509CSRSignatureAlgorithm set signature algorithm
func WithX509CSRStreetAddrs ¶ added in v3.3.0
func WithX509CSRStreetAddrs(addrs ...string) X509CSROption
WithX509CSRStreetAddrs set subjuect street addresses
func WithX509CSRSubject ¶ added in v3.3.2
func WithX509CSRSubject(subject pkix.Name) X509CSROption
WithX509CSRSubject set subject name
func WithX509CSRURIs ¶ added in v3.3.2
func WithX509CSRURIs(uris ...*url.URL) X509CSROption
WithX509CSRURIs set uri sans
type X509CertOption ¶
type X509CertOption func(*x509V3CertOption) error
X509CertOption option to generate tls certificate
func WithX509CertCRLs ¶ added in v3.2.0
func WithX509CertCRLs(crlEndpoint ...string) X509CertOption
WithX509CertCRLs add crl endpoints
func WithX509CertCommonName ¶
func WithX509CertCommonName(commonName string) X509CertOption
WithX509CertCommonName set common name
func WithX509CertCountry ¶ added in v3.3.0
func WithX509CertCountry(values ...string) X509CertOption
WithX509CertCountry set subject countries
func WithX509CertDNSNames ¶ added in v3.3.2
func WithX509CertDNSNames(dnsNames ...string) X509CertOption
WithX509CertDNSNames set dns sans
func WithX509CertEmailAddrs ¶ added in v3.3.2
func WithX509CertEmailAddrs(emailAddresses ...string) X509CertOption
WithX509CertEmailAddrs set email sans
func WithX509CertExtKeyUsage ¶ added in v3.3.0
func WithX509CertExtKeyUsage(usage ...x509.ExtKeyUsage) X509CertOption
WithX509CertExtKeyUsage add ext key usage
func WithX509CertIPAddrs ¶ added in v3.3.2
func WithX509CertIPAddrs(ipAddresses ...net.IP) X509CertOption
WithX509CertIPAddrs set ip sans
func WithX509CertIsCRLCA ¶ added in v3.1.2
func WithX509CertIsCRLCA() X509CertOption
WithX509CertIsCRLCA set is ca to sign CRL
func WithX509CertKeyUsage ¶ added in v3.1.2
func WithX509CertKeyUsage(usage ...x509.KeyUsage) X509CertOption
WithX509CertKeyUsage add key usage
func WithX509CertLocality ¶ added in v3.1.0
func WithX509CertLocality(l ...string) X509CertOption
WithX509CertLocality set subject localities
func WithX509CertOCSPServers ¶ added in v3.2.0
func WithX509CertOCSPServers(ocsp ...string) X509CertOption
WithX509CertOCSPServers set ocsp servers
func WithX509CertOrganization ¶
func WithX509CertOrganization(organization ...string) X509CertOption
WithX509CertOrganization set organization
func WithX509CertOrganizationUnit ¶ added in v3.1.0
func WithX509CertOrganizationUnit(ou ...string) X509CertOption
WithX509CertOrganizationUnit set organization unit
func WithX509CertParent ¶ added in v3.3.2
func WithX509CertParent(parent *x509.Certificate) X509CertOption
WithX509CertParent set issuer
func WithX509CertPolicies ¶ added in v3.2.0
func WithX509CertPolicies(policies ...asn1.ObjectIdentifier) X509CertOption
WithX509CertPolicies set certificate policies
func WithX509CertPostalCode ¶ added in v3.3.0
func WithX509CertPostalCode(codes ...string) X509CertOption
WithX509CertPostalCode set subjuect postal codes
func WithX509CertProvince ¶ added in v3.3.0
func WithX509CertProvince(values ...string) X509CertOption
WithX509CertProvince set subject provinces
func WithX509CertPubkey ¶ added in v3.3.2
func WithX509CertPubkey(pubkey crypto.PublicKey) X509CertOption
WithX509CertPubkey set new certs' pubkey
func WithX509CertPublicKeyAlgorithm ¶ added in v3.3.2
func WithX509CertPublicKeyAlgorithm(pubkeyAlg x509.PublicKeyAlgorithm) X509CertOption
WithX509CertPublicKeyAlgorithm set signature algorithm
func WithX509CertSANS ¶ added in v3.1.2
func WithX509CertSANS(sans ...string) X509CertOption
WithX509CertSANS set certificate SANs
refer to RFC-5280 4.2.1.6
auto parse to ip/email/url/dns
func WithX509CertSeriaNumber ¶ added in v3.2.0
func WithX509CertSeriaNumber(serialNumber *big.Int) X509CertOption
WithX509CertSeriaNumber set certificate/CRL's serial number
refer to RFC-5280 5.2.3 &
Args ¶
seriaNumber:
- (optional): generate certificate
- (required): generate CRL
func WithX509CertSerialNumGenerator ¶ added in v3.5.0
func WithX509CertSerialNumGenerator(gen X509CertSerialNumberGenerator) X509CertOption
WithX509CertSerialNumGenerator set serial number generator
func WithX509CertSignatureAlgorithm ¶
func WithX509CertSignatureAlgorithm(sigAlg x509.SignatureAlgorithm) X509CertOption
WithX509CertSignatureAlgorithm set signature algorithm
func WithX509CertStreetAddrs ¶ added in v3.3.0
func WithX509CertStreetAddrs(addrs ...string) X509CertOption
WithX509CertStreetAddrs set subjuect street addresses
func WithX509CertURIs ¶ added in v3.3.2
func WithX509CertURIs(uris ...*url.URL) X509CertOption
WithX509CertURIs set uri sans
func WithX509CertValidFor ¶
func WithX509CertValidFor(validFor time.Duration) X509CertOption
WithX509CertValidFor set valid for duration
func WithX509CertValidFrom ¶
func WithX509CertValidFrom(validFrom time.Time) X509CertOption
WithX509CertValidFrom set valid from
func WithX509Subject ¶ added in v3.3.2
func WithX509Subject(subject pkix.Name) X509CertOption
WithX509Subject set subject name
type X509CertSerialNumberGenerator ¶ added in v3.5.0
type X509CertSerialNumberGenerator interface {
SerialNum() int64
}
X509CertSerialNumberGenerator x509 certificate serial number generator