Documentation ¶
Overview ¶
Package crypto includes common cryptography helpers.
They typically make using the stdlib functions more ergonomic, and do not seek to invent new methods for encrypting or decrypting data.
Index ¶
- Constants
- func CreateKey(keySize int) ([]byte, error)
- func CreateKeyString(keySize int) (string, error)
- func Decrypt(key, cipherText []byte) ([]byte, error)
- func Encrypt(key, plainText []byte) ([]byte, error)
- func HMAC256(key, plainText []byte) []byte
- func HMAC512(key, plainText []byte) []byte
- func HashPassword(password string) (string, error)
- func MustCreateKey(keySize int) []byte
- func MustCreateKeyString(keySize int) string
- func ParseKey(key string) ([]byte, error)
- func PasswordMatchesHash(password string, hash string) bool
- type LocalTransit
- type LocalTransitOption
- type StreamDecrypter
- type StreamEncrypter
- type StreamMeta
Constants ¶
const ( // DefaultKeySize is the size of keys to generate for client use. DefaultKeySize = 32 // KeyVersionSize is the size of the key version prefix. KeyVersionSize = (4 + 2 + 2 + 1) // YYYY + MM + DD + : // IVSize is the size of the IV prefix. IVSize = aes.BlockSize // HashSize is the size of the hash prefix. HashSize = 32 // reasons. )
Important constants.
Variables ¶
This section is empty.
Functions ¶
func CreateKey ¶
CreateKey creates a key of a given size by reading that much data off the crypto/rand reader.
func CreateKeyString ¶
CreateKeyString generates a new key and returns it as a string.
func HashPassword ¶ added in v1.20210103.1
HashPassword uses bcrypt to generate a salted hash for the provided password
func MustCreateKey ¶
MustCreateKey creates a key, if an error is returned, it panics.
func MustCreateKeyString ¶
MustCreateKeyString generates a new key and returns it as a string.
func PasswordMatchesHash ¶ added in v1.20210103.1
PasswordMatchesHash checks whether the provided password matches the provided hash
Types ¶
type LocalTransit ¶
LocalTransit is a local transit encrypter and decrypter.
func NewLocalTransit ¶
func NewLocalTransit(options ...LocalTransitOption) LocalTransit
NewLocalTransit returns a new manager.
func (LocalTransit) Decrypt ¶
Decrypt reads a source stream and encrypts it to the destination stream.
type LocalTransitOption ¶
type LocalTransitOption func(*LocalTransit)
LocalTransitOption is an option for local transit types.
func OptLocalTransitContextProvider ¶
func OptLocalTransitContextProvider(provider func() string) LocalTransitOption
OptLocalTransitContextProvider is a local transit option..
func OptLocalTransitKey ¶
func OptLocalTransitKey(key []byte) LocalTransitOption
OptLocalTransitKey is a local transit option..
func OptLocalTransitKeyProvider ¶
func OptLocalTransitKeyProvider(provider func(string) ([]byte, error)) LocalTransitOption
OptLocalTransitKeyProvider is a local transit option..
type StreamDecrypter ¶
type StreamDecrypter struct { Source io.Reader Block cipher.Block Stream cipher.Stream Mac hash.Hash Meta StreamMeta }
StreamDecrypter is a decrypter for a stream of data with authentication
func NewStreamDecrypter ¶
func NewStreamDecrypter(key []byte, meta StreamMeta, cipherText io.Reader) (*StreamDecrypter, error)
NewStreamDecrypter creates a new stream decrypter
func (*StreamDecrypter) Authenticate ¶
func (s *StreamDecrypter) Authenticate() error
Authenticate verifys that the hash of the stream is correct. This should only be called after processing is finished
type StreamEncrypter ¶
type StreamEncrypter struct { Source io.Reader Block cipher.Block Stream cipher.Stream Mac hash.Hash IV []byte }
StreamEncrypter is an encrypter for a stream of data with authentication
func NewStreamEncrypter ¶
func NewStreamEncrypter(key []byte, plainText io.Reader) (*StreamEncrypter, error)
NewStreamEncrypter creates a new stream encrypter
func (*StreamEncrypter) Meta ¶
func (s *StreamEncrypter) Meta() StreamMeta
Meta returns the encrypted stream metadata for use in decrypting. This should only be called after the stream is finished
type StreamMeta ¶
type StreamMeta struct { // IV is the initial value for the crypto function IV []byte // Hash is the sha256 hmac of the stream Hash []byte }
StreamMeta is metadata about an encrypted stream