Documentation
¶
Index ¶
- func DecodeRsaPrivateKey(privateKeyPEM []byte) (*rsa.PrivateKey, error)
- func DecodeRsaPublicKey(publicKeyPEM []byte) (*rsa.PublicKey, error)
- func EncryptAESGCM(cek, plaintext, aad []byte) (ciphertext, nonce, authTag []byte, err error)
- func GenerateSha1Hash(data []byte) (string, error)
- func HashPassword(password []byte) ([]byte, error)
- func PasswordHashMatch(hashedPassword []byte, password []byte) (bool, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DecodeRsaPrivateKey ¶ added in v0.5.0
func DecodeRsaPrivateKey(privateKeyPEM []byte) (*rsa.PrivateKey, error)
DecodeRsaPrivateKey decodes an RSA private key from its PEM-encoded representation.
Parameters:
- privateKeyPEM: A byte slice containing the PEM-encoded RSA private key.
Returns:
- A pointer to an `rsa.PrivateKey` structure representing the decoded private key.
- An error if there was any issue during the decoding process, such as failure to parse the PEM block or invalid private key format.
This function performs the following steps:
- Decodes the PEM block from the input byte slice using `pem.Decode`.
- Checks if a valid PEM block was found. If not, it returns an error.
- Parses the private key from the decoded PEM block using `x509.ParsePKCS8PrivateKey`.
- Asserts that the parsed key is of type `*rsa.PrivateKey`.
- Returns the extracted RSA private key and a nil error if successful, or a nil key and the corresponding error if there was an issue.
func DecodeRsaPublicKey ¶ added in v0.5.0
DecodeRsaPublicKey decodes an RSA public key from its PEM-encoded representation.
Parameters: - publicKeyPEM: A byte slice containing the PEM-encoded RSA public key.
Returns:
- A pointer to an `rsa.PublicKey` structure representing the decoded public key.
- An error if there was any issue during the decoding process, such as failure to parse the PEM block or invalid public key format.
This function performs the following steps:
- Decodes the PEM block from the input byte slice using `pem.Decode`.
- Checks if a valid PEM block was found. If not, it returns an error.
- Parses the public key from the decoded PEM block using `x509.ParsePKIXPublicKey`.
- Asserts that the parsed key is of type `*rsa.PublicKey`.
- Returns the extracted RSA public key and a nil error if successful, or a nil key and the corresponding error if there was an issue.
func EncryptAESGCM ¶ added in v0.5.0
EncryptAESGCM encrypts the given plaintext using AES in GCM mode.
Parameters:
- cek: The Content Encryption Key (CEK) used for encryption.
- plaintext: The data to be encrypted.
- aad: Additional authenticated data (AAD) to be included in the encryption process but not encrypted itself. This provides additional integrity protection.
Returns: - ciphertext: The encrypted data. - nonce: The unique initialization vector (IV) used for this encryption. - authTag: The authentication tag generated during encryption, used for verifying data integrity and authenticity. - err: An error if any occurred during the encryption process.
This function performs the following steps: 1. Creates a new AES cipher block using the provided CEK. 2. Creates a GCM cipher instance using the AES block. 3. Generates a random nonce of the appropriate size. 4. Encrypts the plaintext along with the AAD using the GCM cipher, producing ciphertext and an authentication tag. 5. Extracts the ciphertext and authentication tag from the combined output. 6. Returns the ciphertext, nonce, authentication tag, and any potential error.
func GenerateSha1Hash ¶
GenerateSha1Hash calculates the SHA-1 hash of the provided data.
Parameters:
- data: The byte slice containing the data to be hashed.
Returns:
- A string representing the hexadecimal encoding of the SHA-1 hash.
- An error if there's an issue writing the data to the hash function.
This function creates a new SHA-1 hash instance, writes the input data to it, and then returns the hexadecimal representation of the resulting hash. If an error occurs during the write operation, it returns an empty string and the error.
func HashPassword ¶
HashPassword securely hashes the given password using bcrypt.
Parameters:
- password: A byte slice containing the plaintext password to be hashed.
Returns:
- A byte slice containing the bcrypt hash of the password.
- An error if the hashing process fails.
This function utilizes the bcrypt library to generate a secure hash of the provided password. It employs the `bcrypt.DefaultCost` for the cost parameter, which determines the computational complexity of the hashing process. A higher cost results in a stronger hash but also takes longer to compute. If an error occurs during the hashing process, it returns a nil slice and the corresponding error. Otherwise, it returns the hashed password and a nil error.
func PasswordHashMatch ¶
PasswordHashMatch verifies if a plaintext password matches a given bcrypt hash.
Parameters: - hashedPassword: A byte slice containing the bcrypt hash to be compared against. - password: A byte slice containing the plaintext password to be checked.
Returns: - A boolean value indicating whether the password matches the hash (true) or not (false). - An error if there's an issue during the comparison process, or if the password doesn't match the hash.
This function uses the `bcrypt.CompareHashAndPassword` function to securely compare the provided plaintext password against the given bcrypt hash. It handles potential errors that might occur during the comparison. If the password matches the hash, it returns 'true' and a nil error. If the password doesn't match or there's any other error, it returns 'false' along with the corresponding error.
Types ¶
This section is empty.
Source Files