Documentation ¶
Index ¶
- Variables
- func DecodeAndVerifyToken(tokenStr string, key []byte, lifetime time.Duration) (data []byte, err error)
- func Decrypt(cipherText, key []byte) (plainText []byte, err error)
- func DecryptFromString(cipherTextStr string, key []byte) ([]byte, error)
- func Encrypt(plainText, key []byte) (cipherText []byte, err error)
- func EncryptToString(plainText, key []byte) (string, error)
- func GenerateRandomString(length int) (string, error)
- func GenerateToken(data, key []byte) (tokenStr string, err error)
- func Hash(data ...interface{}) ([]byte, error)
- func HashToString(data ...interface{}) (string, error)
- func PassphraseToKey(passphrase string) (key []byte)
- func Seal(plainText, key []byte) (cipherText []byte, err error)
- func SealToString(plainText, key []byte) (string, error)
- func Unseal(cipherText, key []byte) (plainText []byte, err error)
- func UnsealFromString(cipherTextStr string, key []byte) ([]byte, error)
- type Hasher
Constants ¶
This section is empty.
Variables ¶
var ( // ErrCipherTooShort occurs when `Decrypt` does not // have input of enough length to decrypt using AES256 ErrCipherTooShort = errors.New("crypto: cipher plainText is too short for AES encryption") // ErrCorruptedMessage occurs when an attempt of unsealing a message // does not pass the authentication check ErrCorruptedMessage = errors.New("crypto: the message didn't pass the authentication check") )
var ( // ErrTokenExpired occurs when the token lifetime is exceeded ErrTokenExpired = errors.New("crypto: token expired") )
Functions ¶
func DecodeAndVerifyToken ¶
func DecodeAndVerifyToken(tokenStr string, key []byte, lifetime time.Duration) (data []byte, err error)
DecodeAndVerify unseals the token and verifies its lifetime
func DecryptFromString ¶
DecryptFromString decrypts a string with a key
func EncryptToString ¶
EncryptToString encrypts content with a key using AES256 and encodes it to a hexadecimal string
func GenerateRandomString ¶
GenerateRandomString generates a random string with a given length
func GenerateToken ¶
GenerateToken generates a sealed token with a given ID and timestamp for future verification.
func Hash ¶ added in v2.0.1
Hash is a convenience function calling the default hasher WARNING: only pass in data that is json-marshalable. If not, the worst case scenario is that you passed in data with circular references and this will just blow up your CPU
func HashToString ¶ added in v2.0.1
HashToString is a convenience function calling the default hasher and encoding the result as hex string
func PassphraseToKey ¶
PassphraseToKey converts a string to a key for encryption.
This function must be used STRICTLY ONLY for generating an encryption key out of a passphrase. Please don't use this function for hashing user-provided values. It uses SHA2 for simplicity and it's faster but less secure than SHA3. User-provided data should use SHA3 or bcrypt.
func Seal ¶
Seal implements authenticated encryption using the MAC-then-Encrypt (MtE) approach. It's using SHA3-256 for MAC and AES256 CFB for encryption. https://en.wikipedia.org/wiki/Authenticated_encryption#MAC-then-Encrypt_(MtE)
func SealToString ¶
SealToString runs `Seal` and then encodes the result into base64.