crypto

package
v0.13.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 26, 2024 License: Apache-2.0 Imports: 18 Imported by: 8

Documentation

Index

Constants

View Source 
const (
	Algorithm_A128CBC        = "A128CBC"        // Encryption: AES-CBC, 128-bit key, with PKCS#7 padding
	Algorithm_A192CBC        = "A192CBC"        // Encryption: AES-CBC, 192-bit key, with PKCS#7 padding
	Algorithm_A256CBC        = "A256CBC"        // Encryption: AES-CBC, 256-bit key, with PKCS#7 padding
	Algorithm_A128CBC_NOPAD  = "A128CBC-NOPAD"  // Encryption: AES-CBC, 128-bit key, no padding
	Algorithm_A192CBC_NOPAD  = "A192CBC-NOPAD"  // Encryption: AES-CBC, 192-bit key, no padding
	Algorithm_A256CBC_NOPAD  = "A256CBC-NOPAD"  // Encryption: AES-CBC, 256-bit key, no padding
	Algorithm_A128GCM        = "A128GCM"        // Encryption: AES-GCM, 128-bit key
	Algorithm_A192GCM        = "A192GCM"        // Encryption: AES-GCM, 192-bit key
	Algorithm_A256GCM        = "A256GCM"        // Encryption: AES-GCM, 256-bit key
	Algorithm_A128CBC_HS256  = "A128CBC-HS256"  // Encryption: AES-CBC + HMAC-SHA256, 128-bit key
	Algorithm_A192CBC_HS384  = "A192CBC-HS384"  // Encryption: AES-CBC + HMAC-SHA384, 192-bit key
	Algorithm_A256CBC_HS512  = "A256CBC-HS512"  // Encryption: AES-CBC + HMAC-SHA512, 256-bit key
	Algorithm_A128KW         = "A128KW"         // Encryption: AES Key Wrap (RFC 3394), 128-bit key
	Algorithm_A192KW         = "A192KW"         // Encryption: AES Key Wrap (RFC 3394), 192-bit key
	Algorithm_A256KW         = "A256KW"         // Encryption: AES Key Wrap (RFC 3394), 256-bit key
	Algorithm_A128GCMKW      = "A128GCMKW"      // Encryption: AES-GCM key wrap, 128-bit key
	Algorithm_A192GCMKW      = "A192GCMKW"      // Encryption: AES-GCM key wrap, 192-bit key
	Algorithm_A256GCMKW      = "A256GCMKW"      // Encryption: AES-GCM key wrap, 256-bit key
	Algorithm_C20P           = "C20P"           // Encryption: ChaCha20-Poly1305, 96-bit IV
	Algorithm_XC20P          = "XC20P"          // Encryption: XChaCha20-Poly1305, 192-bit IV
	Algorithm_C20PKW         = "C20PKW"         // Encryption: ChaCha20-Poly1305 key wrap, 96-bit IV
	Algorithm_XC20PKW        = "XC20PKW"        // Encryption: XChaCha20-Poly1305 key wrap, 192-bit IV
	Algorithm_ECDH_ES        = "ECDH-ES"        // Encryption: ECDH-ES
	Algorithm_ECDH_ES_A128KW = "ECDH-ES+A128KW" // Encryption: ECDH-ES + AES key wrap, 128-bit key
	Algorithm_ECDH_ES_A192KW = "ECDH-ES+A192KW" // Encryption: ECDH-ES + AES key wrap, 192-bit key
	Algorithm_ECDH_ES_A256KW = "ECDH-ES+A256KW" // Encryption: ECDH-ES + AES key wrap, 256-bit key
	Algorithm_RSA1_5         = "RSA1_5"         // Encryption: RSA-PKCS1v1.5
	Algorithm_RSA_OAEP       = "RSA-OAEP"       // Encryption: RSA-OAEP with SHA1 hash
	Algorithm_RSA_OAEP_256   = "RSA-OAEP-256"   // Encryption: RSA-OAEP with SHA256 hash
	Algorithm_RSA_OAEP_384   = "RSA-OAEP-384"   // Encryption: RSA-OAEP with SHA384 hash
	Algorithm_RSA_OAEP_512   = "RSA-OAEP-512"   // Encryption: RSA-OAEP with SHA512 hash
	Algorithm_ES256          = "ES256"          // Signature: ECDSA using P-256 and SHA-256
	Algorithm_ES384          = "ES384"          // Signature: ECDSA using P-384 and SHA-384
	Algorithm_ES512          = "ES512"          // Signature: ECDSA using P-521 and SHA-512
	Algorithm_EdDSA          = "EdDSA"          // Signature: EdDSA signature algorithms
	Algorithm_HS256          = "HS256"          // Signature: HMAC using SHA-256
	Algorithm_HS384          = "HS384"          // Signature: HMAC using SHA-384
	Algorithm_HS512          = "HS512"          // Signature: HMAC using SHA-512
	Algorithm_PS256          = "PS256"          // Signature: RSASSA-PSS using SHA256 and MGF1-SHA256
	Algorithm_PS384          = "PS384"          // Signature: RSASSA-PSS using SHA384 and MGF1-SHA384
	Algorithm_PS512          = "PS512"          // Signature: RSASSA-PSS using SHA512 and MGF1-SHA512
	Algorithm_RS256          = "RS256"          // Signature: RSASSA-PKCS-v1.5 using SHA-256
	Algorithm_RS384          = "RS384"          // Signature: RSASSA-PKCS-v1.5 using SHA-384
	Algorithm_RS512          = "RS512"          // Signature: RSASSA-PKCS-v1.5 using SHA-512
)

Algorithms

Variables

View Source 
var (
	// ErrUnsupportedAlgorithm is returned when the algorithm is unsupported.
	ErrUnsupportedAlgorithm = errors.New("unsupported algorithm")
	// ErrKeyTypeMismatch is returned when the key type doesn't match the requested algorithm.
	ErrKeyTypeMismatch = errors.New("key type mismatch")
	// ErrInvalidNonce is returned when the nonce isn't valid for the requested operation.
	ErrInvalidNonce = errors.New("invalid nonce")
	// ErrInvalidTag is returned when the authentication tag is not of the required format (before the message is attempted to be opened).
	ErrInvalidTag = errors.New("invalid tag")
	// ErrInvalidPlaintextLength is returned when the plaintext's length is invalid.
	ErrInvalidPlaintextLength = errors.New("invalid plaintext length")
	// ErrInvalidCiphertextLength is returned when the ciphertext's length is invalid.
	ErrInvalidCiphertextLength = errors.New("invalid ciphertext length")
)

Errors

Functions

func Decrypt 

func Decrypt(ciphertext []byte, algorithm string, key jwk.Key, nonce []byte, tag []byte, associatedData []byte) (plaintext []byte, err error)

Decrypt a message using the given algorithm and key, supporting both symmetric and asymmetric ciphers.

func DecryptPrivateKey 

func DecryptPrivateKey(ciphertext []byte, algorithm string, key jwk.Key, associatedData []byte) (plaintext []byte, err error)

DecryptPrivateKey decrypts a message using a private key and the specified algorithm. Note that "associatedData" is ignored if the cipher does not support labels/AAD.

func DecryptSymmetric 

func DecryptSymmetric(ciphertext []byte, algorithm string, key jwk.Key, nonce []byte, tag []byte, associatedData []byte) (plaintext []byte, err error)

DecryptSymmetric decrypts an encrypted message using a symmetric key and the specified algorithm. Note that "associatedData" is ignored if the cipher does not support labels/AAD.

func Encrypt 

func Encrypt(plaintext []byte, algorithm string, key jwk.Key, nonce []byte, associatedData []byte) (ciphertext []byte, tag []byte, err error)

Encrypt a message using the given algorithm and key, supporting both symmetric and asymmetric ciphers.

func EncryptPublicKey 

func EncryptPublicKey(plaintext []byte, algorithm string, key jwk.Key, associatedData []byte) (ciphertext []byte, err error)

EncryptPublicKey encrypts a message using a public key and the specified algorithm. Note that "associatedData" is ignored if the cipher does not support labels/AAD.

func EncryptSymmetric 

func EncryptSymmetric(plaintext []byte, algorithm string, key jwk.Key, nonce []byte, associatedData []byte) (ciphertext []byte, tag []byte, err error)

EncryptSymmetric encrypts a message using a symmetric key and the specified algorithm. Note that "associatedData" is ignored if the cipher does not support labels/AAD.

func ParseKey 

func ParseKey(raw []byte, contentType string) (jwk.Key, error)

ParseKey takes a byte slice and returns a key (public, private, symmetric) after determining its type. It supports keys represented as JWKs, PEM-encoded (PKCS#8, PKCS#1 or PKIX) or as raw bytes (optionally base64-encoded). The parameter contentType is optional and it can contain a mime type.

func SerializeKey 

func SerializeKey(key jwk.Key) ([]byte, error)

SerializeKey serializes a jwk.Key in the appropriate format so they can be wrapped. Symmetric keys are returned as raw bytes, while asymmetric keys are marshalled as ASN.1 DER (X.509, not PEM-encoded).

func SignPrivateKey 

func SignPrivateKey(digest []byte, algorithm string, key jwk.Key) (signature []byte, err error)

SignPrivateKey creates a signature from a digest using a private key and the specified algorithm. Note: when using EdDSA, the message gets hashed as part of the signing process, so users should normally pass the full message for the "digest" parameter.

func SupportedAsymmetricAlgorithms 

func SupportedAsymmetricAlgorithms() []string

SupportedAsymmetricAlgorithms returns the list of supported asymmetric encryption algorithms. This is a subset of the algorithms defined in consts.go.

func SupportedSignatureAlgorithms 

func SupportedSignatureAlgorithms() []string

SupportedSignatureAlgorithms returns the list of supported signature algorithms. This is a subset of the algorithms defined in consts.go.

func SupportedSymmetricAlgorithms 

func SupportedSymmetricAlgorithms() []string

SupportedSymmetricAlgorithms returns the list of supported symmetric encryption algorithms. This is a subset of the algorithms defined in consts.go.

func VerifyPublicKey 

func VerifyPublicKey(digest []byte, signature []byte, algorithm string, key jwk.Key) (valid bool, err error)

VerifyPublicKey validates a signature using a public key and the specified algorithm. Note: when using EdDSA, the message gets hashed as part of the signing process, so users should normally pass the full message for the "digest" parameter.

Types

This section is empty.

Source Files

View all Source files

Directories

Path Synopsis
Package keywrap provides an AES-KW keywrap implementation as defined in RFC-3394.
 Package keywrap provides an AES-KW keywrap implementation as defined in RFC-3394.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.