crypto

package
v0.13.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 25, 2024 License: Apache-2.0 Imports: 18 Imported by: 8

Documentation

Index

Constants

View Source
const (
	Algorithm_A128CBC        = "A128CBC"        // Encryption: AES-CBC, 128-bit key, with PKCS#7 padding
	Algorithm_A192CBC        = "A192CBC"        // Encryption: AES-CBC, 192-bit key, with PKCS#7 padding
	Algorithm_A256CBC        = "A256CBC"        // Encryption: AES-CBC, 256-bit key, with PKCS#7 padding
	Algorithm_A128CBC_NOPAD  = "A128CBC-NOPAD"  // Encryption: AES-CBC, 128-bit key, no padding
	Algorithm_A192CBC_NOPAD  = "A192CBC-NOPAD"  // Encryption: AES-CBC, 192-bit key, no padding
	Algorithm_A256CBC_NOPAD  = "A256CBC-NOPAD"  // Encryption: AES-CBC, 256-bit key, no padding
	Algorithm_A128GCM        = "A128GCM"        // Encryption: AES-GCM, 128-bit key
	Algorithm_A192GCM        = "A192GCM"        // Encryption: AES-GCM, 192-bit key
	Algorithm_A256GCM        = "A256GCM"        // Encryption: AES-GCM, 256-bit key
	Algorithm_A128CBC_HS256  = "A128CBC-HS256"  // Encryption: AES-CBC + HMAC-SHA256, 128-bit key
	Algorithm_A192CBC_HS384  = "A192CBC-HS384"  // Encryption: AES-CBC + HMAC-SHA384, 192-bit key
	Algorithm_A256CBC_HS512  = "A256CBC-HS512"  // Encryption: AES-CBC + HMAC-SHA512, 256-bit key
	Algorithm_A128KW         = "A128KW"         // Encryption: AES Key Wrap (RFC 3394), 128-bit key
	Algorithm_A192KW         = "A192KW"         // Encryption: AES Key Wrap (RFC 3394), 192-bit key
	Algorithm_A256KW         = "A256KW"         // Encryption: AES Key Wrap (RFC 3394), 256-bit key
	Algorithm_A128GCMKW      = "A128GCMKW"      // Encryption: AES-GCM key wrap, 128-bit key
	Algorithm_A192GCMKW      = "A192GCMKW"      // Encryption: AES-GCM key wrap, 192-bit key
	Algorithm_A256GCMKW      = "A256GCMKW"      // Encryption: AES-GCM key wrap, 256-bit key
	Algorithm_C20P           = "C20P"           // Encryption: ChaCha20-Poly1305, 96-bit IV
	Algorithm_XC20P          = "XC20P"          // Encryption: XChaCha20-Poly1305, 192-bit IV
	Algorithm_C20PKW         = "C20PKW"         // Encryption: ChaCha20-Poly1305 key wrap, 96-bit IV
	Algorithm_XC20PKW        = "XC20PKW"        // Encryption: XChaCha20-Poly1305 key wrap, 192-bit IV
	Algorithm_ECDH_ES        = "ECDH-ES"        // Encryption: ECDH-ES
	Algorithm_ECDH_ES_A128KW = "ECDH-ES+A128KW" // Encryption: ECDH-ES + AES key wrap, 128-bit key
	Algorithm_ECDH_ES_A192KW = "ECDH-ES+A192KW" // Encryption: ECDH-ES + AES key wrap, 192-bit key
	Algorithm_ECDH_ES_A256KW = "ECDH-ES+A256KW" // Encryption: ECDH-ES + AES key wrap, 256-bit key
	Algorithm_RSA1_5         = "RSA1_5"         // Encryption: RSA-PKCS1v1.5
	Algorithm_RSA_OAEP       = "RSA-OAEP"       // Encryption: RSA-OAEP with SHA1 hash
	Algorithm_RSA_OAEP_256   = "RSA-OAEP-256"   // Encryption: RSA-OAEP with SHA256 hash
	Algorithm_RSA_OAEP_384   = "RSA-OAEP-384"   // Encryption: RSA-OAEP with SHA384 hash
	Algorithm_RSA_OAEP_512   = "RSA-OAEP-512"   // Encryption: RSA-OAEP with SHA512 hash
	Algorithm_ES256          = "ES256"          // Signature: ECDSA using P-256 and SHA-256
	Algorithm_ES384          = "ES384"          // Signature: ECDSA using P-384 and SHA-384
	Algorithm_ES512          = "ES512"          // Signature: ECDSA using P-521 and SHA-512
	Algorithm_EdDSA          = "EdDSA"          // Signature: EdDSA signature algorithms
	Algorithm_HS256          = "HS256"          // Signature: HMAC using SHA-256
	Algorithm_HS384          = "HS384"          // Signature: HMAC using SHA-384
	Algorithm_HS512          = "HS512"          // Signature: HMAC using SHA-512
	Algorithm_PS256          = "PS256"          // Signature: RSASSA-PSS using SHA256 and MGF1-SHA256
	Algorithm_PS384          = "PS384"          // Signature: RSASSA-PSS using SHA384 and MGF1-SHA384
	Algorithm_PS512          = "PS512"          // Signature: RSASSA-PSS using SHA512 and MGF1-SHA512
	Algorithm_RS256          = "RS256"          // Signature: RSASSA-PKCS-v1.5 using SHA-256
	Algorithm_RS384          = "RS384"          // Signature: RSASSA-PKCS-v1.5 using SHA-384
	Algorithm_RS512          = "RS512"          // Signature: RSASSA-PKCS-v1.5 using SHA-512
)

Algorithms

Variables

View Source
var (
	// ErrUnsupportedAlgorithm is returned when the algorithm is unsupported.
	ErrUnsupportedAlgorithm = errors.New("unsupported algorithm")
	// ErrKeyTypeMismatch is returned when the key type doesn't match the requested algorithm.
	ErrKeyTypeMismatch = errors.New("key type mismatch")
	// ErrInvalidNonce is returned when the nonce isn't valid for the requested operation.
	ErrInvalidNonce = errors.New("invalid nonce")
	// ErrInvalidTag is returned when the authentication tag is not of the required format (before the message is attempted to be opened).
	ErrInvalidTag = errors.New("invalid tag")
	// ErrInvalidPlaintextLength is returned when the plaintext's length is invalid.
	ErrInvalidPlaintextLength = errors.New("invalid plaintext length")
	// ErrInvalidCiphertextLength is returned when the ciphertext's length is invalid.
	ErrInvalidCiphertextLength = errors.New("invalid ciphertext length")
)

Errors

Functions

func Decrypt

func Decrypt(ciphertext []byte, algorithm string, key jwk.Key, nonce []byte, tag []byte, associatedData []byte) (plaintext []byte, err error)

Decrypt a message using the given algorithm and key, supporting both symmetric and asymmetric ciphers.

func DecryptPrivateKey

func DecryptPrivateKey(ciphertext []byte, algorithm string, key jwk.Key, associatedData []byte) (plaintext []byte, err error)

DecryptPrivateKey decrypts a message using a private key and the specified algorithm. Note that "associatedData" is ignored if the cipher does not support labels/AAD.

func DecryptSymmetric

func DecryptSymmetric(ciphertext []byte, algorithm string, key jwk.Key, nonce []byte, tag []byte, associatedData []byte) (plaintext []byte, err error)

DecryptSymmetric decrypts an encrypted message using a symmetric key and the specified algorithm. Note that "associatedData" is ignored if the cipher does not support labels/AAD.

func Encrypt

func Encrypt(plaintext []byte, algorithm string, key jwk.Key, nonce []byte, associatedData []byte) (ciphertext []byte, tag []byte, err error)

Encrypt a message using the given algorithm and key, supporting both symmetric and asymmetric ciphers.

func EncryptPublicKey

func EncryptPublicKey(plaintext []byte, algorithm string, key jwk.Key, associatedData []byte) (ciphertext []byte, err error)

EncryptPublicKey encrypts a message using a public key and the specified algorithm. Note that "associatedData" is ignored if the cipher does not support labels/AAD.

func EncryptSymmetric

func EncryptSymmetric(plaintext []byte, algorithm string, key jwk.Key, nonce []byte, associatedData []byte) (ciphertext []byte, tag []byte, err error)

EncryptSymmetric encrypts a message using a symmetric key and the specified algorithm. Note that "associatedData" is ignored if the cipher does not support labels/AAD.

func ParseKey

func ParseKey(raw []byte, contentType string) (jwk.Key, error)

ParseKey takes a byte slice and returns a key (public, private, symmetric) after determining its type. It supports keys represented as JWKs, PEM-encoded (PKCS#8, PKCS#1 or PKIX) or as raw bytes (optionally base64-encoded). The parameter contentType is optional and it can contain a mime type.

func SerializeKey

func SerializeKey(key jwk.Key) ([]byte, error)

SerializeKey serializes a jwk.Key in the appropriate format so they can be wrapped. Symmetric keys are returned as raw bytes, while asymmetric keys are marshalled as ASN.1 DER (X.509, not PEM-encoded).

func SignPrivateKey

func SignPrivateKey(digest []byte, algorithm string, key jwk.Key) (signature []byte, err error)

SignPrivateKey creates a signature from a digest using a private key and the specified algorithm. Note: when using EdDSA, the message gets hashed as part of the signing process, so users should normally pass the full message for the "digest" parameter.

func SupportedAsymmetricAlgorithms

func SupportedAsymmetricAlgorithms() []string

SupportedAsymmetricAlgorithms returns the list of supported asymmetric encryption algorithms. This is a subset of the algorithms defined in consts.go.

func SupportedSignatureAlgorithms

func SupportedSignatureAlgorithms() []string

SupportedSignatureAlgorithms returns the list of supported signature algorithms. This is a subset of the algorithms defined in consts.go.

func SupportedSymmetricAlgorithms

func SupportedSymmetricAlgorithms() []string

SupportedSymmetricAlgorithms returns the list of supported symmetric encryption algorithms. This is a subset of the algorithms defined in consts.go.

func VerifyPublicKey

func VerifyPublicKey(digest []byte, signature []byte, algorithm string, key jwk.Key) (valid bool, err error)

VerifyPublicKey validates a signature using a public key and the specified algorithm. Note: when using EdDSA, the message gets hashed as part of the signing process, so users should normally pass the full message for the "digest" parameter.

Types

This section is empty.

Directories

Path Synopsis
Package keywrap provides an AES-KW keywrap implementation as defined in RFC-3394.
Package keywrap provides an AES-KW keywrap implementation as defined in RFC-3394.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL