fernet

package module
v0.0.0-...-e3de979 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 24, 2024 License: MIT Imports: 12 Imported by: 0

README

Fernet takes a user-provided *message* (an arbitrary sequence of
bytes), a *key* (256 bits), and the current time, and produces a
*token*, which contains the message in a form that can't be read
or altered without the key.

This package is compatible with the other implementations at
https://github.com/fernet. They can exchange tokens freely among
each other.

Documentation: http://godoc.org/github.com/fernet/fernet-go


INSTALL

	$ go get github.com/fernet/fernet-go


For more information and background, see the Fernet spec at
https://github.com/fernet/spec.

Fernet is distributed under the terms of the MIT license.
See the License file for details.

Documentation

Overview

Package fernet takes a user-provided message (an arbitrary sequence of bytes), a key (256 bits), and the current time, and produces a token, which contains the message in a form that can't be read or altered without the key.

For more information and background, see the Fernet spec at https://github.com/fernet/spec.

Subdirectories in this package provide command-line tools for working with Fernet keys and tokens.

Example
k := fernet.MustDecodeKeys("cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=")
tok, err := fernet.EncryptAndSign([]byte("hello"), k[0])
if err != nil {
	panic(err)
}
msg := fernet.VerifyAndDecrypt(tok, 60*time.Second, k)
fmt.Println(string(msg))
Output:

hello

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

func EncryptAndSign

func EncryptAndSign(msg []byte, k *Key) (tok []byte, err error)

EncryptAndSign encrypts and signs msg with key k and returns the resulting fernet token. If msg contains text, the text should be encoded with UTF-8 to follow fernet convention.

func VerifyAndDecrypt

func VerifyAndDecrypt(tok []byte, ttl time.Duration, k []*Key) (msg []byte)

VerifyAndDecrypt verifies that tok is a valid fernet token that was signed with a key in k at most ttl time ago only if ttl is greater than zero. Returns the message contained in tok if tok is valid, otherwise nil.

Types

type Key

type Key [32]byte

Key represents a key.

func DecodeKey

func DecodeKey(s string) (*Key, error)

DecodeKey decodes a key from s and returns it. The key can be in hexadecimal, standard base64, or URL-safe base64.

func DecodeKeys

func DecodeKeys(a ...string) ([]*Key, error)

DecodeKeys decodes each element of a using DecodeKey and returns the resulting keys. Requires at least one key.

func MustDecodeKeys

func MustDecodeKeys(a ...string) []*Key

MustDecodeKeys is like DecodeKeys, but panics if an error occurs. It simplifies safe initialization of global variables holding keys.

func (*Key) Encode

func (k *Key) Encode() string

Encode returns the URL-safe base64 encoding of k.

func (*Key) Generate

func (k *Key) Generate() error

Generate initializes k with pseudorandom data from package crypto/rand.

Directories

Path Synopsis
cmd

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL