Documentation ¶
Overview ¶
Package security provides crypto and hashing support.
Index ¶
- Constants
- Variables
- func Decrypt(e, expected_sha256 string, key []byte) (string, error)
- func DerivePassword(password string, cfg argon2.Config) (*safe.Password, error)
- func EncodedSHA256(s string) string
- func Encrypt(s string, key []byte) (string, error)
- func MakeKey(s string) ([]byte, error)
- func RandKey() []byte
- func RandString() string
- func VerifyPassword(guess string, derived safe.Password) (bool, error)
- type KeyMap
- type VersionKey
Constants ¶
View Source
const KeyLen = 32
KeyLen is the encryption key length.
Variables ¶
View Source
var ( ErrKeyNotFound = errors.New("key not set in key map") ErrCurrentKeyNotFound = errors.New("current key not set in key map") )
View Source
var ErrDigest = errors.New("value does not have correct digest")
ErrDigest signals a checksum mismatch.
View Source
var ErrNonce = errors.New("nonce could not be constructed")
ErrNonce signals a failure to construct the nonce.
Functions ¶
func DerivePassword ¶
DerivePassword performs a one-way hash on a password using argon2.
func EncodedSHA256 ¶
EncodedSHA256 returns the encoded (base16) sha256sums.
Types ¶
type VersionKey ¶
type VersionKey struct {
// contains filtered or unexported fields
}
VersionKey maps key ids (as UUIDs) to key []byte and knows the current key id -> key []byte mapping.
func NewVersionKey ¶
func NewVersionKey(keyMap KeyMap, current uuid.UUID) (*VersionKey, error)
NewVersionKey creates a new VersionKey assuming current is a valid key in `keyMap`.
func (*VersionKey) Get ¶
func (v *VersionKey) Get(id uuid.UUID) ([]byte, error)
Get looks up a key identified by id in the keyMap.
func (*VersionKey) GetCurrent ¶
func (v *VersionKey) GetCurrent() (uuid.UUID, []byte, error)
GetCurrent looks up the current key in the keyMap.
Click to show internal directories.
Click to hide internal directories.