iron

package module

v1.0.0 Latest Latest Go to latest Published: Feb 10, 2023 License: MIT Imports: 6 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/iron-auth/iron-crypto

Links

Open Source Insights

README ¶

Iron Crypto

This is a Golang implementation of @hapi/iron and iron-webcrypto - encapsulated tokens (encrypted and mac'ed objects).

Installation

To get started with Iron Crypto, add the module to your go project using the following command:

go get github.com/iron-auth/iron-crypto@v1

Usage

Check out the documentation site for information about using Iron Crypto - Coming soon!

Roadmap

Full Golang implementation of iron-webcrypto / @hapi/iron

Security

If you believe there is a security issue in the library, please read our security policy and get in contact with us.

Contributing

Contributions and pull requests are welcome. Please read our contribution guidelines.

Documentation ¶

Index ¶

Variables
func Seal[T any](message T, password pw.Raw, cfg SealConfig) (string, error)
func Unseal[T any](sealed string, password pw.UnsealRaw, cfg SealConfig) (T, error)
type SealConfig
type SealConfigOptions

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// Default encryption options.
	DefaultEncryption = SealConfigOptions{
		Algorithm:         key.AES256CBC,
		Iterations:        1,
		MinPasswordLength: 32,
		SaltBits:          256,
	}
	// Default integrity options.
	DefaultIntegrity = SealConfigOptions{
		Algorithm:         key.SHA256,
		Iterations:        1,
		MinPasswordLength: 32,
		SaltBits:          256,
	}
)

Functions ¶

func Seal ¶

func Seal[T any](message T, password pw.Raw, cfg SealConfig) (string, error)

Seal a message with a password according to the options in the seal options.

Returns a string that can be unsealed with the same password and options.

func Unseal ¶

func Unseal[T any](sealed string, password pw.UnsealRaw, cfg SealConfig) (T, error)

Unseal a sealed value into an object of the supplied generic type, using the password and seal options.

The sealed value must have been sealed using the same password and seal options.

Types ¶

type SealConfig ¶

type SealConfig struct {
	// Encryption config options.
	Encryption SealConfigOptions
	// Integrity config options.
	Integrity SealConfigOptions
	// Time to live in seconds - how long the sealed message is valid for.
	//
	// 0 means it is valid forever.
	TTL int
	// Maximum skew allowed in seconds for incoming expirations.
	//
	// Defaults to 60 seconds. Set to -1 to disable.
	TimestampSkewSec int
	// Local time offset in milliseconds.
	LocalTimeOffsetMsec int
}

Config options for a seal.

type SealConfigOptions ¶

type SealConfigOptions struct {
	// Algorithm to use for encryption or integrity.
	//
	// AES256CBC or AES128CTR for encryption. SHA256 for integrity.
	Algorithm key.Algorithm
	// Number of iterations to use when deriving a key from the password.
	Iterations int
	// Minimum length of the password.
	MinPasswordLength int
	// Number of bits to use for the random salt.
	SaltBits int
}

Seal config options for encryption and integrity.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
bits
encryption
ironerrors
key
pw
str

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL