secure

package
v0.0.0-...-21fbc7d Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 24, 2024 License: Apache-2.0 Imports: 28 Imported by: 0

Documentation

Overview

Copyright (c) 2018-Now Dunyu All Rights Reserved.

Author : https://www.wengold.net Email : support@wengold.net

Prismy.No | Date | Modified by. | Description ------------------------------------------------------------------- 00001 2019/05/22 yangping New version -------------------------------------------------------------------

Index

Constants

View Source 
const (
	ECC_PEM_PRI_HEADER = "ECDSA PRIVATE KEY" // private key pem file header
	ECC_PEM_PUB_HEADER = "ECDSA PUBLIC KEY"  // public  key pem file header
)
View Source 
const AES_UTIL_DESCRIPTION = 0 /* just use for description */

For other languages, you can use the follows example code to encrypt or decrypt AES.

`AES for java (Android)`

---- 

public String encryptByAES(String secretkey, String original) {
    try {
        // use md5 value as the real key
        byte[] b = secretkey.getBytes();
        MessageDigest md = MessageDigest.getInstance("MD5");
        byte[] hashed = md.digest(b);

        // create an 16-byte initialization vector
        byte[] iv = new byte[] {
            0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
        };
        AlgorithmParameterSpec spec = new IvParameterSpec(iv);
        SecretKeySpec keyspec = new SecretKeySpec(hashed), "AES");

        // create cipher and initialize CBC vector
        Cipher ecipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        ecipher.init(Cipher.ENCRYPT_MODE, keyspec, spec);

        byte[] plaintext = original.getBytes();
        byte[] ciphertext = ecipher.doFinal(plaintext, 0, plaintext.length);

        return Base64.encodeToString(ciphertext, Base64.DEFAULT);
    } catch (Exception e) {
        e.printStackTrace();
    }
    return null;
}

public String decryptByAES(String secretkey, String ciphertextb64) {
    try {
        // use md5 value as the real key
        byte[] b = secretkey.getBytes();
        MessageDigest md = MessageDigest.getInstance("MD5");
        byte[] hashed = md.digest(b);

        // create an 16-byte initialization vector
        byte[] iv = new byte[] {
            0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
        };
        AlgorithmParameterSpec spec = new IvParameterSpec(iv);
        SecretKeySpec keyspec = new SecretKeySpec(hashed), "AES");

        // create cipher and initialize CBC vector
        Cipher dcipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        dcipher.init(Cipher.DECRYPT_MODE, keyspec, spec);

        byte[] ciphertext = Base64.decode(ciphertextb64, Base64.DEFAULT);
        byte[] original = dcipher.doFinal(ciphertext, 0, ciphertext.length);

        return new String(original);
    } catch (Exception e) {
        e.printStackTrace();
    }
    return null;
}

`AES for node.js`

---- 

let iv = [ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f ];

function encrypt_by_aes(secretkey, original) {
    let md5 = crypto.createHash('md5').update(secretkey).digest('hex');
    const ecipher = crypto.createCipheriv(
        'aes-128-cbc',
        new Buffer(md5, 'hex'),
        new Buffer(iv)
    );
    // ecipher.setAutoPadding(true);
    var ciphertextb64 = ecipher.update(original, 'utf8', 'base64');
    ciphertextb64 += ecipher.final('base64');
    console.log('ciphertextb64: ' + ciphertextb64);
    return ciphertextb64;
}

function decrypt_by_aes(secretkey, ciphertextb64) {
    let md5 = crypto.createHash('md5').update(secretkey).digest('hex');
    const dcipher = crypto.createDecipheriv(
        'aes-128-cbc',
        new Buffer(md5, 'hex'),
        new Buffer(iv)
    );
    var original = dcipher.update(ciphertextb64, 'base64', 'utf8');
    original += dcipher.final('utf8');
    console.log('original: ' + original);
    return original;
}
View Source 
const RSA_UTIL_DESCRIPTION = 0 /* just use for description */

### 1. How to encrypt and decrypt by RSA

- (1). use secure.GenRSAKeys() to generate RSA keys, and set content bits length.

- (2). use secure.RSAEncrypt() to encrypt original data with given public key.

- (3). use secure.RSADecrypt() to decrypt ciphertext with given private key.

`USAGE` 

// Use the pubkey to encrypt and use the prikey to decrypt
prikey, pubkey, _ := secure.GenRSAKeys(1024)
logger.I("public  key:", pubkey, "private key:", prikey)

ciphertext, _ := secure.RSAEncrypt([]byte(pubkey), []byte("original-content"))
ciphertextBase64 := secure.EncodeBase64(string(ciphertext))
logger.I("ciphertext base64 string:", ciphertextBase64)

original, _ := secure.RSADecrypt([]byte(prikey), ciphertext)
logger.I("original string:", string(original))	// print 'original-content'

----

### 2. How to digital signature and verify by RSA

- (1). use secure.GenRSAKeys() to generate RSA keys, and set content bits length.

- (2). use secure.RSASign() to make digital signature with given private key.`

- (3). use secure.RSAVerify() to verify data's integrity with given public key and digital signature

`USAGE` 

// Use the private key to create digital signature and use pubkey to verify it
prikey, pubkey, _ := secure.GenRSAKeys(1024)
logger.I("public  key:", pubkey, "private key:", prikey)

original := []byte("original-content")
signature, _ := secure.RSASign([]byte(prikey), original)
logger.I("original string:", string(original))
logger.I("signature string:", string(signature))

if err := secure.RSAVerify([]byte(pubkey), original, signature); err != nil {
	logger.E("Verify failed with err:", err)
	return
}
logger.I("Verify success")

Variables

This section is empty.

Functions

func AESDecrypt 

func AESDecrypt(secretkey []byte, ciphertextb64 string) (string, error)

Using CBC formated secret key to decrypt ciphertext 

@param secretkey Secure key buffer
@param ciphertextb64 Ciphertext formated by base64
@return - string Decrypted plaintext string
		- error Exception message

func AESEncrypt 

func AESEncrypt(secretkey, original []byte) (string, error)

Using CBC formated secret key to encrypt original data 

@param secretkey Secure key buffer
@param original Original datas buffer to encrypt
@return - string Encrypted ciphertext formated by base64
		- error Exception message

---- 

secretkey := secure.GenAESKey()
original := []byte("original-content")
ciphertext, _ := secure.AESEncrypt([]byte(secretkey), original)

encrypted, _ := secure.AESDecrypt([]byte(secretkey), ciphertext)
logger.I("encrypted original string: ", encrypted)

func Base64ToByte 

func Base64ToByte(ciphertext string) ([]byte, error)

Decode base64 string to byte array

func ByteToBase64 

func ByteToBase64(original []byte) string

Encode byte array to base64 string

func DecClaims 

func DecClaims(keyword string, count ...int) ([]string, error)

Decode claims of jwt token and return datas as string array

func DecJwtKeyword deprecated 

func DecJwtKeyword(keyword string) (string, string, string)

Decode account uuid, password and subject from jwt keyword string

Deprecated: Use secure.DecClaims() instead it.

func DecodeBase64 

func DecodeBase64(ciphertext string) (string, error)

Decode from base64 string

func EccDigitalSigns 

func EccDigitalSigns(sign []byte) (*big.Int, *big.Int)

Parse ECC digital signs from signed string, to veriry plaintext. 

prikey, _ := GenEccPriKey()
plaintext := "This is a plainttext to sign and verfiy!"
signb64, _ := EccSign(plaintext, prikey)
valid, _ : EccVerify(plaintext, signb64, &prikey.PublicKey)
fmt.Println("ECC verify result:", valid)

func EccKeysString 

func EccKeysString(prikey *ecdsa.PrivateKey) (string, string, error)

Format ECC private and public keys to pem strings.

func EccPriKey 

func EccPriKey(pripem string) (*ecdsa.PrivateKey, error)

Get ECC private key from private pem string. 

prikey, _ := GenEccPriKey()
pripem, _ := EccPriString(prikey)
newkey, _ := EccPriKey(pripem) // prikey == newkey

func EccPriString 

func EccPriString(prikey *ecdsa.PrivateKey) (string, error)

Format ECC private key to pem string, it can be save to file directly.

func EccPubKey 

func EccPubKey(pubkey string) (*ecdsa.PublicKey, error)

Get ECC public key from public pem string. 

prikey, _ := GenEccPriKey()
pubpem, _ := EccPubString(&prikey.PublicKey)
newkey, _ := EccPubKey(pubpem) // prikey.PublicKey == newkey

func EccPubString 

func EccPubString(pubkey *ecdsa.PublicKey) (string, error)

Format ECC public key to pem string, it can be save to file directly. 

prikey, _ := secure.GenEccPriKey()
pubkey := &prikey.PublicKey              // get public key
pubstr, _ := secure.EccPubString(pubkey) // format public key to pem string

func EccSign 

func EccSign(plaintext string, prikey *ecdsa.PrivateKey) (string, error)

Sign the given plaintext by ECC private key, and return the signed code on base64 format.

func EccVerify 

func EccVerify(plaintext, signb64 string, pubkey *ecdsa.PublicKey) (bool, error)

Verify the given plaintext by ECC public key and base64 formated sign code.

func EncClaims 

func EncClaims(uuid string, params ...string) string

Encode account uuid and optianl datas as claims content of jwt token

func EncJwtKeyword deprecated 

func EncJwtKeyword(uuid, pwd string, subject string) string

Encode account uuid, password and subject string

Deprecated: Use secure.EncClaims() instead it.

func EncodeB64MD5 

func EncodeB64MD5(original string) string

Encode string to base64, and then encode by md5

func EncodeBase64 

func EncodeBase64(original string) string

Encode string by base64

func EncodeMD5 

func EncodeMD5(original string) string

Encode string by md5, it ignore write buffer errors

func EncodeMD5B64 

func EncodeMD5B64(original string) string

Encode string to md5, and then encode by base64

func EncodeMD5Check 

func EncodeMD5Check(original string) (string, error)

Encode string by md5 and check write buffer errors

func GCMDecrypt 

func GCMDecrypt(secretkey []byte, ciphertextb64, noncestr string, additional ...[]byte) (string, error)

Using AES-256-GCM to decrypt ciphertext 

@param secretkey Secure key buffer
@param ciphertextb64 Ciphertext formated by base64
@param noncestr Nonce string which generated when encrypt
@param additional additional datas used by encrypt, it maybe null
@return - string Decrypted plaintext string
		- error Exception message

func GCMEncrypt 

func GCMEncrypt(secretkey, original []byte, additional ...[]byte) (string, string, error)

Using AES-256-GCM to encrypt the given original text 

@param secretkey Secure key buffer
@param original Original datas buffer to encrypt
@param additional Additional datas
@return - string Encrypted ciphertext formated by base64
		- string Nonce string
		- error Exception message

`NOTICE` :

You can use secure.GenAESKey() to generate a AES-256-GSM secret key to as secretkey input param, or use hex.EncodeToString() encode any secret string, but use hex.DecodeString() decode the encode hash key before call this function.

---- 

// use secure.GenAESKey() generate a secretkey
secretkey := secure.GenAESKey()
ciphertex, noncestr, err := secure.GCMEncrypt(secretkey, original)
ciphertex, noncestr, err := secure.GCMEncrypt(secretkey, original, additional)

// use hex.EncodeToString() and hex.DecodeString()
hashkey := hex.EncodeToString(secretkey)
// do samething with hashkey...
secretkey, err := hex.DecodeString(hashkey)
ciphertex, noncestr, err := secure.GCMEncrypt(secretkey, original)
ciphertex, noncestr, err := secure.GCMEncrypt(secretkey, original, additional)

func GenAESKey 

func GenAESKey() string

Generate AES key range chars in [0-9a-z]{16}

func GenCode 

func GenCode() string

Generate a code by using current nanosecond, e.g. M25eNdE4rF5

func GenCodeFrom 

func GenCodeFrom(src int64) string

Generate a code from given int64 data, e.g. M25eNdE4rF5

func GenEccKeys 

func GenEccKeys(sign ...string) (string, string, error)

Generate ECC private key, and format private and public keys as pem strings, by default it create P256 curve to sign data, or you can create other keys for set sign param as P224, P384, P521.

@see secure.GenEccPriKey()

func GenEccPriKey 

func GenEccPriKey(sign ...string) (*ecdsa.PrivateKey, error)

Generate a ECC random private key with curve type one of P224, P256, P384, P521, or use P256 curve as default, then you can get the pair public key from prikey.PublicKey param. 

prikey, _ := secure.GenEccPriKey() // same as secure.GenEccPriKey("P256")
pubkey := &prikey.PublicKey        // get public key

func GenHash 

func GenHash(src, salt string, buflen ...int) (string, error)

Hash the given source with salt, default length is 64 * 2, you may set buffer length by buflen input param, and return (buflen * 2) length hash string.

func GenJwtToken 

func GenJwtToken(keyword, salt string, dur time.Duration) (string, error)

Generate a jwt token with keyword and salt string, the token will expired after the given duration

func GenLoginToken 

func GenLoginToken(acc, pwd string) string

Generate a login token with account and password.

--- 

account   password
    |- + -|
       |
    base64          current nanosecode
       |                    |
      md5                base64
       +------- "."---------|
                 |
              base64 => token

func GenLowCode 

func GenLowCode() string

Generate a code formated only lower chars, e.g. mabendecrfdme

func GenLowNum 

func GenLowNum() string

Generate a code formated only number and lower chars, e.g. m25ende4rf5m

func GenNano 

func GenNano() string

Generate a code just as current nano seconds time, e.g. 1693359476235899600

func GenNonce 

func GenNonce() string

Generate a random num and convert to string

func GenOAuthCode 

func GenOAuthCode(length int, randomType string) (string, error)

Generate a random OAuth code

func GenRSAKeys 

func GenRSAKeys(bits int) (string, string, error)

Generate RSA private and public keys in PKCS#1, ASN.1 DER format, and limit bits length of key cert. 

@param bits Limit bits length of key cert
@return - string Private key original string
		- string Public key original string
		- error Exception message

func GenRandCode 

func GenRandCode(seednum ...int64) string

Generate a code by using current nanosecond and append random suffix, e.g. M25eNdE4rF50987

func GenRandCodeFrom 

func GenRandCodeFrom(src int64) string

Generate a code from given int64 data and append random suffix, e.g. M25eNdE4rF50987

func GenRandUUID 

func GenRandUUID(buflen ...int) string

Generate a random number uuid with specified digits

func GenSalt 

func GenSalt(buflen ...int) (string, error)

Generates a random salt, default length is 64 * 2, you may set buffer length by buflen input param, and return (buflen * 2) length salt string.

func GenToken 

func GenToken(original string) string

Convert to lower string and encode by base64 -> md5

func GenUUID 

func GenUUID() int64

Generate a new uuid in int64

func GenUUIDString 

func GenUUIDString() string

Generate a new uuid in string

func GenUpCode 

func GenUpCode() string

Generate a code formated only upper chars, e.g. MABENDECRFDME

func GenUpNum 

func GenUpNum() string

Generate a code formated only number and upper chars, e.g. M25ENDE4RF5M

func HashByteThenBase64 

func HashByteThenBase64(data []byte) string

Hash byte array by sha256 and than to base64 string

func HashMD5 

func HashMD5(original []byte) []byte

Hash string by md5, it ignore write buffer errors

func HashMD5Check 

func HashMD5Check(original []byte) ([]byte, error)

Hash string by md5 and check write buffer errors

func HashSHA256 

func HashSHA256(original []byte) []byte

Hash byte array by sha256

func HashSHA256Hex 

func HashSHA256Hex(original []byte) string

Hash byte array by sha256 then encode to hex

func HashSHA256String 

func HashSHA256String(original string) []byte

Hash string by sha256

func HashThenBase64 

func HashThenBase64(data string) string

Hash string by sha256 and than to base64 string

func LoadRSAKey 

func LoadRSAKey(filepath string, buffbits ...int) ([]byte, error)

Load RSA private or public key content from the given pem file, and the input buffer size of buffbits must larger than pem file size by call GenRSAKeys to set bits.

func MD5Lower 

func MD5Lower(original string) string

Encode string to md5 and then transform to lowers without check error.

func MD5Upper 

func MD5Upper(original string) string

Encode string to md5 and then transform to uppers without check error.

func RSA2Sign 

func RSA2Sign(prikey, original []byte) ([]byte, error)

Using RSA2 private key to make digital signature, the private key in PKCS#8, ASN.1 DER form.

func RSA2Sign4F 

func RSA2Sign4F(prifile string, original []byte) ([]byte, error)

Using RSA2 private key file to make digital signature. the private key in PKCS#8, ASN.1 DER form.

func RSA2Sign4FB64 

func RSA2Sign4FB64(prifile string, original []byte) (string, error)

Using RSA2 private key file to make digital signature, then format to base64 form, the private key in PKCS#8, ASN.1 DER form.

func RSA2SignB64 

func RSA2SignB64(prikey, original []byte) (string, error)

Using RSA2 private key file to make digital signature, then format to base64 form, the private key in PKCS#8, ASN.1 DER form.

func RSA2Verify 

func RSA2Verify(pubkey, original, signature []byte) error

Using RSA2 public key to verify PKCS#8, ASN.1 signatured data.

func RSA2Verify4F 

func RSA2Verify4F(pubfile string, original, signature []byte) error

Using RSA2 public key to verify PKCS#8, ASN.1 signatured data.

func RSADecrypt 

func RSADecrypt(prikey, ciphertext []byte) ([]byte, error)

Using RSA private key to decrypt ciphertext.

func RSADecrypt4F 

func RSADecrypt4F(prifile string, ciphertext []byte) ([]byte, error)

Using RSA private key file to decrypt ciphertext.

func RSAEncrypt 

func RSAEncrypt(pubkey, original []byte) ([]byte, error)

Using RSA public key to encrypt original data.

func RSAEncrypt4F 

func RSAEncrypt4F(pubfile string, original []byte) ([]byte, error)

Using RSA public key file to encrypt original data.

func RSAEncrypt4FB64 

func RSAEncrypt4FB64(pubfile string, original []byte) (string, error)

Using RSA public key file to encrypt original data, then format to base64 form.

func RSAEncryptB64 

func RSAEncryptB64(pubkey, original []byte) (string, error)

Using RSA public key to encrypt original data, then format to base64 form.

func RSASign 

func RSASign(prikey, original []byte) ([]byte, error)

Using RSA private key to make digital signature, the private key in PKCS#1, ASN.1 DER form.

func RSASign4F 

func RSASign4F(prifile string, original []byte) ([]byte, error)

Using RSA private key file to make digital signature, the private key in PKCS#1, ASN.1 DER form.

func RSASign4FB64 

func RSASign4FB64(prifile string, original []byte) (string, error)

Using RSA private key file to make digital signature, then format to base64 form, the private key in PKCS#1, ASN.1 DER form.

func RSASignB64 

func RSASignB64(prikey, original []byte) (string, error)

Using RSA private key to make digital signature, then format to base64 form, the private key in PKCS#1, ASN.1 DER form.

func RSAVerify 

func RSAVerify(pubkey, original, signature []byte) error

Using RSA public key to verify PKCS#1 v1.5 signatured data.

func RSAVerify4F 

func RSAVerify4F(pubfile string, original, signature []byte) error

Using RSA public key file to verify PKCS#1 v1.5 signatured data.

func RSAVerifyASN 

func RSAVerifyASN(pubkey, original, signature []byte) error

Using RSA public key to verify ASN.1 signatured data.

func RSAVerifyASN4F 

func RSAVerifyASN4F(pubfile string, original, signature []byte) error

Using RSA public key file to verify ASN.1 signatured data.

func SignSHA1 

func SignSHA1(securekey string, src string) string

Use HmacSHA1 to calculate the signature, and format as base64 string

func SignSHA256 

func SignSHA256(securekey string, src string) string

Use HmacSHA256 to calculate the signature, and format as base64 string

func ToMD5Hex 

func ToMD5Hex(input ...string) string

Encode multi-input to md5 one string, it same as EncodeMD5 when input only one string.

func ToMD5Lower 

func ToMD5Lower(original string) (string, error)

Encode string to md5 and then transform to lowers.

func ToMD5Upper 

func ToMD5Upper(original string) (string, error)

Encode string to md5 and then transform to uppers.

func ViaJwtToken 

func ViaJwtToken(signedToken, salt string) (string, error)

Verify the encoded jwt token with salt string

func ViaLoginToken 

func ViaLoginToken(acc, pwd, token string, duration int64) (bool, error)

Verify login token.

--- 

      token => base64
                 |
       +------- "."---------|
      md5                base64
       |                    |
    base64          current nanosecode
       |
    |- + -|
account   password

Types

type Claims 

type Claims struct {
	Keyword string `json:"keyword"`
	jwt.RegisteredClaims
}

Claims jwt claims data

type SoleCoder 

type SoleCoder struct {
	// contains filtered or unexported fields
}

Random coder to generate unique number code

`USEAGE` : 

coder := mvc.NewSoleCoder()
code, _ := coder.Gen(6)
logger.I("6 chars code:", code)

code, _ = coder.Gen(8)
logger.I("8 chars code:", code)

code, _ := coder.Gen(6, 5)
logger.I("max retry 5 times, 6 chars code:", code)

code, _ = coder.Gen(8, 5)
logger.I("max retry 5 times, 8 chars code:", code)

func NewSoleCoder 

func NewSoleCoder(data ...[]string) *SoleCoder

Create SoleCoder and init with exist codes

func (*SoleCoder) Gen 

func (c *SoleCoder) Gen(codelen int, times ...int) (string, error)

Generate a given length number code, it may throw a error when over the retry times

func (*SoleCoder) Remove 

func (c *SoleCoder) Remove(code string)

Remove used sole code outof cache

type Stringer 

type Stringer struct {
	// contains filtered or unexported fields
}

A string streaming to write string as writer.

func (*Stringer) Write 

func (s *Stringer) Write(p []byte) (n int, err error)

Write data to stringer cache param.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.