Documentation
¶
Overview ¶
Provides a recommended hashing algorithm.
The hash function is HMAC-SHA512/256 where SHA512/256 is as described in FIPS 180-4. This construction avoids length-extension attacks while maintaining a widely compatible digest size with better performance on 64-bit systems.
Password hashing uses bcrypt with a work factor of 14.
Provides a recommended TLS configuration.
Index ¶
- func CheckPasswordHash(hash, password []byte) error
- func DecodeKey(keyEnc string) (*[32]byte, error)
- func DecryptAsym(ciphertext io.Reader, publicKey, privateKey *[32]byte) (io.Reader, error)
- func DecryptSym(ciphertext io.Reader, secretKey *[32]byte) (io.Reader, error)
- func DecryptSymInMemory(ciphertext []byte, key *[32]byte) ([]byte, error)
- func DefaultTLSConfig() *tls.Config
- func ECDHExchange(remotePubKeyData []byte, privKeyData []byte) (sharedKey []byte, pubKey []byte, err error)
- func EncryptAsym(plaintext io.Reader, publicKey, privateKey *[32]byte) (io.Reader, error)
- func EncryptSym(plaintext io.Reader, secretKey *[32]byte) (io.Reader, error)
- func EncryptSymInMemory(plaintext []byte, key *[32]byte) ([]byte, error)
- func Hash(tag string, data []byte) []byte
- func HashPassword(password []byte) ([]byte, error)
- func NewTLSCert(subjectName string, san []string, expiration time.Time, ...) (certPEM, privateKeyPEM []byte, err error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CheckPasswordHash ¶
CheckPasswordHash securely compares a bcrypt hashed password with its possible plaintext equivalent. Returns nil on success, or an error on failure.
func DecryptAsym ¶
DecryptAsym performs asymmetric decryption of the ciphertext data using NaCl primitives (Curve25519, XSalsa20 and Poly1305).
func DecryptSym ¶
DecryptSym performs symmetric decryption of the in ciphertext data using NaCl primitives (Curve25519, XSalsa20 and Poly1305).
func DecryptSymInMemory ¶
DecryptSymInMemory performs symmetric decryption of the plaintext data in memory using NaCl primitives (Curve25519, XSalsa20 and Poly1305).
func DefaultTLSConfig ¶
func ECDHExchange ¶
func ECDHExchange(remotePubKeyData []byte, privKeyData []byte) (sharedKey []byte, pubKey []byte, err error)
ECDHExchange performs ECDH key exchange using the X25519 function, and returns the generated shared secret key, and the local public key. If privKeyData is nil, it generates a new private key.
func EncryptAsym ¶
EncryptAsym performs asymmetric encryption of the plaintext data using NaCl primitives (Curve25519, XSalsa20 and Poly1305).
func EncryptSym ¶
EncryptSym performs symmetric encryption of the plaintext data using NaCl primitives (Curve25519, XSalsa20 and Poly1305).
func EncryptSymInMemory ¶
EncryptSymInMemory performs symmetric encryption of the plaintext data in memory using NaCl primitives (Curve25519, XSalsa20 and Poly1305).
func Hash ¶
Hash generates a hash of data using HMAC-SHA-512/256. The tag is intended to be a natural-language string describing the purpose of the hash, such as "hash file for lookup key" or "master secret to client secret". It serves as an HMAC "key" and ensures that different purposes will have different hash output. This function is NOT suitable for hashing passwords.
func HashPassword ¶
HashPassword generates a bcrypt hash of the password using work factor 14.
func NewTLSCert ¶
func NewTLSCert( subjectName string, san []string, expiration time.Time, parent *tls.Certificate, ) (certPEM, privateKeyPEM []byte, err error)
NewTLSCert creates a X.509 v3 certificate using the provided subjectName, Subject Alternative Names and expiration date. If parent is nil, the certificate is self-signed using a new Ed25519 private key; otherwise the parent certificate is used to sign the new certificate (e.g. for client certs). It returns the certificate and private key encoded in PEM format. Source: https://eli.thegreenplace.net/2021/go-https-servers-with-tls/
Types ¶
This section is empty.
Source Files