crypto

package
v0.0.0-...-a1758a3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 30, 2023 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Overview

Package crypto provides cryptography functions for generating keys and certificates, deriving keys, calculating HMACs and such

Index

Constants

View Source 
const (
	// KeyLenBytes is a constant that defines the length of the key that is derived from the password (128-bit)
	KeyLenBytes = 32

	// KeyDerivIter is the number of PBKDF2 iterations used to derive the key from the password
	KeyDerivIter = 10000
)

Variables

This section is empty.

Functions

func CalculatePublicKeyHash 

func CalculatePublicKeyHash(cert *x509.Certificate) ([]byte, error)

CalculatePublicKeyHash calculates the SHA-256 hash of the DER PKIX representation of the public key contained in the given certificate. This is useful to use with the --pinnedpubkey option in curl.

func EncodeCert 

func EncodeCert(cert *x509.Certificate) ([]byte, error)

EncodeCert encodes a X.509 certificates as PEM.

func EncodeCurlPinnedPublicKeyHash 

func EncodeCurlPinnedPublicKeyHash(hash []byte) string

EncodeCurlPinnedPublicKeyHash encodes a public key hash in the format that curl's --pinnedpubkey option expects.

func EncodeKey 

func EncodeKey(key *Key) string

EncodeKey encodes the raw key and salt into a string in the format SALT:KEY, with both parts being base64 encoded.

func GenerateAuthHMAC 

func GenerateAuthHMAC(key []byte, method string, path string, ttl time.Duration) (string, error)

GenerateAuthHMAC generates the HMAC auth header used to authorize uthenticate against the server. The result can be used in the HTTP "X-Authorization" header. If the TTL is non-zero, the authorization header will only be valid for the given duration.

func GenerateKeyAndCert 

func GenerateKeyAndCert(hostname string) (string, string, error)

GenerateKeyAndCert generates a ECDSA P-256 key, and a self-signed certificate. It returns both as PEM-encoded values.

func LoadCertFromFile 

func LoadCertFromFile(filename string) (*x509.Certificate, error)

LoadCertFromFile loads the first PEM-encoded certificate from the given filename

func ReadCurlPinnedPublicKeyFromFile 

func ReadCurlPinnedPublicKeyFromFile(filename string) (string, error)

ReadCurlPinnedPublicKeyFromFile reads a cert from the given filename and calculates the public key for curl

Types

type Key 

type Key struct {
	Bytes []byte
	Salt  []byte
}

Key defines the symmetric key that is derived from the user password. It consists of the raw key bytes and the randomly generated salt.

func DecodeKey 

func DecodeKey(s string) (*Key, error)

DecodeKey decodes a key that was previously encoded with the EncodeKey function.

func DeriveKey 

func DeriveKey(password []byte, salt []byte) *Key

DeriveKey derives a key using PBKDF2 from the given password, using the given salt. This function can be used to derive and then verify a key from a kkown salt and password.

func GenerateKey 

func GenerateKey(password []byte) (*Key, error)

GenerateKey generates a new random salt and then derives a key from the given password using the DeriveKey function. This function is meant to be used when a new server is set up.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.