README
¶
Fernet takes a user-provided *message* (an arbitrary sequence of bytes), a *key* (256 bits), and the current time, and produces a *token*, which contains the message in a form that can't be read or altered without the key. This package is compatible with the other implementations at https://github.com/fernet. They can exchange tokens freely among each other. Documentation: http://godoc.org/github.com/fernet/fernet-go INSTALL $ go get github.com/fernet/fernet-go For more information and background, see the Fernet spec at https://github.com/fernet/spec. Fernet is distributed under the terms of the MIT license. See the License file for details.
Documentation
¶
Overview ¶
Package fernet takes a user-provided message (an arbitrary sequence of bytes), a key (256 bits), and the current time, and produces a token, which contains the message in a form that can't be read or altered without the key.
For more information and background, see the Fernet spec at https://github.com/fernet/spec.
Subdirectories in this package provide command-line tools for working with Fernet keys and tokens.
Example ¶
k := fernet.MustDecodeKeys("cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=")
tok, err := fernet.EncryptAndSign([]byte("hello"), k[0])
if err != nil {
panic(err)
}
msg := fernet.VerifyAndDecrypt(tok, 60*time.Second, k)
fmt.Println(string(msg))
Output: hello
Index ¶
- func EncryptAndSign(msg []byte, k *Key) (tok []byte, err error)
- func EncryptAndSignAtTime(msg []byte, k *Key, ts time.Time) (tok []byte, err error)
- func VerifyAndDecrypt(tok []byte, ttl time.Duration, k []*Key) (msg []byte)
- func VerifyAndDecryptAtTime(tok []byte, ttl time.Duration, k []*Key, ts time.Time) (msg []byte)
- type Key
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func EncryptAndSign ¶
EncryptAndSign encrypts and signs msg with key k and the current timestamp and returns the resulting fernet token. If msg contains text, the text should be encoded with UTF-8 to follow fernet convention
func EncryptAndSignAtTime ¶
EncryptAndSignAtTime encrypts and signs msg with key k and timestamp ts and returns the resulting fernet token. If msg contains text, the text should be encoded with UTF-8 to follow fernet convention.
func VerifyAndDecrypt ¶
VerifyAndDecrypt verifies that tok is a valid fernet token that was signed with a key in k at most ttl time ago only if ttl is greater than zero. Returns the message contained in tok if tok is valid, otherwise nil.
func VerifyAndDecryptAtTime ¶
VerifyAndDecrypt verifies that tok is a valid fernet token that was signed with a key in k at most ttl time ago from timestamp ts only if ttl is greater than zero. Returns the message contained in tok if tok is valid, otherwise nil.
Types ¶
type Key ¶
type Key [32]byte
Key represents a key.
func DecodeKey ¶
DecodeKey decodes a key from s and returns it. The key can be in hexadecimal, standard base64, or URL-safe base64.
func DecodeKeys ¶
DecodeKeys decodes each element of a using DecodeKey and returns the resulting keys. Requires at least one key.
func MustDecodeKeys ¶
MustDecodeKeys is like DecodeKeys, but panics if an error occurs. It simplifies safe initialization of global variables holding keys.
Source Files
Directories