Documentation ¶
Overview ¶
---------------------------------------------------------------------------------------------- // -- Copyright (c) 2024 Braden Hitchcock - MIT License (https://opensource.org/licenses/MIT) -- // ---------------------------------------------------------------------------------------------- //
---------------------------------------------------------------------------------------------- // -- Copyright (c) 2024 Braden Hitchcock - MIT License (https://opensource.org/licenses/MIT) -- // ---------------------------------------------------------------------------------------------- //
Index ¶
- Constants
- func CheckPasswordHash(password Password, hash string) bool
- func Decrypt(key Key, ciphertext []byte) (plaintext []byte, err error)
- func Encrypt(key Key, plaintext []byte) (ciphertext []byte, err error)
- func HashPassword(password Password) (string, error)
- type Agent
- type Key
- type Password
- type Salt
Constants ¶
const ( // Iterations is the number of iterations used when generating a key with PBKDF2. Iterations = 1000000 // KeyLength is the length of the key generated by PBKDF2 for encrypting data. KeyLength = 32 // SaltLength is the length of the salt used by PBKDF2 when generating a key. SaltLength = 32 // MinPasswordLength is the minimum number of characters that must be contained in a // user-provided password. MinPasswordLength = 16 // MaxPasswordLength is the maximum number of bytes a password can contain. This restriction is // imposed by the Bcrypt algorithm used to hash the password. MaxPasswordLength = 72 // HashCost is the cost used by the Bcrypt algorithm when hashing a password. HashCost = 14 )
Variables ¶
This section is empty.
Functions ¶
func CheckPasswordHash ¶
HashPassword compares a plain-text password against a string hash of a password hashed using the Bcrypt algorithm. If using Bcrypt to hash the provided password would produce a string equal to the provided hash, then the function returns true. Otherwise the function returns false.
See https://www.usenix.org/legacy/event/usenix99/provos/provos.pdf for algorithm specifics.
func Decrypt ¶
Decrypt uses AES-256 to decrypt the provided ciphertext and produce a newly allocated byte slice of the plaintext contents.
func Encrypt ¶
Encrypt uses AES-256 to encrypt the provided plaintext and produce a newly allocated byte slice of ciphertext. The byte slice is only valid if err is nil.
func HashPassword ¶
HashPassword produces a string hash of the provided password using the Bcrypt algorithm.
See https://www.usenix.org/legacy/event/usenix99/provos/provos.pdf for algorithm specifics.
Types ¶
type Key ¶
type Key []byte
Key is the slice of keylen bytes used to encrypt data with AES-256.
func NewDerivedKey ¶
NewDerivedKey uses the PBKDF2 key derivation algorithm to create a 256-bit key that can be used by the AES algorithm for encrypting and decrypting data.
func NewRandomKey ¶
NewRandomKey uses a cryptographically strong random generator to create a 256-bit key that can be used by the AES algorithm for encrypting and decrypting data.
type Password ¶
type Password string
Password is a user-provided string that has been validated and meets all criteria for a password.
func NewPassword ¶
NewPassword verifies the provided string value meets the criteria for a password and then wraps it in the Password type to indicate the string has been validated. If the provided string does not meet the password criteria for Kolob, then the function will return an error explaining which criteria failed.
Note that although the function only returns a single error value, the message inside that error value is dynamic depending on which criteria for the password were not met.
type Salt ¶
type Salt []byte
Salt is the slice of saltlen bytes used when generating a key from a user-provided password.
func LoadSalt ¶
LoadSalt verifies that an existing byte slice only contains saltlen bytes. This ensures that a bytes loaded from authentication information can be used to recreate the original key used to encrypt data.