formcrypt

package module
v0.0.0-...-3184972 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 11, 2023 License: BSD-3-Clause Imports: 10 Imported by: 0

README

FormCrypt.go

This is a go module which provides support for browser-side encryption and server-side decryption using RSA.

It comes with embedded Javascript code as well as a helper function to generate a ready-to-use snippet for you to directly insert into your webpage.

If you are using PHP, you can refer to the one I wrote a few years ago on gitee: fsgmhoward/FormCrypt

Build Status FOSSA Status gopherbadger-tag-do-not-edit

Warning

Even if you are using this module, you should still enable HTTPS on your website.

Using this module together with HTTPS provides you confidentiality of form data against those with your HTTPS private key, such as CDN and logger middleware (of your organization).

However, there is no integrity, nor authenticity provided. That is meant to be provided by HTTPS/TLS. Never use this without HTTPS.

Also, securities of using browser-side JS to do encryption can also be ineffective given many factors like PRNG.

How to use

You should be able to just import it as a go module.

go get github.com/fsgmhoward/formcrypt.go

The rest you can take a look at the example. It should be pretty straight-forward.

Development

When you update any assets (those JS), you will need to generate statik module once again:

statik -src=assets -f

Also, this module and the coming example were tested under Go 1.14. There is no guarantee that it will work on other versions (especially the older ones).

License

This is open-sourced under The 3-Clause BSD License. See LICENSE for exact licensing details.

Client-side JS codes mainly bases on Tom Wu's JSBN library. Please refer to its website for licensing details.

FOSSA Status

Documentation

Index

Constants

View Source 
const DefaultKey = "github.com/fsgmhoward/formcrypt.go"
View Source 
const DefaultSessionKey = "formcrypt.go/key"

Variables

This section is empty.

Functions

func InitializeEngine 

func InitializeEngine(r *gin.Engine, sessionName string) error

initialize gin engine - adds routes for static assets and adds session middleware

func Void 

func Void(c *gin.Context, isMany bool) error

delete the stored key from session

Types

type Engine 

type Engine struct {
	SessionName string
}

stores some global data

type Key 

type Key struct {
	BitSize int
	Key     rsa.PrivateKey
	// contains filtered or unexported fields
}

func Load 

func Load(c *gin.Context, isMany bool) (Key, error)

load the key from the session if key cannot be loaded, it should return an empty key with error

func (*Key) Decrypt 

func (key *Key) Decrypt(dataString string) (string, error)

decrypts data received from client

func (*Key) Generate 

func (key *Key) Generate() error

generator of the RSA key

func (*Key) GetJavascriptSegment 

func (key *Key) GetJavascriptSegment(formId string, fields []string) string

generate a javascript segment for inserting into HTML

func (*Key) GetPKHexString 

func (key *Key) GetPKHexString() string

generate the base64-encoded public key string in the form of N:E

func (*Key) Store 

func (key *Key) Store(c *gin.Context, isMany bool) error

store the key into the session isMany specifies whether multiple session is used

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.