cryptox

package module
v0.1.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 2, 2024 License: MIT Imports: 24 Imported by: 0

README ΒΆ

crypto logo

go-cryptox

Extension of Golang crypto library




Table of Contents

πŸ‘οΈ Overview

go-cryptox provides additional functionality related to cryptography to facilitate the use of crypto in applications.

Please review the module documentation for details on how to properly the functions and classes contained in this module.

βœ… Requirements

This module is supported for Go v1.21 and later.

πŸ“ƒ License

This module is distributed under the MIT License.

❓ Questions, Issues and Feature Requests

If you have questions about this project, find a bug or wish to submit a feature request, please submit an issue.

Documentation ΒΆ

Overview ΒΆ

Package cryptox contains functionality for dealing with X509 certificates and cryptography.

This package utilizes the go.innotegrity.dev/errorx package to return errors which can contain caller information that can be used with whatever logging platform you prefer to use.

Index ΒΆ

Constants ΒΆ

View Source 
const (
	// Library error codes
	DecryptionErrorCode         = 5001
	EncryptionErrorCode         = 5002
	InvalidPublicKeyErrorCode   = 5003
	SignatureErrorCode          = 5004
	InvalidSignatureCode        = 5005
	LoadCertificateErrorCode    = 5006
	InvalidCertificateErrorCode = 5007
	RSAPrivateKeyErrorCode      = 5008
	X509CertificateErrorCode    = 5009
	JWTErrorCode                = 5010
	PGPErrorCode                = 5011
	PEMGeneralErrorCode         = 5012
)

Variables ΒΆ

This section is empty.

Functions ΒΆ

func DecodePEMBlockFromFile ΒΆ 

func DecodePEMBlockFromFile(ctx context.Context, file string) (*pem.Block, error)

DecodePEMBlockFromFile loads a file into memory and decodes any PEM data from it.

The following errors are returned by this function: PEMGeneralError

func DecryptPEMBlock ΒΆ 

func DecryptPEMBlock(ctx context.Context, b *pem.Block, password []byte) ([]byte, error)

DecryptPEMBlock takes a PEM block encrypted according to RFC 1423 and the password used to encrypt it and returns a slice of decrypted DER encoded bytes.

It inspects the DEK-Info header to determine the algorithm used for decryption. If no DEK-Info header is present, an error is returned. If an incorrect password is detected an IncorrectPasswordError is returned. Because of deficiencies in the format, it's not always possible to detect an incorrect password. In these cases no error will be returned but the decrypted DER bytes will be random noise.

The following errors are returned by this function: DecryptionError

func DecryptString ΒΆ 

func DecryptString(ctx context.Context, ciphertext, key string) (string, errorx.Error)

DecryptString decrypts the given block of ciphertext that was encrypted using the EncryptString() function.

If the string was encrypted using a random key generated by EncryptString(), leave the key empty.

The following errors are returned by this function: DecryptionError

func EncryptPEMBlock ΒΆ 

func EncryptPEMBlock(ctx context.Context, rand io.Reader, blockType string, data, password []byte, alg PEMCipher) (
	*pem.Block, error)

EncryptPEMBlock returns a PEM block of the specified type holding the given DER encoded data encrypted with the specified algorithm and password according to RFC 1423.

The following errors are returned by this function: EncryptionError

func EncryptString ΒΆ 

func EncryptString(ctx context.Context, plaintext, key string) (string, errorx.Error)

EncryptString encrypts the given string using the given key.

If the key is empty, a random key is generated and stored with the ciphertext.

The following errors are returned by this function: EncryptionError

func GeneratePassword ΒΆ 

func GeneratePassword(passwordLength, minSpecialChar, minNum, minUpperCase int) string

GeneratePassword generates a random password with the given characteristics.

func IsEncryptedPEMBlock ΒΆ 

func IsEncryptedPEMBlock(b *pem.Block) bool

IsEncryptedPEMBlock returns whether the PEM block is password encrypted according to RFC 1423.

func NewSelfSignedCertificateKeyPair ΒΆ 

func NewSelfSignedCertificateKeyPair(ctx context.Context, template *x509.Certificate, keyBits int) (
	[]byte, []byte, error)

NewSelfSignedCertificateKeyPair creates a new self-signed certificate using the given template and returns the public certificate and private key, respectively, on success.

The following errors are returned by this function: RSAPrivateKeyError, X509CertificateError

func ParsePEMCertificateBytes ΒΆ 

func ParsePEMCertificateBytes(ctx context.Context, contents []byte) ([]*x509.Certificate, error)

ParsePEMCertificateBytes takes a PEM-formatted byte string and converts it into one or more X509 certificates.

The following errors are returned by this function: X509CertificateError

func ParsePEMCertificateFile ΒΆ 

func ParsePEMCertificateFile(ctx context.Context, file string) ([]*x509.Certificate, error)

ParsePEMCertificateFile takes a PEM-formatted file and converts it into one or more X509 certificates.

The following errors are returned by this function: X509CertificateError

func ParsePEMPrivateKeyBytes ΒΆ 

func ParsePEMPrivateKeyBytes(ctx context.Context, contents []byte, password []byte) (*rsa.PrivateKey, error)

ParsePEMPrivateKeyBytes takes a PEM-formatted byte string and converts it into an RSA private key.

If the private key is encrypted, be sure to include a password or else this function will return an error. If no password is required, you can safely pass nil for the password.

The following errors are returned by this function: RSAPrivateKeyError

func ParsePEMPrivateKeyFile ΒΆ 

func ParsePEMPrivateKeyFile(ctx context.Context, file string, password []byte) (*rsa.PrivateKey, error)

ParsePEMPrivateKeyFile takes a PEM-formatted file and converts it into an RSA private key.

If the private key is encrypted, be sure to include a password or else this function will return an error. If no password is required, you can safely pass nil for the password.

The following errors are returned by this function: RSAPrivateKeyError

func ParsePublicKeyFromCertificate ΒΆ 

func ParsePublicKeyFromCertificate(ctx context.Context, cert *x509.Certificate) (*rsa.PublicKey, errorx.Error)

ParsePublicKeyFromCertificate parses the RSA public key portion from an X509 certificate.

The following errors are returned by this function: InvalidPublicKeyError

func Sign ΒΆ 

func Sign(ctx context.Context, contents []byte, privateKey *rsa.PrivateKey) ([]byte, errorx.Error)

Sign takes the content and generates a signature using a private key certificate.

Use the DecodePEMData() function to convert a PEM-formatted certificate into a PEM block. If the private key is encrypted, use the DecryptPEMBlock() function to decrypt it first.

Use the Verify() function to verify the signature produced for the content.

The following errors are returned by this function: InvalidPublicKeyError

func ValidateCertificate ΒΆ 

func ValidateCertificate(ctx context.Context, cert *x509.Certificate, roots *CertificatePool,
	intermediates *CertificatePool, keyUsages []x509.ExtKeyUsage, cn string) errorx.Error

ValidateCertificate verifies the given certificate is completely trusted.

If the certificate was signed with a key that is not trusted by the default system certificate pool, be sure to specify a root CA certificate pool and, if necessary, an intermediate pool containing the certificates required to verify the chain.

If you wish to match against specific X509 extended key usages such as verifying the signing key has the Code Signing key usage, pass those fields in the keyUsages parameter.

If you wish to verify the common name (CN) field of the public key passed in, specify a non-empty string for the cn parameter. This match is case-sensitive.

The following errors are returned by this function: InvalidCertificateError

func Verify ΒΆ 

func Verify(ctx context.Context, contents, signature []byte, publicKey *rsa.PublicKey) errorx.Error

Verify validates that the given contents have not been altered by checking them against the signature and public key provided.

Use the Sign() function to create the signature used by this function to ensure the same hashing algorithm is applied.

The following errors are returned by this function: SignatureError

Types ΒΆ

type CertificatePool ΒΆ 

type CertificatePool struct {
	*x509.CertPool
}

CertificatePool stores X509 certificates.

func NewCertificatePool ΒΆ 

func NewCertificatePool(ctx context.Context, emptyPool bool) (*CertificatePool, errorx.Error)

NewCertificatePool creates a new CertificatePool object.

If empty is true, return an empty certificate pool instead of a pool containing a copy of all of the system's trusted root certificates.

The following errors are returned by this function: LoadCertificateError

func (*CertificatePool) AddPEMCertificatesFromFile ΒΆ 

func (p *CertificatePool) AddPEMCertificatesFromFile(ctx context.Context, file string) errorx.Error

AddPEMCertificatesFromFile adds one or more PEM-formatted certificates from a file to the certificate pool.

The following errors are returned by this function: LoadCertificateError

type DecryptionError ΒΆ 

type DecryptionError struct {
	// contains filtered or unexported fields
}

DecryptionErrror occurs when there's an error decrypting ciphertext.

func NewDecryptionError ΒΆ 

func NewDecryptionError(msg string, err error) *DecryptionError

NewDecryptionError creates a new DecryptionError error.

func NewDecryptionErrorWithContext ΒΆ added in v0.1.2 

func NewDecryptionErrorWithContext(ctx context.Context, msg string, err error) *DecryptionError

NewDecryptionErrorWithContext creates a new DecryptionError error with context.

func (DecryptionError) Error ΒΆ 

func (e DecryptionError) Error() string

Error returns the string version of the error.

func (DecryptionError) Msg ΒΆ 

func (e DecryptionError) Msg() string

Msg returns the associated error message.

type EncryptionError ΒΆ 

type EncryptionError struct {
	// contains filtered or unexported fields
}

EncryptionErrror occurs when there's an error encrypting plaintext.

func NewEncryptionError ΒΆ 

func NewEncryptionError(msg string, err error) *EncryptionError

NewEncryptionError creates a new EncryptionError error.

func NewEncryptionErrorWithContext ΒΆ added in v0.1.2 

func NewEncryptionErrorWithContext(ctx context.Context, msg string, err error) *EncryptionError

NewEncryptionErrorWithContext creates a new EncryptionError error with context.

func (EncryptionError) Error ΒΆ 

func (e EncryptionError) Error() string

Error returns the string version of the error.

func (EncryptionError) Msg ΒΆ 

func (e EncryptionError) Msg() string

Msg returns the associated error message.

type InvalidCertificateError ΒΆ 

type InvalidCertificateError struct {
	// contains filtered or unexported fields
}

InvalidCertificateError occurs when an improperly formatted X509 certificate is encountered.

func NewInvalidCertificateError ΒΆ 

func NewInvalidCertificateError(msg string, err error) *InvalidCertificateError

NewInvalidCertificateError creates a new InvalidCertificateError error.

func NewInvalidCertificateErrorWithContext ΒΆ added in v0.1.2 

func NewInvalidCertificateErrorWithContext(ctx context.Context, msg string, err error) *InvalidCertificateError

NewInvalidCertificateErrorWithContext creates a new InvalidCertificateError error with context.

func (InvalidCertificateError) Error ΒΆ 

func (e InvalidCertificateError) Error() string

Error returns the string version of the error.

func (InvalidCertificateError) Msg ΒΆ 

func (e InvalidCertificateError) Msg() string

Msg returns the associated error message.

type InvalidPublicKeyError ΒΆ 

type InvalidPublicKeyError struct {
	// contains filtered or unexported fields
}

InvalidPublicKeyError occurs when an improperly formatted RSA public key is encountered.

func NewInvalidPublicKeyError ΒΆ 

func NewInvalidPublicKeyError(msg string, err error) *InvalidPublicKeyError

NewInvalidPublicKeyError creates a new InvalidPublicKeyError error.

func NewInvalidPublicKeyErrorWithContext ΒΆ added in v0.1.2 

func NewInvalidPublicKeyErrorWithContext(ctx context.Context, msg string, err error) *InvalidPublicKeyError

NewInvalidPublicKeyErrorWithContext creates a new InvalidPublicKeyError error with context.

func (InvalidPublicKeyError) Error ΒΆ 

func (e InvalidPublicKeyError) Error() string

Error returns the string version of the error.

func (InvalidPublicKeyError) Msg ΒΆ 

func (e InvalidPublicKeyError) Msg() string

Msg returns the associated error message.

type JWTAuthECDSAService ΒΆ 

type JWTAuthECDSAService struct {
	// contains filtered or unexported fields
}

JWTAuthECDSAService creates and validates JWT tokens that are signed with a private ECDSA key and validated with a public ECDSA key.

func NewJWTAuthECDSAService ΒΆ 

func NewJWTAuthECDSAService(publicKey *ecdsa.PublicKey, privateKey *ecdsa.PrivateKey) *JWTAuthECDSAService

NewJWTAuthECDSAService creates an initializes a new service object.

func (*JWTAuthECDSAService) GenerateToken ΒΆ 

func (j *JWTAuthECDSAService) GenerateToken(ctx context.Context, claims jwt.Claims) (string, errorx.Error)

GenerateToken generates a new JWT token with the given claims.

The following errors are returned by this function: JWTError

func (*JWTAuthECDSAService) VerifyToken ΒΆ 

func (j *JWTAuthECDSAService) VerifyToken(ctx context.Context, encodedToken string) (*jwt.Token, errorx.Error)

VerifyToken parses and verifies the token string, returning the resulting JWT token for further validation.

The service must use the same secret that was used to generate the token being verified.

The following errors are returned by this function: JWTError

type JWTAuthHMACService ΒΆ 

type JWTAuthHMACService struct {
	// contains filtered or unexported fields
}

JWTAuthHMACService creates and validates JWT tokens that are signed with an HMAC256-hashed secret.

func NewJWTAuthHMACService ΒΆ 

func NewJWTAuthHMACService(secret []byte) *JWTAuthHMACService

NewJWTAuthHMACService creates an initializes a new service object.

func (*JWTAuthHMACService) GenerateToken ΒΆ 

func (j *JWTAuthHMACService) GenerateToken(ctx context.Context, claims jwt.Claims) (string, errorx.Error)

GenerateToken generates a new JWT token with the given claims.

The following errors are returned by this function: JWTError

func (*JWTAuthHMACService) VerifyToken ΒΆ 

func (j *JWTAuthHMACService) VerifyToken(ctx context.Context, encodedToken string) (*jwt.Token, errorx.Error)

VerifyToken parses and verifies the token string, returning the resulting JWT token for further validation.

The service must use the same secret that was used to generate the token being verified.

The following errors are returned by this function: JWTError

type JWTAuthRSAService ΒΆ 

type JWTAuthRSAService struct {
	// contains filtered or unexported fields
}

JWTAuthRSAService creates and validates JWT tokens that are signed with a private RSA key and validated with a public RSA key.

func NewJWTAuthRSAService ΒΆ 

func NewJWTAuthRSAService(publicKey *rsa.PublicKey, privateKey *rsa.PrivateKey) *JWTAuthRSAService

NewJWTAuthRSAService creates an initializes a new service object.

func (*JWTAuthRSAService) GenerateToken ΒΆ 

func (j *JWTAuthRSAService) GenerateToken(ctx context.Context, claims jwt.Claims) (string, errorx.Error)

GenerateToken generates a new JWT token with the given claims.

The following errors are returned by this function: JWTError

func (*JWTAuthRSAService) VerifyToken ΒΆ 

func (j *JWTAuthRSAService) VerifyToken(ctx context.Context, encodedToken string) (*jwt.Token, errorx.Error)

VerifyToken parses and verifies the token string, returning the resulting JWT token for further validation.

The service must use the same key pair that was used to generate the token being verified.

The following errors are returned by this function: JWTError

type JWTAuthService ΒΆ 

type JWTAuthService interface {
	// GenerateToken should generate a new JWT token with the given claims and return the encoded JWT token.
	GenerateToken(context.Context, jwt.Claims) (string, errorx.Error)

	// VerifyToken should parse and verify the token string and return the resulting JWT token for further validation.
	VerifyToken(context.Context, string) (*jwt.Token, errorx.Error)
}

JWTAuthService represents any object that is able to generate new JWT tokens and also validate them.

type JWTError ΒΆ 

type JWTError struct {
	// contains filtered or unexported fields
}

JWTError occurs when there is an error with a Java Web Token.

func NewJWTError ΒΆ 

func NewJWTError(msg string, err error) *JWTError

NewJWTError creates a new JWTError error.

func NewJWTErrorWithContext ΒΆ added in v0.1.2 

func NewJWTErrorWithContext(ctx context.Context, msg string, err error) *JWTError

NewJWTErrorWithContext creates a new JWTError error with context.

func (JWTError) Error ΒΆ 

func (e JWTError) Error() string

Error returns the string version of the error.

func (JWTError) Msg ΒΆ 

func (e JWTError) Msg() string

Msg returns the associated error message.

type LoadCertificateError ΒΆ 

type LoadCertificateError struct {
	// contains filtered or unexported fields
}

LoadCertificateError occurs when there is an error loading one or more certificates.

func NewLoadCertificateError ΒΆ 

func NewLoadCertificateError(msg string, err error) *LoadCertificateError

NewLoadCertificateError creates a new LoadCertificateError error.

func NewLoadCertificateErrorWithContext ΒΆ added in v0.1.2 

func NewLoadCertificateErrorWithContext(ctx context.Context, msg string, err error) *LoadCertificateError

NewLoadCertificateErrorWithContext creates a new LoadCertificateError error with context.

func (LoadCertificateError) Error ΒΆ 

func (e LoadCertificateError) Error() string

Error returns the string version of the error.

func (LoadCertificateError) Msg ΒΆ 

func (e LoadCertificateError) Msg() string

Msg returns the associated error message.

type PEMCipher ΒΆ 

type PEMCipher int

PEMCipher is just an alias for int. 

const (
	PEMCipherDES PEMCipher
	PEMCipher3DES
	PEMCipherAES128
	PEMCipherAES192
	PEMCipherAES256
)

Possible values for the EncryptPEMBlock encryption algorithm.

type PEMGeneralError ΒΆ 

type PEMGeneralError struct {
	// contains filtered or unexported fields
}

PEMGeneralError occurs when there is a general error during PEM-related operations.

func NewPEMGeneralError ΒΆ 

func NewPEMGeneralError(msg string, err error) *PEMGeneralError

NewPEMGeneralError creates a new PEMGeneralError error.

func NewPEMGeneralErrorWithContext ΒΆ added in v0.1.2 

func NewPEMGeneralErrorWithContext(ctx context.Context, msg string, err error) *PEMGeneralError

NewPEMGeneralErrorWithContext creates a new PEMGeneralError error with context.

func (PEMGeneralError) Error ΒΆ 

func (e PEMGeneralError) Error() string

Error returns the string version of the error.

func (PEMGeneralError) Msg ΒΆ 

func (e PEMGeneralError) Msg() string

Msg returns the associated error message.

type PGPError ΒΆ 

type PGPError struct {
	// contains filtered or unexported fields
}

PGPError occurs when there is an error with a PGP operation.

func NewPGPError ΒΆ 

func NewPGPError(msg string, err error) *PGPError

NewPGPError creates a new PGPError error.

func NewPGPErrorWithContext ΒΆ added in v0.1.2 

func NewPGPErrorWithContext(ctx context.Context, msg string, err error) *PGPError

NewPGPErrorWithContext creates a new PGPError error with context.

func (PGPError) Error ΒΆ 

func (e PGPError) Error() string

Error returns the string version of the error.

func (PGPError) Msg ΒΆ 

func (e PGPError) Msg() string

Msg returns the associated error message.

type PGPKeyPair ΒΆ 

type PGPKeyPair struct {
	// contains filtered or unexported fields
}

PGPKeyPair represents a PGP key pair.

func NewPGPKeyPair ΒΆ 

func NewPGPKeyPair(ctx context.Context, name, email, keyType string, bits int) (*PGPKeyPair, error)

NewPGPKeyPair returns a new PGP key pair.

Be sure to call ClearPrivateParams on the returned key to clear memory out when finished with the object.

The following errors are returned by this function: PGPError

func NewPGPKeyPairFromArmor ΒΆ 

func NewPGPKeyPairFromArmor(ctx context.Context, armoredKey, passphrase string) (*PGPKeyPair, error)

NewPGPKeyPairFromArmor returns a new PGP key pair from the given armored private key.

Be sure to call ClearPrivateParams on the returned key to clear memory out when finished with the object.

The following errors are returned by this function: PGPError

func (*PGPKeyPair) ClearPrivateParams ΒΆ 

func (kp *PGPKeyPair) ClearPrivateParams()

ClearPrivateParams clears out memory attached to the private key.

func (*PGPKeyPair) GetArmoredPrivateKey ΒΆ 

func (kp *PGPKeyPair) GetArmoredPrivateKey(ctx context.Context) (string, error)

GetArmoredPrivateKey returns the private key wrapped in PGP armor.

The following errors are returned by this function: PGPError

func (*PGPKeyPair) GetArmoredPublicKey ΒΆ 

func (kp *PGPKeyPair) GetArmoredPublicKey(ctx context.Context) (string, error)

GetArmoredPublicKey returns the public key wrapped in PGP armor.

The following errors are returned by this function: ErrGetPGPKeyFailure

type RSAPrivateKeyError ΒΆ 

type RSAPrivateKeyError struct {
	// contains filtered or unexported fields
}

RSAPrivateKeyError occurs when there is an error with an RSA private key.

func NewRSAPrivateKeyError ΒΆ 

func NewRSAPrivateKeyError(msg string, err error) *RSAPrivateKeyError

NewRSAPrivateKeyError creates a new RSAPrivateKeyError error.

func NewRSAPrivateKeyErrorWithContext ΒΆ added in v0.1.2 

func NewRSAPrivateKeyErrorWithContext(ctx context.Context, msg string, err error) *RSAPrivateKeyError

NewRSAPrivateKeyErrorWithContext creates a new RSAPrivateKeyError error with context.

func (RSAPrivateKeyError) Error ΒΆ 

func (e RSAPrivateKeyError) Error() string

Error returns the string version of the error.

func (RSAPrivateKeyError) Msg ΒΆ 

func (e RSAPrivateKeyError) Msg() string

Msg returns the associated error message.

type SignatureError ΒΆ 

type SignatureError struct {
	// contains filtered or unexported fields
}

SignatureError occurs when there is an error signing content with an RSA private key.

func NewSignatureError ΒΆ 

func NewSignatureError(msg string, err error) *SignatureError

NewSignatureError creates a new SignatureError error.

func NewSignatureErrorWithContext ΒΆ added in v0.1.2 

func NewSignatureErrorWithContext(ctx context.Context, msg string, err error) *SignatureError

NewSignatureErrorWithContext creates a new SignatureError error with context.

func (SignatureError) Error ΒΆ 

func (e SignatureError) Error() string

Error returns the string version of the error.

func (SignatureError) Msg ΒΆ 

func (e SignatureError) Msg() string

Msg returns the associated error message.

type X509CertificateError ΒΆ 

type X509CertificateError struct {
	// contains filtered or unexported fields
}

X509CertificateError occurs when there is an error with an X509 certificate.

func NewX509CertificateError ΒΆ 

func NewX509CertificateError(msg string, err error) *X509CertificateError

NewX509CertificateError creates a new X509CertificateError error.

func NewX509CertificateErrorWithContext ΒΆ added in v0.1.2 

func NewX509CertificateErrorWithContext(ctx context.Context, msg string, err error) *X509CertificateError

NewX509CertificateErrorWithContext creates a new X509CertificateError error with context.

func (X509CertificateError) Error ΒΆ 

func (e X509CertificateError) Error() string

Error returns the string version of the error.

func (X509CertificateError) Msg ΒΆ 

func (e X509CertificateError) Msg() string

Msg returns the associated error message.

Source Files ΒΆ

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.