crypto

package
v0.6.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 7, 2023 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Overview

Package crypto provides cryptography functions for generating keys and certificates, deriving keys, calculating HMACs and such

Index

Constants

View Source 
const (
	// KeyLenBytes is a constant that defines the length of the key that is derived from the password (128-bit)
	KeyLenBytes = 32

	// KeyDerivIter is the number of PBKDF2 iterations used to derive the key from the password
	KeyDerivIter = 10000
)

Variables

This section is empty.

Functions

func CalculatePublicKeyHash 

func CalculatePublicKeyHash(cert *x509.Certificate) ([]byte, error)

CalculatePublicKeyHash calculates the SHA-256 hash of the DER PKIX representation of the public key contained in the given certificate. This is useful to use with the --pinnedpubkey option in curl.

func EncodeCert 

func EncodeCert(cert *x509.Certificate) ([]byte, error)

EncodeCert encodes a X.509 certificates as PEM.

func EncodeCurlPinnedPublicKeyHash 

func EncodeCurlPinnedPublicKeyHash(hash []byte) string

EncodeCurlPinnedPublicKeyHash encodes a public key hash in the format that curl's --pinnedpubkey option expects.

func EncodeKey 

func EncodeKey(key *Key) string

EncodeKey encodes the raw key and salt into a string in the format SALT:KEY, with both parts being base64 encoded.

func GenerateAuthHMAC 

func GenerateAuthHMAC(key []byte, method string, path string, ttl time.Duration) (string, error)

GenerateAuthHMAC generates the HMAC auth header used to authorize uthenticate against the server. The result can be used in the HTTP "Authorization" header. If the TTL is non-zero, the authorization header will only be valid for the given duration.

func GenerateKeyAndCert 

func GenerateKeyAndCert(hostname string) (string, string, error)

GenerateKeyAndCert generates a ECDSA P-256 key, and a self-signed certificate. It returns both as PEM-encoded values.

func LoadCertFromFile 

func LoadCertFromFile(filename string) (*x509.Certificate, error)

LoadCertFromFile loads the first PEM-encoded certificate from the given filename

func ReadCurlPinnedPublicKeyFromFile 

func ReadCurlPinnedPublicKeyFromFile(filename string) (string, error)

ReadCurlPinnedPublicKeyFromFile reads a cert from the given filename and calculates the public key for curl

Types

type Key 

type Key struct {
	Bytes []byte
	Salt  []byte
}

Key defines the symmetric key that is derived from the user password. It consists of the raw key bytes and the randomly generated salt.

func DecodeKey 

func DecodeKey(s string) (*Key, error)

DecodeKey decodes a key that was previously encoded with the EncodeKey function.

func DeriveKey 

func DeriveKey(password []byte, salt []byte) *Key

DeriveKey derives a key using PBKDF2 from the given password, using the given salt. This function can be used to derive and then verify a key from a kkown salt and password.

func GenerateKey 

func GenerateKey(password []byte) (*Key, error)

GenerateKey generates a new random salt and then derives a key from the given password using the DeriveKey function. This function is meant to be used when a new server is set up.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.