README
¶
Crypto Tooling
This package github.com/Scalingo/go-utils/crypto aims at providing common crypto primitive helpers.
Secret Generator
// Generate keys with different formats
crypto.CreateKey(size int) ([]byte, error)
crypto.CreateKeyString(size int) (string, error)
crypto.CreateKeyBase64String(size int) (string, error)
// Parse hex-string key back to binary
crypto.ParseKey(key string) ([]byte, error)
Symmetric Block Encryption (AES-CFB)
crypto.Encrypt(key, plaintext []byte) ([]byte, error)
crypto.Decrypt(key, ciphertext []byte) ([]byte, error)
HMAC-SHA Signature
crypto.HMAC256(key, payload []byte) ([]byte, error)
crypto.HMAC512(key, payload []byte) ([]byte, error)
Data Stream Encryption (AES-256-CTR)
crypto.NewStreamEncrypter(encryptionKey, hmacKey []byte, plaintext io.Reader) (*StreamEncrypter, error)
crypto.NewStreamDecrypter(encryptionKey, hmacKey []byte, ciphertext io.Reader) (*StreamDecrypter, error)
- Both
StreamEncrypterandStreamDecrypterareio.Reader - Calling
Readon them will be blocking if no input is provided - They'll return
io.EOFonce the input returnsio.EOF.
Documentation
¶
Overview ¶
Package crypto includes common cryptography helpers.
They typically make usie of the stdlib functions more ergonomic, and do not seek to invent new methods for encrypting or decrypting data.
This package is inspired from https://github.com/blend/go-sdk with the following changes: - Use of github.com/pkg/errors to wrap errors
Index ¶
- Constants
- func CreateKey(keySize int) ([]byte, error)
- func CreateKeyBase64String(keySize int) (string, error)
- func CreateKeyString(keySize int) (string, error)
- func Decrypt(key, cipherText []byte) ([]byte, error)
- func Encrypt(key, plainText []byte) ([]byte, error)
- func HMAC256(key, plainText []byte) []byte
- func HMAC512(key, plainText []byte) []byte
- func ParseKey(key string) ([]byte, error)
- type StreamDecrypter
- type StreamEncrypter
- type StreamMeta
Constants ¶
const ( // DefaultKeySize is the size of keys to generate for client use. DefaultKeySize = 32 // KeyVersionSize is the size of the key version prefix. KeyVersionSize = (4 + 2 + 2 + 1) // YYYY + MM + DD + : // IVSize is the size of the IV prefix. IVSize = aes.BlockSize )
Important constants.
Variables ¶
This section is empty.
Functions ¶
func CreateKey ¶
CreateKey creates a key of a given size by reading that much data off the crypto/rand reader.
func CreateKeyBase64String ¶
CreateKeyBase64String generates a new key and returns it as a base64 std encoding string.
func CreateKeyString ¶
CreateKeyString generates a new key and returns it as a hex string.
Types ¶
type StreamDecrypter ¶
type StreamDecrypter struct {
Source io.Reader
Block cipher.Block
Stream cipher.Stream
Mac hash.Hash
Meta StreamMeta
}
StreamDecrypter is a decrypter for a stream of data with authentication
func NewStreamDecrypter ¶
func NewStreamDecrypter(encKey, macKey []byte, meta StreamMeta, cipherText io.Reader) (*StreamDecrypter, error)
NewStreamDecrypter creates a new stream decrypter
func (*StreamDecrypter) Authenticate ¶
func (s *StreamDecrypter) Authenticate() error
Authenticate verifys that the hash of the stream is correct. This should only be called after processing is finished
type StreamEncrypter ¶
type StreamEncrypter struct {
Source io.Reader
Block cipher.Block
Stream cipher.Stream
Mac hash.Hash
IV []byte
}
StreamEncrypter is an encrypter for a stream of data with authentication
func NewStreamEncrypter ¶
func NewStreamEncrypter(encKey, macKey []byte, plainText io.Reader) (*StreamEncrypter, error)
NewStreamEncrypter creates a new stream encrypter
func (*StreamEncrypter) Meta ¶
func (s *StreamEncrypter) Meta() StreamMeta
Meta returns the encrypted stream metadata for use in decrypting. This should only be called after the stream is finished
type StreamMeta ¶
type StreamMeta struct {
// IV is the initial value for the crypto function
IV []byte
// Hash is the sha256 hmac of the stream
Hash []byte
}
StreamMeta is metadata about an encrypted stream
Source Files