fernet

package module
v0.0.0-...-303da6a Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 19, 2024 License: MIT Imports: 12 Imported by: 215

README 

Fernet takes a user-provided *message* (an arbitrary sequence of
bytes), a *key* (256 bits), and the current time, and produces a
*token*, which contains the message in a form that can't be read
or altered without the key.

This package is compatible with the other implementations at
https://github.com/fernet. They can exchange tokens freely among
each other.

Documentation: http://godoc.org/github.com/fernet/fernet-go


INSTALL

	$ go get github.com/fernet/fernet-go


For more information and background, see the Fernet spec at
https://github.com/fernet/spec.

Fernet is distributed under the terms of the MIT license.
See the License file for details.

Documentation

Overview

Package fernet takes a user-provided message (an arbitrary sequence of bytes), a key (256 bits), and the current time, and produces a token, which contains the message in a form that can't be read or altered without the key.

For more information and background, see the Fernet spec at https://github.com/fernet/spec.

Subdirectories in this package provide command-line tools for working with Fernet keys and tokens.

Example 
k := fernet.MustDecodeKeys("cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=")
tok, err := fernet.EncryptAndSign([]byte("hello"), k[0])
if err != nil {
	panic(err)
}
msg := fernet.VerifyAndDecrypt(tok, 60*time.Second, k)
fmt.Println(string(msg))

Output:

hello

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

func EncryptAndSign 

func EncryptAndSign(msg []byte, k *Key) (tok []byte, err error)

EncryptAndSign encrypts and signs msg with key k and returns the resulting fernet token. If msg contains text, the text should be encoded with UTF-8 to follow fernet convention.

func EncryptAndSignAtTime 

func EncryptAndSignAtTime(msg []byte, k *Key, signedAt time.Time) (tok []byte, err error)

EncryptAndSignAtTime encrypts and signs msg with key k at timestamp signedAt and returns the resulting fernet token. If msg contains text, the text should be encoded with UTF-8 to follow fernet convention.

func VerifyAndDecrypt 

func VerifyAndDecrypt(tok []byte, ttl time.Duration, k []*Key) (msg []byte)

VerifyAndDecrypt verifies that tok is a valid fernet token that was signed with a key in k at most ttl time ago only if ttl is greater than zero. Returns the message contained in tok if tok is valid, otherwise nil.

Types

type Key 

type Key [32]byte

Key represents a key.

func DecodeKey 

func DecodeKey(s string) (*Key, error)

DecodeKey decodes a key from s and returns it. The key can be in hexadecimal, standard base64, or URL-safe base64.

func DecodeKeys 

func DecodeKeys(a ...string) ([]*Key, error)

DecodeKeys decodes each element of a using DecodeKey and returns the resulting keys. Requires at least one key.

func MustDecodeKeys 

func MustDecodeKeys(a ...string) []*Key

MustDecodeKeys is like DecodeKeys, but panics if an error occurs. It simplifies safe initialization of global variables holding keys.

func (*Key) Encode 

func (k *Key) Encode() string

Encode returns the URL-safe base64 encoding of k.

func (*Key) Generate 

func (k *Key) Generate() error

Generate initializes k with pseudorandom data from package crypto/rand.

Source Files

View all Source files

Directories

Path Synopsis
cmd
fernet-keygen
fernet-sign

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.