README
¶
Tokenizer
The tokenizer package provides encoding for tokens that can carry user data in a secure way.
Tokens generated with this tokenizer consist of:
token = base64url(iv,aes(pkcs7(ts,data)),hmac)
All tokens embed the time they were created, and that information is available when the token is decoded. Time is always in UTC, with 1s precision.
Usage
Download:
go get github.com/go-web/tokenizer
See the example for details.
Documentation
¶
Overview ¶
Package tokenizer provides encoding for tokens that can carry user data.
Tokens are made up of base64url(iv,aes(pkcs7(ts,data)),hmac) where the iv is random, and hmac signs iv,aes(...).
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrInvalidBlockSize indicates hash blocksize <= 0. ErrInvalidBlockSize = errors.New("invalid blocksize") // ErrInvalidPKCS7Data indicates bad input to PKCS7 pad or unpad. ErrInvalidPKCS7Data = errors.New("invalid PKCS7 data (empty or not padded)") // ErrInvalidPKCS7Padding indicates PKCS7 unpad fails to bad input. ErrInvalidPKCS7Padding = errors.New("invalid padding on input") )
PKCS7 errors.
var ( // ErrInvalidToken indicates the input to Decode // is invalid. ErrInvalidToken = errors.New("tokenizer: invalid token") // ErrInvalidTokenSignature indicates the input to Decode // contains an invalid signature. ErrInvalidTokenSignature = errors.New("tokenizer: invalid token signature") )
Tokenizer errors.
Functions ¶
Types ¶
type T ¶
type T struct {
// contains filtered or unexported fields
}
T provides a cryptographic token that can carry user data. Tokens consist of user-data encrypted with AES, an HMAC signature and a UTC timestamp with second precision.
func New ¶
New creates and initializes a new tokenizer T. sha256.New is used for HMAC in case f is nil.
Source Files