Documentation ¶
Overview ¶
Package crypto implements common symmetric-encryption and key-derivation functions.
Index ¶
- Constants
- func AllowedKeyDerivationAlgorithms() []string
- func DecryptAes256Gcm(data, masterKey, salt []byte) ([]byte, error)
- func DeriveKeyFromMasterKey(masterKey, salt, purpose []byte, length int) []byte
- func DeriveKeyFromPassword(password string, salt []byte, algorithm string) ([]byte, error)
- func EncryptAes256Gcm(data, masterKey, salt []byte) ([]byte, error)
- func RecommendedSaltLength(algorithm string) (int, error)
- func RegisterKeyDerivers(name string, keyDeriver KeyDeriver)
- type KeyDeriver
Constants ¶
const ( // ScryptAlgorithm is the key for the scrypt algorithm. ScryptAlgorithm = "scrypt-65536-8-1" // Legacy hash version salt length. V1SaltLength = 32 // Legacy hash version system translates to KeyDerivationAlgorithm. HashVersion1 = 1 // this translates to Scrypt KeyDerivationAlgorithm )
The recommended minimum size for a salt to be used for scrypt. Currently set to 16 bytes (128 bits).
TBD: A good rule of thumb is to use a salt that is the same size as the output of the hash function. For example, the output of SHA256 is 256 bits (32 bytes), so the salt should be at least 32 random bytes. Scrypt uses a SHA256 hash function. https://crackstation.net/hashing-security.htm
const DefaultKeyDerivationAlgorithm = ScryptAlgorithm
DefaultKeyDerivationAlgorithm is the key derivation algorithm for new configurations.
const (
// MasterKeyLength describes the length of the master key.
MasterKeyLength = 32
)
const (
// Pbkdf2Algorithm is the key for the pbkdf algorithm.
Pbkdf2Algorithm = "pbkdf2"
)
Variables ¶
This section is empty.
Functions ¶
func AllowedKeyDerivationAlgorithms ¶ added in v0.17.0
func AllowedKeyDerivationAlgorithms() []string
AllowedKeyDerivationAlgorithms returns a slice of the allowed key derivation algorithms.
func DecryptAes256Gcm ¶
DecryptAes256Gcm encrypts data with AES 256 GCM.
func DeriveKeyFromMasterKey ¶
DeriveKeyFromMasterKey computes a key for a specific purpose and length using HKDF based on the master key.
func DeriveKeyFromPassword ¶
DeriveKeyFromPassword derives encryption key using the provided password and per-repository unique ID.
func EncryptAes256Gcm ¶
EncryptAes256Gcm encrypts data with AES 256 GCM.
func RecommendedSaltLength ¶ added in v0.17.0
RecommendedSaltLength returns the recommended salt length of a given key derivation algorithm.
func RegisterKeyDerivers ¶ added in v0.17.0
func RegisterKeyDerivers(name string, keyDeriver KeyDeriver)
RegisterKeyDerivers registers various key derivation functions.