README
¶
Secure Bytes 
Secure Bytes takes any Go data type, serializes it to DER-ASN.1, JSON or GOB and encrypts it with AES-192-GCM. The goal of this library is to generate smaller cookies than securecookie does. It's achieved by using Authenticated Encryption instead of HMAC and optionally DER-ASN.1 instead of GOB or JSON.
Installation
go get -u github.com/meehow/securebytes
Usage
First, create Secure Bytes instance and set encryption key. Suggested key length is at least 50 characters. You can choose one of build-in serializers: GOBSerializer, JSONSerializer or ASN1Serializer. Usually ASN1Serializer gives the smallest output, but it's not compatible with some data types (for example uint).
var sb = securebytes.New(
[]byte("choo}ng-o9quoh6oodurabishoh9haeWee~neeyaRoqu6Chue1"),
securebytes.ASN1Serializer{})
Write a cookie:
type Session struct {
UserID int
Name string
}
func SetCookieHandler(w http.ResponseWriter, r *http.Request) {
session := Session{
UserID: 1234567890,
Name: "meehow",
}
b64, err := sb.EncodeToBase64(session)
if err != nil {
fmt.Fprintf(w, "Encryption error: %v", err)
return
}
cookie := &http.Cookie{
Name: "cookie-name",
Value: b64,
Path: "/",
HttpOnly: true,
}
http.SetCookie(w, cookie)
}
Read a cookie:
func ReadCookieHandler(w http.ResponseWriter, r *http.Request) {
var session Session
cookie, err := r.Cookie("cookie-name")
if err != nil {
fmt.Fprintf(w, "Cookie not found: %v", err)
return
}
if err = sb.DecryptBase64(cookie.Value, &session); err != nil {
fmt.Fprintf(w, "Decryption error: %v", err)
return
}
fmt.Fprintf(w, "Your session cookie: %#v", session)
}
You can also check example to see full code of http server.
If you need plain []byte output, you can use Encrypt and Decrypt functions instead.
You can find more information in the documentation.
Benchmark
SecureBytes works 2.5 times faster than SecureCookie and generates 40% smaller cookies.
goos: linux
goarch: amd64
pkg: github.com/meehow/securebytes
BenchmarkSecureBytesJSON-4 300000 3810 ns/op
BenchmarkSecureBytesGOB-4 300000 5476 ns/op
BenchmarkSecureCookieJSON-4 200000 9959 ns/op
BenchmarkSecureCookieGOB-4 100000 11807 ns/op
PASS
ok github.com/meehow/securebytes 6.303s
Documentation
¶
Index ¶
- type ASN1Serializer
- type GOBSerializer
- type JSONSerializer
- type SecureBytes
- func (sb *SecureBytes) Decrypt(data []byte, output interface{}) error
- func (sb *SecureBytes) DecryptBase64(b64 string, output interface{}) error
- func (sb *SecureBytes) Encrypt(input interface{}) ([]byte, error)
- func (sb *SecureBytes) EncryptToBase64(input interface{}) (string, error)
- func (sb *SecureBytes) RawDecrypt(data []byte) ([]byte, error)
- func (sb *SecureBytes) RawDecryptBase64(b64 string) ([]byte, error)
- func (sb *SecureBytes) RawEncrypt(data []byte) ([]byte, error)
- func (sb *SecureBytes) RawEncryptToBase64(data []byte) (string, error)
- type Serializer
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ASN1Serializer ¶ added in v0.1.1
type ASN1Serializer struct{}
ASN1Serializer uses encoding/asn1 to encode and decode data
func (ASN1Serializer) Marshal ¶ added in v0.1.1
func (a ASN1Serializer) Marshal(v interface{}) ([]byte, error)
Marshal data with asn1 serializer
func (ASN1Serializer) Unmarshal ¶ added in v0.1.1
func (a ASN1Serializer) Unmarshal(data []byte, v interface{}) error
Unmarshal data with asn1 serializer
type GOBSerializer ¶
type GOBSerializer struct{}
GOBSerializer uses encoding/gob to encode and decode data
func (GOBSerializer) Marshal ¶ added in v0.1.1
func (g GOBSerializer) Marshal(v interface{}) ([]byte, error)
Marshal data with gob serializer
func (GOBSerializer) Unmarshal ¶ added in v0.1.1
func (g GOBSerializer) Unmarshal(data []byte, v interface{}) error
Unmarshal data with gob serializer
type JSONSerializer ¶
type JSONSerializer struct{}
JSONSerializer uses encoding/json to encode and decode data
func (JSONSerializer) Marshal ¶ added in v0.1.1
func (j JSONSerializer) Marshal(v interface{}) ([]byte, error)
Marshal data with json serializer
func (JSONSerializer) Unmarshal ¶ added in v0.1.1
func (j JSONSerializer) Unmarshal(data []byte, v interface{}) error
Unmarshal data with json serializer
type SecureBytes ¶
type SecureBytes struct {
Serializer Serializer
// contains filtered or unexported fields
}
SecureBytes keeps encryption key and serializer.
func New ¶
func New(key []byte, serializer Serializer) *SecureBytes
New returns a new SecureBytes with JSONSerializer. `key` should provide 256 bits entropy, so if you are using random alphanumeric characters it should have a length of at least 50 characters.
func (*SecureBytes) Decrypt ¶
func (sb *SecureBytes) Decrypt(data []byte, output interface{}) error
Decrypt decrypts data encrypted by Encrypt.
func (*SecureBytes) DecryptBase64 ¶
func (sb *SecureBytes) DecryptBase64(b64 string, output interface{}) error
DecryptBase64 decrypts base64 string encrypted with EncryptToBase64
func (*SecureBytes) Encrypt ¶
func (sb *SecureBytes) Encrypt(input interface{}) ([]byte, error)
Encrypt encrypts data using AES-192 with authenticated encryption, to avoid additional signing.
https://en.wikipedia.org/wiki/Authenticated_encryption
func (*SecureBytes) EncryptToBase64 ¶
func (sb *SecureBytes) EncryptToBase64(input interface{}) (string, error)
EncryptToBase64 encrypts input and converts to base64 string
func (*SecureBytes) RawDecrypt ¶
func (sb *SecureBytes) RawDecrypt(data []byte) ([]byte, error)
RawDecrypt decrypts data encrypted by RawEncrypt.
func (*SecureBytes) RawDecryptBase64 ¶
func (sb *SecureBytes) RawDecryptBase64(b64 string) ([]byte, error)
RawDecryptBase64 decrypts base64 string encrypted with RawEncryptToBase64
func (*SecureBytes) RawEncrypt ¶
func (sb *SecureBytes) RawEncrypt(data []byte) ([]byte, error)
RawEncrypt can encrypt only bytes, doesn't do serialization
func (*SecureBytes) RawEncryptToBase64 ¶
func (sb *SecureBytes) RawEncryptToBase64(data []byte) (string, error)
RawEncryptToBase64 encrypts bytes and converts to base64 string
Source Files
Directories