Documentation ¶
Index ¶
- Constants
- Variables
- func CompareString(s, versionedCipher string) error
- func DecryptWith(key []byte, s string) ([]byte, error)
- func DeriveKey(value, versionedSalt string) ([]byte, error)
- func GenerateRSAKeypair(bits int) ([]byte, []byte, error)
- func GenerateRandomBytes(size int) ([]byte, error)
- func GenerateRandomValue(length int) (string, error)
- func GenerateRandomValueWith(length int, encoder StringEncoder) (string, error)
- func HashFast(value, versionedSalt string) (string, error)
- func ValidatePassword(pw string) error
- type StringEncoder
- type VersionedCipher
- func EncryptAsymmetricWith(publicKey interface{}, value []byte) (*VersionedCipher, error)
- func EncryptWith(key, value []byte) (*VersionedCipher, error)
- func HashString(s string) (*VersionedCipher, error)
- func NewFastSalt(len int) (*VersionedCipher, error)
- func NewSalt(len int) (*VersionedCipher, error)
Constants ¶
const ( RSAKeyLength = 4096 DefaultSecretLength = 16 DefaultSaltLength = 8 DefaultEncryptionKeySize = 32 DefaultPasswordHashSize = 32 )
these constants collect default values for key and secret lengths
Variables ¶
var ( ErrPasswordTooShort = errors.New("keys: given password is shorter than 8 characters") ErrPasswordTooLong = errors.New("keys: given password is longer than 64 characters") )
different errors will be returned for different validation failures
Functions ¶
func CompareString ¶
CompareString compares a string with a stored hash
func DecryptWith ¶
DecryptWith decrypts the given value using the given key and nonce value.
func DeriveKey ¶
DeriveKey wraps package argon2 in order to derive a symmetric key from the given value (most likely a password) and the given salt.
func GenerateRSAKeypair ¶
GenerateRSAKeypair creates an RSA key pair of the requested length
func GenerateRandomBytes ¶
GenerateRandomBytes generates a slice of bytes of the given size that is supposed to be used as a symmetric key.
func GenerateRandomValue ¶
GenerateRandomValue returns a slice of random values encoded as a Base64 string. This means the returned string will likely be longer than the requested length.
func GenerateRandomValueWith ¶
func GenerateRandomValueWith(length int, encoder StringEncoder) (string, error)
GenerateRandomValueWith returns a slice of random values encoded as a URL-sage Base64 string.
func HashFast ¶
HashFast creates a fast (i.e. not suitable for passwords) hash of the given value and the given salt
func ValidatePassword ¶
ValidatePassword checks whether the given password meets all requirements of the currently applicable password policy
Types ¶
type StringEncoder ¶
StringEncoder can encode a byte slice into a printable string.
type VersionedCipher ¶
type VersionedCipher struct {
// contains filtered or unexported fields
}
VersionedCipher adds meta information to a ciphertext string.
func EncryptAsymmetricWith ¶
func EncryptAsymmetricWith(publicKey interface{}, value []byte) (*VersionedCipher, error)
EncryptAsymmetricWith uses the given RSA Public Key in JWK format to encrypt the given value into a versioned cipher.
func EncryptWith ¶
func EncryptWith(key, value []byte) (*VersionedCipher, error)
EncryptWith encrypts the given value symmetrically using the given key. In case of success it also returns the unique nonce value that has been used for encrypting the value and will be needed for clients that want to decrypt the ciphertext.
func HashString ¶
func HashString(s string) (*VersionedCipher, error)
HashString hashes the given string using argon2 using the latest configuration
func NewFastSalt ¶
func NewFastSalt(len int) (*VersionedCipher, error)
NewFastSalt creates a new user salt value of the default length and wraps it in a versioned cipher
func NewSalt ¶
func NewSalt(len int) (*VersionedCipher, error)
NewSalt creates a new salt value of the default length and wraps it in a versioned cipher using the latest available algo version
func (*VersionedCipher) Marshal ¶
func (v *VersionedCipher) Marshal() string
Marshal returns the string representation of v. It can be deserialized again using unmarshalVersionedCipher.