signedkeys

package module

v1.0.0 Latest Latest Go to latest Published: Apr 3, 2024 License: MIT Imports: 8 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/pinax-network/signedkeys

Links

Open Source Insights

README ¶

Signed Keys

This Go library generates, signs, validates and encodes keys, such as api keys for example. This allows such keys to be pre-validated in a fast and cheap way. An exemplary use case could be high throughput API endpoints that might not be easily rate-limited, but you still want to prevent bad actors from overloading your database by spamming requests with random api keys.

go get github.com/pinax-network/signedkeys

Example usage

package main

import (
	"crypto/sha1"
	"fmt"
	"github.com/pinax-network/signedkeys"
)

var keyGen *signedkeys.Generator

func init() {
	// initializes a new key generator using
	keyGen = signedkeys.NewGenerator(
		signedkeys.WithRand(signedkeys.Secure()), // a secure random generator for the key generation from crypto/rand (this is the default)
		signedkeys.WithKeyLength(12), // a key length of 12 bytes
		signedkeys.WithSigner(signedkeys.HmacSigner(sha1.New, []byte("my_secret"), 8)), // a signer that adds an 8-byte hmac signature using sha1 hashes and "my_secret" as secret
		signedkeys.WithVerifier(signedkeys.HmacVerifier(sha1.New, []byte("my_secret"), 8)), // the appropriate hmac validator with the same settings as the signer
		signedkeys.WithEncoding(signedkeys.HexEncoding()), // hexadecimal encoding for the resulting key + signature
	)
}

func main() {

	// generates a new key
	key, err := keyGen.GenerateKey()
	if err != nil {
		panic(err)
	}
	fmt.Printf("generated key: %s\n", key)

	// use the key generator to validate the keys signature
	valid := keyGen.VerifySignature(key)
	fmt.Printf("is valid: %t\n", valid)
}

Documentation ¶

Index ¶

Constants
func Base64Encoding() (Encoder, Decoder)
func HexEncoding() (Encoder, Decoder)
func NoopEncoding() (Encoder, Decoder)
type Decoder
type Encoder
type Generator
- func NewGenerator(options ...Option) *Generator
- func (g *Generator) GenerateKey() ([]byte, error)
- func (g *Generator) VerifySignature(key []byte) bool
type Option
type Rand
- func Secure() Rand
type Signer
type Verifier

Constants ¶

View Source

const (
	// DefaultKeyLength specifies the default length for generated keys
	DefaultKeyLength = 16
)

Variables ¶

This section is empty.

Functions ¶

func Base64Encoding ¶

func Base64Encoding() (Encoder, Decoder)

Base64Encoding encodes the generated key into a base64 byte array with standard encoding settings (using base64.StdEncoding). The result can just be cast into a string to get a valid base64 string.

func HexEncoding ¶

func HexEncoding() (Encoder, Decoder)

HexEncoding encodes the generated key into a hexadecimal byte array. The result can just be cast into a string to get a hex string.

func NoopEncoding ¶

func NoopEncoding() (Encoder, Decoder)

NoopEncoding is just a default noop encoder that returns the original byte array produced by the Generator.

Types ¶

type Decoder ¶

type Decoder func([]byte) ([]byte, error)

type Encoder ¶

type Encoder func([]byte) []byte

type Generator ¶

type Generator struct {
	// contains filtered or unexported fields
}

func NewGenerator ¶

func NewGenerator(options ...Option) *Generator

NewGenerator returns a new key generator. If no options are specified, it will return a generator using the DefaultKeyLength, Secure random generator, NoopSigner, NoopVerifier and NoopEncoding.

func (*Generator) GenerateKey ¶

func (g *Generator) GenerateKey() ([]byte, error)

GenerateKey generates a random key. It will contain a signature if WithSigner has been set and is going to be encoded based on the WithEncoding option.

func (*Generator) VerifySignature ¶

func (g *Generator) VerifySignature(key []byte) bool

VerifySignature returns true if the signature embedded in the key is valid. It uses the Verifier that has been set using the WithVerifier option.

type Option ¶

type Option func(*Generator)

func WithEncoding ¶

func WithEncoding(encoder Encoder, decoder Decoder) Option

WithEncoding sets the given Encoder and Decoder to be used to handle key codings.

func WithKeyLength ¶

func WithKeyLength(keyLength int) Option

WithKeyLength overrides the DefaultKeyLength used to define the byte length of a generated key. Note this method will panic if it receives a keyLength of zero or smaller.

func WithRand ¶

func WithRand(rand Rand) Option

WithRand allows setting a custom random generator.

func WithSigner ¶

func WithSigner(signer Signer) Option

WithSigner sets a key signer.

func WithVerifier ¶

func WithVerifier(verifier Verifier) Option

WithVerifier sets a key verifier

type Rand ¶

type Rand func(int) ([]byte, error)

Rand returns a random byte array in the given length.

func Secure ¶

func Secure() Rand

Secure returns a Rand that generates a securely random byte array using crypto/rand.

type Signer ¶

type Signer func(src []byte) ([]byte, error)

Signer receives a key and returns a signature for it.

func Ed25519Signer ¶

func Ed25519Signer(privateKey ed25519.PrivateKey) Signer

Ed25519Signer returns a signer that signs a key with an ed25519.PrivateKey. It will not be hashed.

func HmacSigner ¶

func HmacSigner(h func() hash.Hash, signingKey []byte, prefixLength int) Signer

HmacSigner returns a signer that creates a hmac signature using the given hash function and signing key. If prefixLength is set to a value greater than 0, the signature will be capped. This can be used to shorten the overall key length, but reduces the security of the signing. Note that the prefixLength set must be the same as set in HmacVerifier.

func NoopSigner ¶

func NoopSigner() Signer

NoopSigner returns a signer that just returns an empty byte array (no signature).

type Verifier ¶

type Verifier func(key []byte, signature []byte) bool

Verifier returns true if the signature is valid for the given key or false otherwise.

func Ed25519Verifier ¶

func Ed25519Verifier(publicKey ed25519.PublicKey) Verifier

Ed25519Verifier verifies a key's signature using an ed25519.PublicKey.

func HmacVerifier ¶

func HmacVerifier(h func() hash.Hash, signingKey []byte, prefixLength int) Verifier

HmacVerifier verifies the given signature using the hmac hashing. It accepts a hash method like sha1.New, the signing key to be used and a prefix length which is used to cap the signature at the first x bytes (this reduces the overall length of the keys). If no signature capping is wished, prefixLength can just be set to -1. Note that the prefixLength must match the one set in the HmacSigner or the validation will fail.

func NoopVerifier ¶

func NoopVerifier() Verifier

NoopVerifier returns a noop verifier which will always return true, no matter the key and signature given.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL