security

package

v1.1.6 Latest Latest Go to latest Published: Feb 9, 2025 License: GPL-3.0 Imports: 21 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/abyanmajid/matcha

Documentation ¶

Index ¶

Constants
Variables
func DecodeBase64(data string) ([]byte, error)
func Decrypt(ciphertext []byte, key []byte) ([]byte, error)
func DecryptHybrid(encryptedData []byte, privateKey *rsa.PrivateKey) ([]byte, error)
func DecryptRSA(ciphertext []byte, privateKey *rsa.PrivateKey) ([]byte, error)
func DecryptSymmetric(ciphertext []byte, key []byte) ([]byte, error)
func DeserializeRSAPrivateKey(privateKeyPEM []byte) (*rsa.PrivateKey, error)
func DeserializeRSAPublicKey(publicKeyPEM []byte) (*rsa.PublicKey, error)
func EncodeBase64(data []byte) string
func Encrypt(plaintext []byte, key []byte, iv []byte) ([]byte, error)
func EncryptHybrid(plaintext []byte, publicKey *rsa.PublicKey) ([]byte, error)
func EncryptRSA(plaintext []byte, publicKey *rsa.PublicKey) ([]byte, error)
func EncryptSymmetric(plaintext []byte, key []byte, iv []byte) ([]byte, error)
func GenerateRSAKeyPair(bits int) (*rsa.PrivateKey, *rsa.PublicKey, error)
func SerializeRSAPrivateKey(privateKey *rsa.PrivateKey) []byte
func SerializeRSAPublicKey(publicKey *rsa.PublicKey) []byte
func VerifyHash(hashedPassword, password []byte) error
type Algorithm
type HashedPassword
- func Hash(password []byte) (*HashedPassword, error)
- func HashWithCost(password []byte, cost int) (*HashedPassword, error)
type JWT
- func NewJWT(claims JwtClaims) *JWT
- func VerifyJWT(token string, key interface{}) (*JWT, error)
- func (t *JWT) SetAlgorithm(alg Algorithm)
- func (t *JWT) Sign(key interface{}) (string, error)
type JwtClaims

Constants ¶

View Source

const (
	DefaultCost = 10
	MinCost     = 4
	MaxCost     = 31
	SaltLength  = 16
	HashLength  = 32
	HashVersion = "v1"
)

Variables ¶

View Source

var (
	ErrPasswordTooLong           = errors.New("password length exceeds the maximum allowed")
	ErrMismatchedHashAndPassword = errors.New("hashed password does not match the provided password")
	ErrInvalidCost               = errors.New("cost is out of range")
	ErrHashTooShort              = errors.New("hash is too short")
)

Functions ¶

func DecodeBase64 ¶

func DecodeBase64(data string) ([]byte, error)

func Decrypt ¶

func Decrypt(ciphertext []byte, key []byte) ([]byte, error)

Decrypt is a simple API wrapper for DecryptSymmetric that allows for optional IV.

func DecryptHybrid ¶

func DecryptHybrid(encryptedData []byte, privateKey *rsa.PrivateKey) ([]byte, error)

DecryptHybrid decrypts data using hybrid encryption (AES + RSA).

func DecryptRSA ¶

func DecryptRSA(ciphertext []byte, privateKey *rsa.PrivateKey) ([]byte, error)

DecryptRSA decrypts data using RSA-OAEP.

func DecryptSymmetric ¶

func DecryptSymmetric(ciphertext []byte, key []byte) ([]byte, error)

DecryptSymmetric decrypts data using AES-256-GCM with a user-provided key. The IV is extracted from the beginning of the ciphertext.

func DeserializeRSAPrivateKey ¶

func DeserializeRSAPrivateKey(privateKeyPEM []byte) (*rsa.PrivateKey, error)

DeserializeRSAPrivateKey deserializes an RSA private key from PEM format.

func DeserializeRSAPublicKey ¶

func DeserializeRSAPublicKey(publicKeyPEM []byte) (*rsa.PublicKey, error)

DeserializeRSAPublicKey deserializes an RSA public key from PEM format.

func EncodeBase64 ¶

func EncodeBase64(data []byte) string

func Encrypt ¶

func Encrypt(plaintext []byte, key []byte, iv []byte) ([]byte, error)

Encrypt is a simple API wrapper for EncryptSymmetric that allows for optional IV.

func EncryptHybrid ¶

func EncryptHybrid(plaintext []byte, publicKey *rsa.PublicKey) ([]byte, error)

EncryptHybrid encrypts data using hybrid encryption (AES + RSA). The AES key is encrypted with RSA, and the IV is stored alongside the ciphertext.

func EncryptRSA ¶

func EncryptRSA(plaintext []byte, publicKey *rsa.PublicKey) ([]byte, error)

EncryptRSA encrypts data using RSA-OAEP.

func EncryptSymmetric ¶

func EncryptSymmetric(plaintext []byte, key []byte, iv []byte) ([]byte, error)

EncryptSymmetric encrypts data using AES-256-GCM with a user-provided key and IV. If no IV is provided, a random one is generated.

func GenerateRSAKeyPair ¶

func GenerateRSAKeyPair(bits int) (*rsa.PrivateKey, *rsa.PublicKey, error)

GenerateRSAKeyPair generates a new RSA key pair.

func SerializeRSAPrivateKey ¶

func SerializeRSAPrivateKey(privateKey *rsa.PrivateKey) []byte

SerializeRSAPrivateKey serializes an RSA private key to PEM format.

func SerializeRSAPublicKey ¶

func SerializeRSAPublicKey(publicKey *rsa.PublicKey) []byte

SerializeRSAPublicKey serializes an RSA public key to PEM format.

func VerifyHash ¶

func VerifyHash(hashedPassword, password []byte) error

Types ¶

type Algorithm ¶

type Algorithm string

const (
	HS256 Algorithm = "HS256"
	HS384 Algorithm = "HS384"
	HS512 Algorithm = "HS512"
	RS256 Algorithm = "RS256"
	RS384 Algorithm = "RS384"
	RS512 Algorithm = "RS512"
	ES256 Algorithm = "ES256"
	ES384 Algorithm = "ES384"
	ES512 Algorithm = "ES512"
	EdDSA Algorithm = "EdDSA"
)

type HashedPassword ¶

type HashedPassword struct {
	Hash       string
	Salt       string
	Cost       int
	HashPrefix string
}

func Hash ¶

func Hash(password []byte) (*HashedPassword, error)

func HashWithCost ¶

func HashWithCost(password []byte, cost int) (*HashedPassword, error)

type JWT ¶

type JWT struct {
	Header    map[string]interface{}
	JwtClaims JwtClaims
	Signature []byte
}

func NewJWT ¶

func NewJWT(claims JwtClaims) *JWT

func VerifyJWT ¶

func VerifyJWT(token string, key interface{}) (*JWT, error)

func (*JWT) SetAlgorithm ¶

func (t *JWT) SetAlgorithm(alg Algorithm)

func (*JWT) Sign ¶

func (t *JWT) Sign(key interface{}) (string, error)

type JwtClaims ¶

type JwtClaims map[string]interface{}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL