Documentation ¶
Overview ¶
Package crypto provides functionality to scrypt a password and to AES encrypt and decrypt []bytes The following sources were used as references:
https://golang.ir/src/crypto/cipher/example_test.go https://proandroiddev.com/security-best-practices-symmetric-encryption-with-aes-in-java-7616beaaade9 https://www.thepolyglotdeveloper.com/2018/02/encrypt-decrypt-data-golang-application-crypto-packages/ https://github.com/elithrar/simple-scrypt
To symmetrically encrypt arbitrary data using a plain password, this form may be used:
crypto.EncryptGCM([]byte("data to encrypt", []byte("password123")) // to encrypt crypto.DecryptGCM(encryptedData, []byte("password123")) // to decrypt
If it is desired to "hide" the password, first encrypt the password:
scryptPkg, e := crypto.NewScryptPkg([]byte("password123"))
and use the resulting ScryptPkg package to perform the encryption:
encryptedDataRawBytes, e := scryptPkg.EncryptGCM([]byte("data to encrypt")) // raw encrypted bytes
or
encryptedData, e := scryptPkg.EncryptGCMBase64([]byte("data to encrypt")) // base64 encoded encrypted bytes
to decrypt:
decrypted, e := scryptPkg.DecryptGCM(rawEncryptedBytes)
or
decrypted, e := scryptPkg.EncryptGCMBase64(base64EncodedEncryptedBytes)
In either case, note that the crypto package relies on some hard coded defaults that determine key strength (see crypto.GetDefaultParams()). At some point, this package could be refactored to support settings other than the default, or something like https://github.com/elithrar/simple-scrypt could be used as is.
Index ¶
- Variables
- func DecryptGCM(data, password []byte) ([]byte, error)
- func EncryptGCM(plainText, password []byte) ([]byte, error)
- type EncodedScryptPkg
- type ScryptParams
- type ScryptPkg
- func (r ScryptPkg) CompareHashAndPasswordWithParams(password []byte) (bool, error)
- func (r ScryptPkg) DecryptGCM(data []byte) ([]byte, error)
- func (r ScryptPkg) DecryptGCMBase64(dataBase64 string) ([]byte, error)
- func (r ScryptPkg) Encode() EncodedScryptPkg
- func (r ScryptPkg) EncryptGCM(plainText []byte) ([]byte, error)
- func (r ScryptPkg) EncryptGCMBase64(plainText []byte) (string, error)
Constants ¶
This section is empty.
Variables ¶
var ErrInvalidHash = errors.New("scrypt: the provided hash is not in the correct format")
Functions ¶
func DecryptGCM ¶
func EncryptGCM ¶
Types ¶
type EncodedScryptPkg ¶
type EncodedScryptPkg string
func (EncodedScryptPkg) CompareHashAndPassword ¶
func (r EncodedScryptPkg) CompareHashAndPassword(password []byte) (bool, error)
func (EncodedScryptPkg) Decode ¶
func (r EncodedScryptPkg) Decode() (*ScryptPkg, error)
type ScryptParams ¶
type ScryptParams struct { N int // CPU/memory cost parameter (logN) R int // block size parameter (octets) P int // parallelization parameter (positive int) SaltLen int // bytes to use as salt (octets) DKLen int // length of the derived key (octets) }
func GetDefaultParams ¶
func GetDefaultParams() ScryptParams
type ScryptPkg ¶
type ScryptPkg struct { Key []byte Salt []byte Params ScryptParams }
func FromEncodedMust ¶
func NewScryptPkg ¶
func NewScryptPkgWithParams ¶
func NewScryptPkgWithParams(password []byte, params ScryptParams) (*ScryptPkg, error)
func (ScryptPkg) CompareHashAndPasswordWithParams ¶
func (ScryptPkg) DecryptGCMBase64 ¶
func (ScryptPkg) Encode ¶
func (r ScryptPkg) Encode() EncodedScryptPkg