Documentation
¶
Index ¶
Constants ¶
const ( // SecretMarker is a string we can look for in logs to see if the app // is accidentally exposing secrets. SecretMarker = "<!SECRET_REDACTED!>" )
Variables ¶
var ( // ErrUnknownKey indicates that the key used to encrypt the data is unknown. ErrUnknownKey = errors.New("unknown key") // ErrInvalidData indicates that the data is invalid. ErrInvalidData = errors.New("invalid data") )
var ( // ErrInvalidInput indicates invalid input was provided. ErrInvalidInput = errors.New("invalid input") )
var (
ErrInvalidKey = errors.New("invalid key")
)
var ErrInvalidToken = errors.New("invalid token")
Functions ¶
This section is empty.
Types ¶
type Argon2Hash ¶
type Argon2Hash struct {
Variant string
Version uint32
MemoryKiB uint32
Iterations uint32
Parallelism uint8
Salt []byte
Hash []byte
}
Argon2Hash is a hash generated by the Argon2 Hashing Algorithm.
func HashArgon2 ¶
func HashArgon2(b []byte) (Argon2Hash, error)
HashArgon2 hashes a byte slice using the argon2id algorithm.
func HashArgon2WithKey ¶
func HashArgon2WithKey(b []byte, salt Key) (Argon2Hash, error)
HashArgon2WithKey hashes a byte slice using the argon2id algorithm and uses the provided key as a salt.
func ParseArgon2Hash ¶
func ParseArgon2Hash(txt string) (Argon2Hash, error)
ParseArgon2Hash parses an argon2 hash from the string representation provided by the String method.
func (Argon2Hash) MarshalText ¶
func (h Argon2Hash) MarshalText() ([]byte, error)
MarshalText implements the encoding.TextMarshaler interface.
func (Argon2Hash) MatchBytes ¶
func (h Argon2Hash) MatchBytes(b []byte) bool
MatchBytes checks if the hash matches the given byte slice.
func (*Argon2Hash) Scan ¶
func (h *Argon2Hash) Scan(v any) error
Scan implements the sql.Scanner interface.
func (Argon2Hash) String ¶
func (h Argon2Hash) String() string
String returns the string representation of the hash.
func (*Argon2Hash) UnmarshalText ¶
func (h *Argon2Hash) UnmarshalText(text []byte) error
UnmarshalText implements the encoding.TextUnmarshaler interface.
type Encryptor ¶
type Encryptor struct {
// contains filtered or unexported fields
}
Encryptor encrypts and decrypts data using AES-GCM.
The encryptor uses an append only list of keys for encryption and decryption. The last key in the list is considered the latest key.
To construct output data, the encryptor prefixes the encrypted data with the index of the used key. This allows the encryptor to work with multiple keys and to decrypt data encrypted with an older key.
The index used is not considered secret.
func NewEncryptor ¶
NewEncryptor creates a new encryptor with the provided keys.
type Key ¶
type Key struct {
// contains filtered or unexported fields
}
Key is 32-byte encryption key.
func (Key) MarshalText ¶
func (Key) SecretValue ¶
SecretValue returns the key as a byte slice. This is provided as an escape hatch for cases where the key needs to be provided to third party packages or libraries.
type Secret ¶
type Secret struct {
// contains filtered or unexported fields
}
SecretMarker is arbitrary sensitive data that needs to be passed around but not exposed. Things like API keys or other credentials.
func (Secret) MarshalText ¶
func (Secret) SecretValue ¶
SecretValue returns the secret as a byte slice. This is provided as an escape hatch for cases where the key needs to be provided to third party packages or libraries.
type Token ¶
type Token [tokenLen]byte
Token is a random token that is sent via email.
The only time a token should be provided in plaintext is as part of the email to the user. Tokens are confidential and should never be exposed in logs or persisted in plaintext.
func ParseToken ¶
ParseToken parses a token from a string.
func (Token) String ¶
String returns the string representation of the token. As opposed to a Password this allowed, we need to embed the token in emails.
Source Files