Documentation
¶
Overview ¶
Package security provides cryptographic primitives including AES-GCM encryption, password hashing with bcrypt, HMAC hashing, secure key generation, PKCE generation, and environment variable parsing utilities.
Index ¶
- func Decrypt(ciphertext []byte, key [32]byte) ([]byte, error)
- func Encrypt(plaintext []byte, key [32]byte) []byte
- func GenerateID() string
- func GenerateKey() [32]byte
- func GeneratePKCE() (string, string)
- func Getenv(key string) [32]byte
- func Hash(tag string, data []byte) []byte
- func IsPasswordValid(ciphertext, plaintext []byte) bool
- func Password(plaintext []byte) ([]byte, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Decrypt ¶
Decrypt takes an encrypted byte slice (ciphertext) and a 256-bit AES key, and decrypts the ciphertext using AES-GCM.
func Encrypt ¶
Encrypt takes an input byte slice (plaintext) and encrypts it using AES-GCM. It returns the encrypted data (ciphertext) and the key used for encryption.
func GenerateID ¶ added in v0.1.71
func GenerateID() string
GenerateID generates a unique ID using a secure random key.
func GenerateKey ¶
func GenerateKey() [32]byte
GenerateKey generates a 256-bit (32-byte) random key for AES encryption. It uses a cryptographically secure random number generator.
func GeneratePKCE ¶ added in v0.1.87
GeneratePKCE generates a OAuth 2.0 PKCE challenge by using a random string.
func Getenv ¶ added in v0.1.7
Getenv retrieves an environment variable by the given key, interprets its value as a hexadecimal string, and decodes it into a 32-byte array. If the environment variable is not set, the value is not a valid hex string, or the decoded byte length is not 32, the function returns an empty array.
func IsPasswordValid ¶
IsPasswordValid checks if a given plaintext password matches a hashed password.
Types ¶
This section is empty.
Source Files