core/go-crypt
8
0
Fork 0
Code Issues 5 Pull requests 1 Projects Releases Packages Wiki Activity Actions
go-crypt/specs/crypt/RFC.md

6 KiB
Raw Blame History

crypt

Import: dappco.re/go/core/crypt/crypt

Files: 6

Types

None.

Functions

AESGCMDecrypt

func AESGCMDecrypt(ciphertext, key []byte) ([]byte, error)

AESGCMDecrypt decrypts ciphertext encrypted with AESGCMEncrypt. The key must be 32 bytes. Expects the nonce prepended to the ciphertext. Usage: call AESGCMDecrypt(...) during the package's normal workflow.

AESGCMEncrypt

func AESGCMEncrypt(plaintext, key []byte) ([]byte, error)

AESGCMEncrypt encrypts plaintext using AES-256-GCM. The key must be 32 bytes. The nonce is randomly generated and prepended to the ciphertext. Usage: call AESGCMEncrypt(...) during the package's normal workflow.

ChaCha20Decrypt

func ChaCha20Decrypt(ciphertext, key []byte) ([]byte, error)

ChaCha20Decrypt decrypts ciphertext encrypted with ChaCha20Encrypt. The key must be 32 bytes. Expects the nonce prepended to the ciphertext. Usage: call ChaCha20Decrypt(...) during the package's normal workflow.

ChaCha20Encrypt

func ChaCha20Encrypt(plaintext, key []byte) ([]byte, error)

ChaCha20Encrypt encrypts plaintext using ChaCha20-Poly1305. The key must be 32 bytes. The nonce is randomly generated and prepended to the ciphertext. Usage: call ChaCha20Encrypt(...) during the package's normal workflow.

Decrypt

func Decrypt(ciphertext, passphrase []byte) ([]byte, error)

Decrypt decrypts data encrypted with Encrypt. Expects format: salt (16 bytes) + nonce (24 bytes) + ciphertext. Usage: call Decrypt(...) during the package's normal workflow.

DecryptAES

func DecryptAES(ciphertext, passphrase []byte) ([]byte, error)

DecryptAES decrypts data encrypted with EncryptAES. Expects format: salt (16 bytes) + nonce (12 bytes) + ciphertext. Usage: call DecryptAES(...) during the package's normal workflow.

DeriveKey

func DeriveKey(passphrase, salt []byte, keyLen uint32) []byte

DeriveKey derives a key from a passphrase using Argon2id with default parameters. The salt must be argon2SaltLen bytes. keyLen specifies the desired key length. Usage: call DeriveKey(...) during the package's normal workflow.

DeriveKeyScrypt

func DeriveKeyScrypt(passphrase, salt []byte, keyLen int) ([]byte, error)

DeriveKeyScrypt derives a key from a passphrase using scrypt. Uses recommended parameters: N=32768, r=8, p=1. Usage: call DeriveKeyScrypt(...) during the package's normal workflow.

Encrypt

func Encrypt(plaintext, passphrase []byte) ([]byte, error)

Encrypt encrypts data with a passphrase using ChaCha20-Poly1305. A random salt is generated and prepended to the output. Format: salt (16 bytes) + nonce (24 bytes) + ciphertext. Usage: call Encrypt(...) during the package's normal workflow.

EncryptAES

func EncryptAES(plaintext, passphrase []byte) ([]byte, error)

EncryptAES encrypts data using AES-256-GCM with a passphrase. A random salt is generated and prepended to the output. Format: salt (16 bytes) + nonce (12 bytes) + ciphertext. Usage: call EncryptAES(...) during the package's normal workflow.

HKDF

func HKDF(secret, salt, info []byte, keyLen int) ([]byte, error)

HKDF derives a key using HKDF-SHA256. secret is the input keying material, salt is optional (can be nil), info is optional context, and keyLen is the desired output length. Usage: call HKDF(...) during the package's normal workflow.

HMACSHA256

func HMACSHA256(message, key []byte) []byte

HMACSHA256 computes the HMAC-SHA256 of a message using the given key. Usage: call HMACSHA256(...) during the package's normal workflow.

HMACSHA512

func HMACSHA512(message, key []byte) []byte

HMACSHA512 computes the HMAC-SHA512 of a message using the given key. Usage: call HMACSHA512(...) during the package's normal workflow.

HashBcrypt

func HashBcrypt(password string, cost int) (string, error)

HashBcrypt hashes a password using bcrypt with the given cost. Cost must be between bcrypt.MinCost and bcrypt.MaxCost. Usage: call HashBcrypt(...) during the package's normal workflow.

HashPassword

func HashPassword(password string) (string, error)

HashPassword hashes a password using Argon2id with default parameters. Returns a string in the format: $argon2id$v=19$m=65536,t=3,p=4$$ Usage: call HashPassword(...) during the package's normal workflow.

SHA256File

func SHA256File(path string) (string, error)

SHA256File computes the SHA-256 checksum of a file and returns it as a hex string. Usage: call SHA256File(...) during the package's normal workflow.

SHA256Sum

func SHA256Sum(data []byte) string

SHA256Sum computes the SHA-256 checksum of data and returns it as a hex string. Usage: call SHA256Sum(...) during the package's normal workflow.

SHA512File

func SHA512File(path string) (string, error)

SHA512File computes the SHA-512 checksum of a file and returns it as a hex string. Usage: call SHA512File(...) during the package's normal workflow.

SHA512Sum

func SHA512Sum(data []byte) string

SHA512Sum computes the SHA-512 checksum of data and returns it as a hex string. Usage: call SHA512Sum(...) during the package's normal workflow.

VerifyBcrypt

func VerifyBcrypt(password, hash string) (bool, error)

VerifyBcrypt verifies a password against a bcrypt hash. Usage: call VerifyBcrypt(...) during the package's normal workflow.

VerifyHMAC

func VerifyHMAC(message, key, mac []byte, hashFunc func() hash.Hash) bool

VerifyHMAC verifies an HMAC using constant-time comparison. hashFunc should be sha256.New, sha512.New, etc. Usage: call VerifyHMAC(...) during the package's normal workflow.

VerifyPassword

func VerifyPassword(password, hash string) (bool, error)

VerifyPassword verifies a password against an Argon2id hash string. The hash must be in the format produced by HashPassword. Usage: call VerifyPassword(...) during the package's normal workflow.