crypto

package
v0.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 12, 2026 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Overview

Package crypto provides encryption utilities for sensitive data.

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrInvalidKey is returned when the encryption key is invalid.
	ErrInvalidKey = errors.New("crypto: invalid encryption key")
	// ErrInvalidCiphertext is returned when the ciphertext is malformed.
	ErrInvalidCiphertext = errors.New("crypto: invalid ciphertext")
	// ErrDecryptionFailed is returned when decryption fails.
	ErrDecryptionFailed = errors.New("crypto: decryption failed")
)

Functions

func HashToken 

func HashToken(token string) string

HashToken returns the SHA256 hash of a token as a hex string. This is used for secure token storage (bootstrap tokens, API keys, etc.). The original token should never be stored; only its hash should be persisted.

func HashTokenBytes 

func HashTokenBytes(token string) []byte

HashTokenBytes returns the SHA256 hash of a token as bytes.

func VerifyTokenHash 

func VerifyTokenHash(token, storedHash string) bool

VerifyTokenHash checks if a plaintext token matches a stored hash. This uses constant-time comparison to prevent timing attacks.

Types

type Cipher 

type Cipher struct {
	// contains filtered or unexported fields
}

Cipher provides AES-256-GCM encryption and decryption.

func NewCipher 

func NewCipher(key []byte) (*Cipher, error)

NewCipher creates a new Cipher with the given key. The key must be exactly 32 bytes for AES-256.

func NewCipherFromBase64 

func NewCipherFromBase64(b64Key string) (*Cipher, error)

NewCipherFromBase64 creates a new Cipher from a base64-encoded key.

func NewCipherFromHex 

func NewCipherFromHex(hexKey string) (*Cipher, error)

NewCipherFromHex creates a new Cipher from a hex-encoded key.

func (*Cipher) Decrypt 

func (c *Cipher) Decrypt(encoded string) ([]byte, error)

Decrypt decrypts base64-encoded ciphertext and returns plaintext.

func (*Cipher) DecryptString 

func (c *Cipher) DecryptString(encoded string) (string, error)

DecryptString decrypts base64-encoded ciphertext and returns a string.

func (*Cipher) Encrypt 

func (c *Cipher) Encrypt(plaintext []byte) (string, error)

Encrypt encrypts plaintext and returns base64-encoded ciphertext. The ciphertext includes the nonce prepended to it.

func (*Cipher) EncryptString 

func (c *Cipher) EncryptString(plaintext string) (string, error)

EncryptString encrypts a string and returns base64-encoded ciphertext.

type Encryptor 

type Encryptor interface {
	// EncryptString encrypts plaintext and returns base64-encoded ciphertext.
	EncryptString(plaintext string) (string, error)
	// DecryptString decrypts base64-encoded ciphertext and returns plaintext.
	DecryptString(encoded string) (string, error)
}

Encryptor provides encryption and decryption capabilities.

func NewNoOpEncryptor 

func NewNoOpEncryptor() Encryptor

NewNoOpEncryptor creates a no-op encryptor for development/testing.

type NoOpEncryptor 

type NoOpEncryptor struct{}

NoOpEncryptor is an Encryptor that does not encrypt (for development/testing).

func (*NoOpEncryptor) DecryptString 

func (n *NoOpEncryptor) DecryptString(encoded string) (string, error)

DecryptString returns the encoded string as-is (no decryption).

func (*NoOpEncryptor) EncryptString 

func (n *NoOpEncryptor) EncryptString(plaintext string) (string, error)

EncryptString returns the plaintext as-is (no encryption).

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.