Documentation
¶
Overview ¶
Package crypto provides functions for encrypting and decrypting data using AES-256-GCM with keys derived from passwords using Argon2id.
Index ¶
- Constants
- func Decrypt(encryptedB64, password string) (string, error)
- func DeriveKey(password, salt []byte) []byte
- func Encrypt(plaintext, password string) (string, error)
- func GenerateRandomBytes(n int) ([]byte, error)
- func GenerateSalt() ([]byte, error)
- func HashPassword(password string) string
- func ValidatePassword(password, storedHash string) bool
Constants ¶
View Source
const ( // Argon2Time is the time cost parameter for Argon2id key derivation. Argon2Time = 3 // Argon2Memory is the memory cost parameter for Argon2id key derivation. Argon2Memory = 64 * 1024 // 64 MB. // Argon2Threads is the parallelism parameter for Argon2id key derivation. Argon2Threads = 4 // Argon2KeyLen is the key length for AES-256. Argon2KeyLen = 32 // 256 bits for AES-256. // SaltSize is the size of the salt in bytes. SaltSize = 16 // GCMNonceSize is the size of the GCM nonce in bytes. GCMNonceSize = 12 // GCMTagSize is the size of the GCM authentication tag in bytes. GCMTagSize = 16 )
Variables ¶
This section is empty.
Functions ¶
func Decrypt ¶
Decrypt decrypts AES-256-GCM encrypted data. Expects: base64(salt + nonce + ciphertext + tag)
func Encrypt ¶
Encrypt encrypts data using AES-256-GCM. Returns: base64(salt + nonce + ciphertext + tag)
func GenerateRandomBytes ¶
GenerateRandomBytes generates random bytes for IV/nonce.
func GenerateSalt ¶
GenerateSalt generates a random salt for key derivation.
func HashPassword ¶
HashPassword creates a SHA-256 hash for password validation (not for encryption).
func ValidatePassword ¶
ValidatePassword checks if the provided password matches the stored hash.
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.