crypto

package

v1.2.0 Latest Latest Go to latest Published: Oct 27, 2025 License: AGPL-3.0, AGPL-3.0-or-later Imports: 13 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/btouchard/ackify-ce

Links

Open Source Insights

Documentation ¶

Overview ¶

SPDX-License-Identifier: AGPL-3.0-or-later

Index ¶

func DecryptToken(ciphertext []byte, key []byte) (string, error)
func EncryptToken(plaintext string, key []byte) ([]byte, error)
func GenerateCodeChallenge(verifier string) string
func GenerateCodeVerifier() (string, error)
func GenerateNonce() (string, error)
func ValidateCodeVerifier(verifier string) bool
type Ed25519Signer
- func NewEd25519Signer() (*Ed25519Signer, error)
- func (s *Ed25519Signer) CreateSignature(docID string, user *models.User, timestamp time.Time, nonce string, ...) (string, string, error)
- func (s *Ed25519Signer) GetPublicKey() string

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func DecryptToken ¶

func DecryptToken(ciphertext []byte, key []byte) (string, error)

DecryptToken decrypts a ciphertext using AES-256-GCM The key must be 32 bytes for AES-256 Expects input format: nonce + ciphertext + auth tag (as created by EncryptToken)

func EncryptToken ¶

func EncryptToken(plaintext string, key []byte) ([]byte, error)

EncryptToken encrypts a plaintext token using AES-256-GCM The key must be 32 bytes for AES-256 Returns: nonce + ciphertext + auth tag (combined)

func GenerateCodeChallenge ¶

func GenerateCodeChallenge(verifier string) string

GenerateCodeChallenge generates a PKCE code challenge from a code verifier Uses the S256 method: BASE64URL(SHA256(ASCII(code_verifier)))

func GenerateCodeVerifier ¶

func GenerateCodeVerifier() (string, error)

GenerateCodeVerifier generates a cryptographically secure PKCE code verifier The verifier is a random string of 43-128 characters using the unreserved character set. Returns a base64 URL-safe encoded string suitable for OAuth2 PKCE flow.

func GenerateNonce ¶

func GenerateNonce() (string, error)

GenerateNonce creates a 16-byte cryptographically secure random nonce for replay attack prevention

func ValidateCodeVerifier ¶

func ValidateCodeVerifier(verifier string) bool

ValidateCodeVerifier validates that a code verifier meets RFC 7636 requirements - Length: 43-128 characters - Characters: [A-Za-z0-9-._~]

Types ¶

type Ed25519Signer ¶

type Ed25519Signer struct {
	// contains filtered or unexported fields
}

Ed25519Signer provides cryptographic signature operations using Ed25519 elliptic curve algorithm

func NewEd25519Signer ¶

func NewEd25519Signer() (*Ed25519Signer, error)

NewEd25519Signer initializes signer with persistent or ephemeral keypair from environment

func (*Ed25519Signer) CreateSignature ¶

func (s *Ed25519Signer) CreateSignature(docID string, user *models.User, timestamp time.Time, nonce string, docChecksum string) (string, string, error)

CreateSignature generates SHA-256 payload hash and Ed25519 signature for non-repudiation proof

func (*Ed25519Signer) GetPublicKey ¶

func (s *Ed25519Signer) GetPublicKey() string

GetPublicKey exports the base64-encoded public key for signature verification by external parties

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL