security

package

v1.0.1 Latest Latest Go to latest Published: May 17, 2026 License: MIT Imports: 16 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/downsized-devs/sdk-go

Links

Open Source Insights

README ¶

`security` — cryptographic primitives

import "github.com/downsized-devs/sdk-go/security"

Stability: Stable — see STABILITY.md

AES-GCM symmetric encryption, PBKDF2-based password hashing, and Scrypt-based password hashing.

Features

Encrypt / Decrypt — AES-GCM symmetric.
HashPassword / CompareHashPassword — PBKDF2.
ScryptPassword / CompareScryptPassword — scrypt.

Installation

go get github.com/downsized-devs/sdk-go/security

Quick Start

sec := security.Init(security.Config{
    SecretKey: "<32-byte-key>",
}, log)

enc, _ := sec.Encrypt(ctx, []byte("plaintext"))
plain, _ := sec.Decrypt(ctx, enc)

hash, _ := sec.HashPassword("hunter2")
ok, _   := sec.CompareHashPassword("hunter2", hash)

API Reference

Symbol	Signature
`Init`	`func Init(cfg Config, log logger.Interface) Interface`
`Interface.Encrypt`	`(ctx, []byte) ([]byte, error)`
`Interface.Decrypt`	`(ctx, []byte) ([]byte, error)`
`Interface.HashPassword`	`(plain string) (string, error)`
`Interface.CompareHashPassword`	`(plain, hash string) (bool, error)`
`Interface.ScryptPassword`	`(plain string, cfg ScryptConfig) (string, error)`
`Interface.CompareScryptPassword`	`(plain, hash string, cfg ScryptConfig) (bool, error)`
`ScryptConfig`	`{ N, R, P, KeyLength int }`

Configuration

Field	Description
`SecretKey`	Symmetric encryption key (32 bytes for AES-256-GCM).
Scrypt parameters	Passed per-call as `ScryptConfig`.

Error Handling

Errors are wrapped with codes crypto codes.

Dependencies

Internal: codes, errors, logger
External: golang.org/x/crypto/pbkdf2, golang.org/x/crypto/scrypt

Testing

go test ./security/...

Two test files. Crypto is high-risk — never lower the assertion bar.

Contributing

See CONTRIBUTING.md. Any change to encryption schemes must go through a second reviewer with a written rationale.

auth — for Firebase-managed identities (passwords stay with Firebase).
character — pre-hash strength validation.

Documentation ¶

Index ¶

type Interface
- func Init(scrypt ScryptConfig, log logger.Interface) Interface
type ScryptConfig

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Interface ¶

type Interface interface {
	Encrypt(ctx context.Context, passphrase string, timestamp int64, plaintext string) string
	Decrypt(ctx context.Context, passphrase string, timestamp int64, ciphertext string) (string, error)
	ScryptPassword(ctx context.Context, salt, password string) string
	CompareScryptPassword(ctx context.Context, passwordHash, salt, password string) bool
	HashPassword(ctx context.Context, secretKey, password string) string
	CompareHashPassword(ctx context.Context, secretKey, hashPassword, password string) bool
}

func Init ¶

func Init(scrypt ScryptConfig, log logger.Interface) Interface

type ScryptConfig ¶

type ScryptConfig struct {
	Base64SignerKey     string
	Base64SaltSeparator string
	Rounds              int
	MemoryCost          int
}

Source Files ¶

View all Source files

security.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL

README ¶

security — cryptographic primitives

Features

Installation

Quick Start

API Reference

Configuration

Error Handling

Dependencies

Testing

Contributing

Related Packages

Documentation ¶

Index ¶

Constants ¶

Variables ¶

Functions ¶

Types ¶

type Interface ¶

func Init ¶

type ScryptConfig ¶

Source Files ¶

`security` — cryptographic primitives