Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GenerateKeyPair ¶
func GenerateKeyPair() *rsa.PrivateKey
func JwtClaimsEncryptionEnabled ¶
func JwtClaimsEncryptionEnabled() bool
Types ¶
type Encryptor ¶
type Encryptor struct {
// contains filtered or unexported fields
}
func NewEncryptor ¶
func NewEncryptor(privateKey *rsa.PrivateKey) Encryptor
func (*Encryptor) GetPublicKey ¶
func (*Encryptor) SetChannelPublicKey ¶
type PasswordEncryptor ¶
type PasswordEncryptor interface {
// EncodedPassword returns the hashed version of the password.
EncodedPassword() string
// Token returns a hashed token generated from the password and additional entropy.
Token() string
// Salt returns a hashed salt generated from the password and additional entropy.
Salt() string
// IsValidPassword checks if the provided plaintext password matches the stored hash.
IsValidPassword(encodedPassword string) bool
}
PasswordEncryptor is an interface for securely hashing and validating passwords using bcrypt. It provides methods to generate hashed passwords, tokens, and salts, as well as to validate passwords.
Environment Variables:
- B_CRYPT_COST The cost factor for bcrypt hashing. Default 10
func NewEncrypt ¶
func NewEncrypt(password string) PasswordEncryptor
NewEncrypt creates a new PasswordEncryptor instance and generates hashed values for the password, token, and salt.
Parameters:
- password: The plaintext password to be hashed.
Returns:
- A PasswordEncryptor instance with the hashed password, token, and salt.
type Service ¶
type Service interface {
// Secret retrieves the secret key used to sign and validate JWT tokens.
// This function ensures consistent access to the secret key across the pService.
//
// Returns:
// - A byte slice containing the secret key.
Secret() []byte
// Encrypt encrypts the given value using the secret associated with the apiSecurityServiceImpl instance.
// It returns the encrypted string or an error if encryption fails.
Encrypt(value string) (string, error)
// Decrypt decrypts the given encrypted string using the secret associated with the apiSecurityServiceImpl instance.
// It returns the decrypted string or an error if decryption fails.
//
// Parameters:
// - encrypted: The string that has been encrypted and needs to be decrypted.
//
// Returns:
// - A string representing the decrypted value if the operation is successful.
// - An error if decryption fails due to issues like invalid cipher text or incorrect secret.
//
// Notes:
// - The decryption logic must use secure cryptographic mechanisms to ensure data safety.
// - Ensure that any sensitive data involved in the decryption process is handled securely
// and not exposed in logs or error messages.
Decrypt(encrypted string) (string, error)
// DecryptAll decrypts multiple encrypted strings using the secret associated with the apiSecurityServiceImpl instance.
// Returns an array of decrypted strings or an error if decryption fails for any value.
//
// Parameters:
// - encrypted: Variadic string argument containing one or more encrypted strings to decrypt
//
// Returns:
// - []string: Array containing the decrypted values in the same order as input
// - error: Error if decryption fails for any value
//
// Notes:
// - If any single decryption fails, the entire operation fails and returns an error
// - The decryption logic must use secure cryptographic mechanisms to ensure data safety
// - Ensure that any sensitive data involved in the decryption process is handled securely
// and not exposed in logs or error messages
DecryptAll(encrypted ...string) ([]string, error)
}
func New ¶
New creates a new instance of the encryptor service with the provided secret key.
Parameters:
- secret: A byte slice representing the secret key used for encryption and decryption operations.
Returns:
- Service: An implementation of the encryptor.Service interface, initialized with the provided secret key.
Source Files
Click to show internal directories.
Click to hide internal directories.