Skip to content

Latest commit

 

History

History
226 lines (178 loc) · 10.4 KB

README.md

File metadata and controls

226 lines (178 loc) · 10.4 KB

go-crypto-guard

Language

Introduction

This repository contains a comprehensive password hashing library written in Go. The library supports multiple hashing algorithms,it allows for customizable salt length, iterations, key length, and algorithm selection. This open-source project aims to provide developers with a versatile tool for secure password storage and validation.

Algorithms supported:

The format of the some passwords is same as the encryption algorithm format that comes with Django:

<algorithm>$<iterations>$<salt>$<hash>

others may be like:

<algorithm>$<hash>

Installation

go get -u github.com/palp1tate/go-crypto-guard 

Usage

Some examples of usage are provided below:

SHA512

// SHA512 encrypts a password using PBKDF2 and SHA-512.
// It takes a password, salt length, key length, and iterations as input.If you pass in an invalid value, the function takes the default value.
// It generates a salt, derives a key using PBKDF2 and SHA-512, and returns the encrypted password.
//The format of password:<algorithm>$<iterations>$<salt>$<hash>
//pbkdf2_sha512$100$40fde046f66c1d9e55b4435d$1fdd34c50a98e576b612d66be507f019

password := "12345678"
encodedPassword, _ := pwd.GenSHA512(password, 12, 16, 100)
ok, _ := pwd.VerifySHA512(password, encodedPassword)

The use of SHA384、SHA256、SHA1、Md5 and Argon2 are the same as for SHA512.

HMAC

// HMAC encrypts a password using HMAC and SHA-256.
// It takes a password and salt length as input.
// It generates a salt, computes the HMAC of the password using the salt and SHA-256, and returns the encrypted password.
//The format of password:<algorithm>$<salt>$<hash>
//hmac$3bf4e2c1a9ed54575d0d1f937eb363ab$a6ed73f8fe48867db2bd58c69ebe6c0fb91ecdd8147c4352fecf018d07cb4f43

password := "12345678"
encodedPassword, _ := pwd.GenHMAC(password, 16)
ok, _ := pwd.VerifyHMAC(password, encodedPassword)

Bcrypt

// Bcrypt encrypts a password using the Bcrypt hashing function.
// It takes a password as input, generates a hash from the password using Bcrypt's default cost, and returns the encrypted password.
//The format of password:<algorithm>$<hash>
//bcrypt$243261243130246769545174546869684f565835616a694a4e3578432e6e387a4c426451526932692e443067756758334a436d3532717365784e5661

password := "12345678"
encodedPassword, _ := pwd.GenBcrypt(password)
ok, _ := pwd.VerifyBcrypt(password, encodedPassword)

The use of Blake2b、Blake2s、 are the same as for Bcrypt.

Scrypt

// Scrypt encrypts a password using the Scrypt key derivation function.
// It takes a password, salt length, and key length as input.
// It generates a salt, derives a key using Scrypt and the provided parameters, and returns the encrypted password.
//The format of password:<algorithm>$<salt>$<hash>
//scrypt$679a0a3c8336a9ff36b809862e7d494c$c4cec5ca742fa984045457f76d217acf245f032251c6a3952c4d68e1cba4a488

password := "12345678"
encodedPassword, _ := pwd.GenScrypt(password, 16, 32)
ok, _ := pwd.VerifyScrypt(password, encodedPassword)

AES

// AES encrypts a password using the AES encryption algorithm.
// It takes a password and an AES key as input.
// It creates a new cipher block from the AES key, applies PKCS7 padding to the password, and encrypts the password using CBC mode.
// It returns the encrypted password.
//The format of password:<algorithm>$<hash>
//aes$BhV9oJiePwpsEwDWizJoCA==

password := "12345678"
//the length of aes key must be 32
aesKey := "palpitateabcdefghijklmn123456789"
encodedPassword, _ := pwd.GenAES(password, aesKey)
ok, _ := pwd.VerifyAES(password, encodedPassword, aesKey)

The use of DES 、ThreeDES、RC4 and Blowfish are the same as for Bcrypt.For DES,the length of des key must be 8.For ThreeDES,the length of threedes key must be 24.There is no limit to the length of the rc4Key and blowfishKey ,but for Blowfish, the length of password must be 8.

RSA

// GenRSAKey generates a pair of RSA keys and saves them to files.
// It takes the number of bits for the key as input.2048 or 4096 is recommended.
// It generates a private key and a public key, and writes them to "privateKey.pem" and "publicKey.pem" respectively.


// RSA encrypts a password using the RSA encryption algorithm.
// It takes a password and the path to a public key file as input.
// It reads the public key from the file, encrypts the password using RSA and PKCS1v15 padding, and returns the encrypted password.
//The format of password:<algorithm>$<hash>
//rsa$3p1+X80iFIDtwtKOQFjXm+deyv+cxkEIbpXuwXcqbcCvean6zyWvcrogQtDj2MkYOE2ScHpARR93RYxs3y+RXetKAHhrDqWURYcyJwuTwShBmR4hz+3WkFzhqm44IgPdlgdt70uO7TXx6fj1WmUTsZpNDTF/WNdEUO7Rzc8wahYBcnMOnPgUXrnUCYRSX7OBjuLwThnd9FTgh8CdaqESHWh6UPgkj9xz3G2uRplx2Tae0Pbsk8vQTuJXsqT//Q8yoC+ELo+5S6wTE6H8AMBdgvJgNHzFDldQD8UsZ7Ta/u2uF/joHwBA6V6IS4+1ithspE9ceJZCBWo2Cj6fMIbvjg==

//Before you can encrypt a password, you must first generate a pair of keys.This function can be called only once, remembering that the same key pair is required when verifying the password.
_ = pwd.GenRSAKey(2048)	//It only needs to be called once
password := "12345678"
encodedPassword, _ := pwd.GenRSA(password, "publicKey.pem")
ok, _ := pwd.VerifyRSA(password, encodedPassword, "privateKey.pem")

ECC

// ECC encrypts a password using the ECC encryption algorithm.
// It takes a password and a private key as input.
// It computes the SHA-256 digest of the password, signs the digest using the private key, and returns the encrypted password.
//The format of password:<algorithm>$<hash>
//ecc$BQOoQvBhRHKi9GsV0qpPiyMJ5hRwdiXlQL7CcMsPCo1GvIomtb8xzjNnmq7RNRWmS9AKXo+i0Cg4fmAdLeCN8w==


password := "12345678"
privateKey, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
encodedPassword, _ := pwd.GenECC(password, privateKey)
publicKey := privateKey.PublicKey
ok, _ := pwd.VerifyECC(password, encodedPassword publicKey)

Contribute

Welcome contributions to the repository. Here are a few ways you can help:

  1. Report bugs: If you encounter any issues or bugs, please open an issue on the GitHub repository.
  2. Suggest enhancements: If you have ideas for new features or improvements, feel free to open an issue detailing your suggestion.
  3. Submit pull requests: If you’ve fixed a bug or developed a new feature, we’d love to see it. Please submit a pull request with your changes.

Before contributing, please make sure to read and follow our code of conduct and contribution guidelines (if available).

License

This project is licensed under the Apache License 2.0. See the Apache License 2.0 file for more details.