AesDecrypt encrypt bytes by AES GCM inspired by https://tutorialedge.net/golang/go-encrypt-decrypt-aes-tutorial/ The key argument should be 16, 24, or 32 bytes.

AesEncrypt encrypt bytes by AES GCM inspired by https://tutorialedge.net/golang/go-encrypt-decrypt-aes-tutorial/ The key argument should be the AES key, either 16, 24, or 32 bytes to select AES-128, AES-192, or AES-256.

AESEncryptFilesInDir encrypt files in dir will generate new encrypted files with <suffix> after ext xxx.toml -> xxx.toml.enc.

Base32Secret generate base32 encoded secret.

Cert2Der marshal private key by x509.8.

Cert2Pem marshal x509 certificate to pem.

CertDer2Pem convert certificate in der to pem.

CSR2Der marshal csr to der.

CSRDer2Pem convert CSR in der to pem.

DecodeES256SignByBase64 parse ecdsa signature string to two *big.Int.

DecodeES256SignByHex parse ecdsa signature string to two *big.Int.

Der2Cert parse sigle certificate in der.

Der2Cert parse multiple certificates in der.

Der2CRL parse crl der or pem.

Der2CSR parse crl der.

Der2Prikey parse private key from der in x509 v8/v1.

Der2Pubkey parse public key from der in x509 pkcs1/pkix.

DeriveKey expand secret to specified length.

EncodeES256SignByBase64 format ecdsa signature to stirng.

EncodeES256SignByHex format ecdsa sign to stirng.

FormatBig2Base64 format big to base64 string.

FormatBig2Hex format big to hex string.

GeneratePasswordHash generate hashed password by origin password.

GetPubkeyFromPrikey get pubkey from private key.

HashSHA128String calculate string's hash by sha256.

HashSHA256String calculate string's hash by sha256.

HashXxhashString calculate string's hash by sha256.

HKDFWithSHA256 derivative keys by HKDF with sha256.

MatchPrefix treat prefix inclusion as a match as well `1.2.3` contains `1.2.3.4`.

NewAesReaderWrapper wrap reader by aes.

NewDHKX create a new DHKX instance each DHKX instance has it's unique group and private key.

NewECDSAPrikey new ecdsa private key.

NewEd25519Prikey new ed25519 private key.

NewRSAPrikey new rsa privat ekey.

NewRSAPrikeyAndCert convient function to new rsa private key and cert.

NewTOTP new TOTP.

NewX509Cert new self sign tls cert.

NewX509CertByCSR sign CSR to certificate csr's attributes will overweite option's attributes.

NewX509CertTemplate new tls template.

NewX509CRL create and sign CRL # Args - ca: CA to sign CRL.

NewX509CSR new CSR # Arguments if prikey is not RSA private key, you must set SignatureAlgorithm by WithX509CertSignatureAlgorithm.

OIDContains is oid in oids.

ParseBase642Big parse base64 string to big.

ParseHex2Big parse hex string to big.

ParseOTPUri parse otp uri to otp arguments # Args - uri: like `otpauth://totp/issuerName:demoAccountName?secret=4S62BZNFXXSZLCRO&issuer=issuerName`.

Pem2Cert parse single certificate in pem.

Pem2Certs parse multiple certificate in pem.

Pem2CSR parse csr from pem.

Pem2Der convert pem to der support one or more certs.

Pem2Ders convert pem to ders support one or more certs.

Pem2Prikey parse private key from x509 v8(general) pem.

Pem2Pubkey parse public key from pem.

Prikey2Der marshal private key by x509.8.

Prikey2Pem marshal private key to pem.

PrikeyDer2Pem convert private key in der to pem.

Privkey2Signer convert privkey to signer.

Pubkey2Der marshal public key by pkix.

Pubkey2Pem marshal public key to pem.

PubkeyDer2Pem convert public key in der to pem.

RandomSerialNumber generate random serial number.

RSADecrypt decrypt by rsa PKCS1v15 only accept cipher encrypted by RSAEncrypt.

RSADer2Prikey parse private key from x509 v1(rsa) der.

RSAEncrypt encrypt by PKCS1v15 canbe decrypt by RSADecrypt.

RSAPem2Prikey parse private key from x509 v1(rsa) pem.

Salt generate random salt with specifiec length.

SecureCipherSuites get golang built-in cipher suites without known insecure suites.

SignByECDSAWithSHA256 generate signature by ecdsa private key use sha256.

SignByECDSAWithSHA256AndBase64 generate signature by ecdsa private key use sha256.

SignByRSAWithSHA256 generate signature by rsa private key use sha256.

SignReaderByECDSAWithSHA256 generate signature by ecdsa private key use sha256.

SignReaderByRSAWithSHA256 generate signature by rsa private key use sha256.

ValidatePasswordHash validate password is match with hashedPassword.

VerifyByECDSAWithSHA256 verify signature by ecdsa public key use sha256.

VerifyByECDSAWithSHA256 verify signature by ecdsa public key use sha256.

VerifyByRSAWithSHA256 verify signature by rsa public key use sha256.

VerifyCertByPrikey verify cert by prikey.

VerifyCRL verify crl by ca.

VerifyReaderByECDSAWithSHA256 verify signature by ecdsa public key use sha256.

VerifyReaderByRSAWithSHA256 verify signature by rsa public key use sha256.

WithAESFilesInDirFileExt only encrypt files with specific ext.

WithAESFilesInDirFileSuffix will append to encrypted's filename as suffix xxx.toml -> xxx.toml.enc.

WithX509CertCommonName set common name.

WithX509CertCRLs add crl endpoints.

WithX509CertIsCA set is ca.

WithX509CertIsCRLCA set is ca to sign CRL.

WithX509CertKeyUsage add key usage.

WithX509CertLocality set organization unit.

WithX509CertOCSPServers set ocsp servers.

WithX509CertOrganization set organization.

WithX509CertOrganizationUnit set organization unit.

WithX509CertPolicies set certificate policies.

WithX509CertSANS set certificate SANs refer to RFC-5280 4.2.1.6 auto parse to ip/email/url/dns.

WithX509CertSeriaNumber set certificate/CRL's serial number refer to RFC-5280 5.2.3 & # Args seriaNumber: - (optional): generate certificate - (required): generate CRL.

WithX509CertSignatureAlgorithm set signature algorithm.

WithX509CertValidFor set valid for duration.

WithX509CertValidFrom set valid from.

WithX509ExtCertKeyUsage add ext key usage.

ECDSACurveP224 ecdsa with P224 Deprecated: use ECDSACurveP256 instead.

ECDSACurveP256 ecdsa with P256.

ECDSACurveP384 ecdsa with P384.

ECDSACurveP521 ecdsa with P521.

OTPAlgorithmSHA1 sha1.

OTPTypeHOTP hash-based otp.

OTPTypeTOTP time-based otp.

RSAPrikeyBits2048 rsa private key with 2048 bits.

RSAPrikeyBits3072 rsa private key with 3072 bits.

AesReaderWrapper used to decrypt encrypted reader.

Diffie Hellman Key-exchange algorithm https://pkg.go.dev/github.com/monnand/dhkx # Example alice, _ := NewDHKX() bob, _ := NewDHKX() alicePub := alice.PublicKey() bobPub := bob.PublicKey() aliceKey, _ := alice.GenerateKey(bobPub) bobKey, _ := bob.GenerateKey(alicePub) // aliceKey == bobKey.

OTPArgs arguments for OTP.

TOTP time-based OTP.

TOTPInterface interface for TOTP.

AESEncryptFilesInDirOption options to encrypt files in dir.

DHKXOptionFunc optional func to set dhkx option.

ECDSACurve algorithms.

OTPAlgorithm hash algorithm for otp.

OTPType otp type.

RSAPrikeyBits width of rsa private key.

X509CertOption option to generate tls certificate.