AesDecrypt encrypt bytes by AES GCM inspired by https://tutorialedge.net/golang/go-encrypt-decrypt-aes-tutorial/ The key argument should be 16, 24, or 32 bytes.

AesEncrypt encrypt bytes by AES GCM inspired by https://tutorialedge.net/golang/go-encrypt-decrypt-aes-tutorial/ The key argument should be the AES key, either 16, 24, or 32 bytes to select AES-128, AES-192, or AES-256.

AESEncryptFilesInDir encrypt files in dir will generate new encrypted files with <suffix> after ext xxx.toml -> xxx.toml.enc.

Base32Secret generate base32 encoded secret.

Cert2Der marshal private key by x509.8.

Cert2Pem marshal x509 certificate to pem.

CertDer2Pem convert certificate in der to pem.

CSR2Der marshal csr to der.

CSRDer2Pem convert CSR in der to pem.

DecodeES256SignByBase64 parse ecdsa signature string to two *big.Int.

DecodeES256SignByHex parse ecdsa signature string to two *big.Int.

Der2Cert parse sigle certificate in der.

Der2Cert parse multiple certificates in der.

Der2CRL parse crl der.

Der2CRLPkix parse crl der or pem.

Der2CSR parse crl der.

Der2Prikey parse private key from der in x509 v8/v1.

Der2Pubkey parse public key from der in x509 pkcs1/pkix.

DeriveKey derive key by hkdf Deprecated: use DeriveKeyByHKDF instead.

DeriveKeyByHKDF derive key by hkdf.

DeriveKeyBySMHF derive key by Stronger Key Derivation via Sequential Memory-Hard Functions https://pkg.go.dev/golang.org/x/[email protected]/scrypt.

EncodeES256SignByBase64 format ecdsa signature to stirng.

EncodeES256SignByHex format ecdsa sign to stirng.

FormatBig2Base64 format big to base64 string.

FormatBig2Hex format big to hex string.

GeneratePasswordHash generate hashed password by origin password.

GetPubkeyFromPrikey get pubkey from private key.

HashSHA128String calculate string's hash by sha256.

HashSHA256String calculate string's hash by sha256.

HashXxhashString calculate string's hash by sha256.

HKDFWithSHA256 derivative keys by HKDF with sha256.

MatchPrefix treat prefix inclusion as a match as well `1.2.3` contains `1.2.3.4`.

NewAesReaderWrapper wrap reader by aes.

NewDefaultX509CertSerialNumGenerator new DefaultX509CertSerialNumGenerator.

NewDHKX create a new DHKX instance each DHKX instance has it's unique group and private key.

NewECDSAPrikey new ecdsa private key.

NewEd25519Prikey new ed25519 private key.

NewRSAPrikey new rsa privat ekey.

NewRSAPrikeyAndCert convient function to new rsa private key and cert.

NewTOTP new TOTP.

NewX509Cert new self sign tls cert.

NewX509CertByCSR sign CSR to certificate Depends on RFC-5280 4.2.1.12, empty ext key usage is as same as any key usage.

NewX509CRL create and sign CRL # Args - ca: CA to sign CRL.

NewX509CSR new CSR # Arguments if prikey is not RSA private key, you must set SignatureAlgorithm by WithX509CertSignatureAlgorithm.

OIDContains is oid in oids.

ParseBase642Big parse base64 string to big.

ParseHex2Big parse hex string to big.

ParseOTPUri parse otp uri to otp arguments # Args - uri: like `otpauth://totp/issuerName:demoAccountName?secret=4S62BZNFXXSZLCRO&issuer=issuerName`.

Pem2Cert parse single certificate in pem.

Pem2Certs parse multiple certificate in pem.

Pem2CSR parse csr from pem.

Pem2Der convert pem to der support one or more certs.

Pem2Ders convert pem to ders support one or more certs.

Pem2Prikey parse private key from x509 v8(general) pem.

Pem2Pubkey parse public key from pem.

Prikey2Der marshal private key by x509.8.

Prikey2Pem marshal private key to pem.

PrikeyDer2Pem convert private key in der to pem.

Privkey2Signer convert privkey to signer.

Pubkey2Der marshal public key by pkix.

Pubkey2Pem marshal public key to pem.

PubkeyDer2Pem convert public key in der to pem.

ReadableX509ExtKeyUsage convert objectids to readable strings.

ReadablePkixName convert pkix.Name to readable map with strings.

ReadableX509Cert convert x509 certificate to readable jsonable map.

ReadableX509ExtKeyUsage convert x509 certificate ext key usages to readable strings.

ReadableX509KeyUsage convert x509 certificate key usages to readable strings.

RSADecrypt decrypt by rsa PKCS1v15 only accept cipher encrypted by RSAEncrypt.

RSADer2Prikey parse private key from x509 v1(rsa) der.

RSAEncrypt encrypt by PKCS1v15 canbe decrypt by RSADecrypt.

RSAPem2Prikey parse private key from x509 v1(rsa) pem.

Salt generate random salt with specifiec length.

SecureCipherSuites get golang built-in cipher suites without known insecure suites.

SignByECDSAWithSHA256 generate signature by ecdsa private key use sha256.

SignByECDSAWithSHA256AndBase64 generate signature by ecdsa private key use sha256.

SignByRSAWithSHA256 generate signature by rsa private key use sha256.

SignReaderByECDSAWithSHA256 generate signature by ecdsa private key use sha256.

SignReaderByRSAWithSHA256 generate signature by rsa private key use sha256.

ValidatePasswordHash validate password is match with hashedPassword.

VerifyByECDSAWithSHA256 verify signature by ecdsa public key use sha256.

VerifyByECDSAWithSHA256 verify signature by ecdsa public key use sha256.

VerifyByRSAWithSHA256 verify signature by rsa public key use sha256.

VerifyCertByPrikey verify cert by prikey.

VerifyCRL verify crl by ca.

VerifyCRLPkix verify crl by ca.

VerifyReaderByECDSAWithSHA256 verify signature by ecdsa public key use sha256.

VerifyReaderByRSAWithSHA256 verify signature by rsa public key use sha256.

WithAESFilesInDirFileExt only encrypt files with specific ext.

WithAESFilesInDirFileSuffix will append to encrypted's filename as suffix xxx.toml -> xxx.toml.enc.

WithX509CertCommonName set common name.

WithX509CertCountry set subject countries.

WithX509CertCRLs add crl endpoints.

WithX509CertDNSNames set dns sans.

WithX509CertEmailAddrs set email sans.

WithX509CertExtKeyUsage add ext key usage.

WithX509CertIPAddrs set ip sans.

WithX509CertIsCA set is ca.

WithX509CertIsCRLCA set is ca to sign CRL.

WithX509CertKeyUsage add key usage.

WithX509CertLocality set subject localities.

WithX509CertOCSPServers set ocsp servers.

WithX509CertOrganization set organization.

WithX509CertOrganizationUnit set organization unit.

WithX509CertParent set issuer.

WithX509CertPolicies set certificate policies.

WithX509CertPostalCode set subjuect postal codes.

WithX509CertProvince set subject provinces.

WithX509CertPubkey set new certs' pubkey.

WithX509CertPublicKeyAlgorithm set signature algorithm.

WithX509CertSANS set certificate SANs refer to RFC-5280 4.2.1.6 auto parse to ip/email/url/dns.

WithX509CertSerialNumGenerator set serial number generator.

WithX509CertSeriaNumber set certificate/CRL's serial number refer to RFC-5280 5.2.3 & # Args seriaNumber: - (optional): generate certificate - (required): generate CRL.

WithX509CertSignatureAlgorithm set signature algorithm.

WithX509CertStreetAddrs set subjuect street addresses.

WithX509CertURIs set uri sans.

WithX509CertValidFor set valid for duration.

WithX509CertValidFrom set valid from.

WithX509CSRCommonName set common name.

WithX509CSRCountry set subject countries.

WithX509CSRDNSNames set dns sans.

WithX509CSREmailAddrs set email sans.

WithX509CSRIPAddrs set ip sans.

WithX509CSRLocality set subject localities.

WithX509CSROrganization set organization.

WithX509CSROrganizationUnit set organization units.

WithX509CSRPostalCode set subjuect postal codes.

WithX509CSRProvince set subject provinces.

WithX509CSRPublicKeyAlgorithm set signature algorithm.

WithX509CertSANS set certificate SANs refer to RFC-5280 4.2.1.6 auto WithX509CSRSANS to ip/email/url/dns.

WithX509CSRSignatureAlgorithm set signature algorithm.

WithX509CSRStreetAddrs set subjuect street addresses.

WithX509CSRSubject set subject name.

WithX509CSRURIs set uri sans.

WithX509SerialNumGenerator set serial number generator.

WithX509SignCSRCRLs add crl endpoints.

WithX509SignCSRExtKeyUsage add ext key usage.

WithX509SignCSRIsCA set is ca.

WithX509SignCSRIsCRLCA set is ca to sign CRL.

WithX509SignCSRKeyUsage add key usage.

WithX509SignCSROCSPServers set ocsp servers.

WithX509SignCSRPolicies set certificate policies.

WithX509SignCSRSeriaNumber set certificate/CRL's serial number refer to RFC-5280 5.2.3 & # Args seriaNumber: - (optional): generate certificate - (required): generate CRL.

WithX509SignCSRValidFor set valid for duration.

WithX509SignCSRValidFrom set valid from.

WithX509Subject set subject name.

X509CertSubjectKeyID generate subject key id for pubkey if x509 certificate template is a CA, subject key id will generated by golang automatelly - https://cs.opensource.google/go/go/+/refs/tags/go1.19.5:src/crypto/x509/x509.go;l=1476.

ECDSACurveP224 ecdsa with P224 Deprecated: use ECDSACurveP256 instead.

ECDSACurveP256 ecdsa with P256.

ECDSACurveP384 ecdsa with P384.

ECDSACurveP521 ecdsa with P521.

OTPAlgorithmSHA1 sha1.

OTPTypeHOTP hash-based otp.

OTPTypeTOTP time-based otp.

RSAPrikeyBits2048 rsa private key with 2048 bits.

RSAPrikeyBits3072 rsa private key with 3072 bits.

RSAPrikeyBits4096 rsa private key with 4096 bits.

AesReaderWrapper used to decrypt encrypted reader.

DefaultX509CertSerialNumGenerator default cert serial number generator base on epoch time and random int.

Diffie Hellman Key-exchange algorithm https://pkg.go.dev/github.com/monnand/dhkx # Example alice, _ := NewDHKX() bob, _ := NewDHKX() alicePub := alice.PublicKey() bobPub := bob.PublicKey() aliceKey, _ := alice.GenerateKey(bobPub) bobKey, _ := bob.GenerateKey(alicePub) // aliceKey == bobKey.

OTPArgs arguments for OTP.

TOTP time-based OTP.

TOTPInterface interface for TOTP.

X509CertSerialNumberGenerator x509 certificate serial number generator.

AESEncryptFilesInDirOption options to encrypt files in dir.

DHKXOptionFunc optional func to set dhkx option.

ECDSACurve algorithms.

OTPAlgorithm hash algorithm for otp.

OTPType otp type.

RSAPrikeyBits width of rsa private key.

SignCSROption options for create certificate from CRL.

X509CertOption option to generate tls certificate.

X509CRLOption options for create x509 CRL.

X509CSROption option to generate tls certificate.