fernet-go – github.com/fernet/fernet-go Index | Examples | Files | Directories

package fernet

import "github.com/fernet/fernet-go"

Package fernet takes a user-provided message (an arbitrary sequence of bytes), a key (256 bits), and the current time, and produces a token, which contains the message in a form that can't be read or altered without the key.

For more information and background, see the Fernet spec at https://github.com/fernet/spec.

Subdirectories in this package provide command-line tools for working with Fernet keys and tokens.

Example

Code: 

{
	k := fernet.MustDecodeKeys("cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=")
	tok, err := fernet.EncryptAndSign([]byte("hello"), k[0])
	if err != nil {
		panic(err)
	}
	msg := fernet.VerifyAndDecrypt(tok, 60*time.Second, k)
	fmt.Println(string(msg))
	// Output:
	// hello
}

Output:

hello

Index

Examples

Functions

func EncryptAndSign 

func EncryptAndSign(msg []byte, k *Key) (tok []byte, err error)

EncryptAndSign encrypts and signs msg with key k and returns the resulting fernet token. If msg contains text, the text should be encoded with UTF-8 to follow fernet convention.

func EncryptAndSignAtTime 

func EncryptAndSignAtTime(msg []byte, k *Key, signedAt time.Time) (tok []byte, err error)

EncryptAndSignAtTime encrypts and signs msg with key k at timestamp signedAt and returns the resulting fernet token. If msg contains text, the text should be encoded with UTF-8 to follow fernet convention.

func VerifyAndDecrypt 

func VerifyAndDecrypt(tok []byte, ttl time.Duration, k []*Key) (msg []byte)

VerifyAndDecrypt verifies that tok is a valid fernet token that was signed with a key in k at most ttl time ago only if ttl is greater than zero. Returns the message contained in tok if tok is valid, otherwise nil.

Types

type Key 

type Key [32]byte

Key represents a key.

func DecodeKey 

func DecodeKey(s string) (*Key, error)

DecodeKey decodes a key from s and returns it. The key can be in hexadecimal, standard base64, or URL-safe base64.

func DecodeKeys 

func DecodeKeys(a ...string) ([]*Key, error)

DecodeKeys decodes each element of a using DecodeKey and returns the resulting keys. Requires at least one key.

func MustDecodeKeys 

func MustDecodeKeys(a ...string) []*Key

MustDecodeKeys is like DecodeKeys, but panics if an error occurs. It simplifies safe initialization of global variables holding keys.

func (*Key) Encode 

func (k *Key) Encode() string

Encode returns the URL-safe base64 encoding of k.

func (*Key) Generate 

func (k *Key) Generate() error

Generate initializes k with pseudorandom data from package crypto/rand.

Source Files

fernet.go key.go

Directories

PathSynopsis
cmd
cmd/fernet-keygen
cmd/fernet-sign
Version
v0.0.0-20240119011108-303da6aec611 (latest)
Published
Jan 19, 2024
Platform
darwin/amd64
Imports
12 packages
Last checked
2 months ago

Tools for package owners.