package auth
import "golang.org/x/crypto/nacl/auth"
Package auth authenticates a message using a secret key.
This package is interoperable with NaCl.
The auth package is essentially a wrapper for HMAC-SHA-512 (implemented by
crypto/hmac and crypto/sha512), truncated to 32 bytes. It is frozen and is
not accepting new features.
Code:play
Output:Example¶
package main
import (
"encoding/hex"
"fmt"
"golang.org/x/crypto/nacl/auth"
)
func main() {
// Load your secret key from a safe place and reuse it across multiple
// Sum calls. (Obviously don't use this example key for anything
// real.) If you want to convert a passphrase to a key, use a suitable
// package like bcrypt or scrypt.
secretKeyBytes, err := hex.DecodeString("6368616e676520746869732070617373776f726420746f206120736563726574")
if err != nil {
panic(err)
}
var secretKey [32]byte
copy(secretKey[:], secretKeyBytes)
mac := auth.Sum([]byte("hello world"), &secretKey)
fmt.Printf("%x\n", *mac)
result := auth.Verify(mac[:], []byte("hello world"), &secretKey)
fmt.Println(result)
badResult := auth.Verify(mac[:], []byte("different message"), &secretKey)
fmt.Println(badResult)
}
eca5a521f3d77b63f567fb0cb6f5f2d200641bc8dada42f60c5f881260c30317
true
false
Index ¶
- Constants
- func Sum(m []byte, key *[KeySize]byte) *[Size]byte
- func Verify(digest []byte, m []byte, key *[KeySize]byte) bool
Examples ¶
Constants ¶
const ( // Size is the size, in bytes, of an authenticated digest. Size = 32 // KeySize is the size, in bytes, of an authentication key. KeySize = 32 )
Functions ¶
func Sum ¶
Sum generates an authenticator for m using a secret key and returns the 32-byte digest.
func Verify ¶
Verify checks that digest is a valid authenticator of message m under the given secret key. Verify does not leak timing information.
Source Files ¶
auth.go
- Version
- v0.49.0
- Published
- Mar 11, 2026
- Platform
- darwin/amd64
- Imports
- 2 packages
- Last checked
- 6 hours ago –
Tools for package owners.