README
¶
auth
simple, signed, token based authentication
- ed25519 (EdDSA) based verification
- payload is encoded/decoded using
- GO - msgpack
- ZIG - json
- ttl enforced to expire tokens
- optional AES encryption
- GO - https://github.com/gtank/cryptopasta
- ZIG - TODO
- format: {timestamp}.{payload}.{signature}
todo
- ZIG - testing
- ZIG - msgpack
- GO - b64 encode the final output instead of the payload
- ZIG - better timestamp handling
- ZIG - aes encryption
- key rotation?
Documentation
¶
Overview ¶
Provides symmetric authenticated encryption using 256-bit AES-GCM with a random nonce.
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( ErrExpired = errors.New("authentication expired") ErrModified = errors.New("payload or signature was modified") )
Functions ¶
func NewEncryptionKey ¶
func NewEncryptionKey() *[32]byte
NewEncryptionKey generates a random 256-bit key for Encrypt() and Decrypt(). It panics if the source of randomness fails.
Types ¶
type Authenticator ¶
type Authenticator[A any] struct { // Required Public ed25519.PublicKey Private ed25519.PrivateKey // Optional EncryptionKey *[32]byte }
func (*Authenticator[A]) Decode ¶
func (this *Authenticator[A]) Decode(token []byte, ttl int64) (*A, error)
func (*Authenticator[A]) Generate ¶
func (this *Authenticator[A]) Generate(src *A) ([]byte, error)
func (*Authenticator[A]) GenerateStr ¶
func (this *Authenticator[A]) GenerateStr(src *A) (string, error)
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.