Crypto

The Crypto registry includes essential cryptographic tools for enhancing security in your projects, such as encryption, decryption, certificates generations.

You can easily import all the functions from the crypto registry by including the following import statement in your code

import "github.com/go-sprout/sprout/registry/crypto"

Directly using cryptographic functions in templates poses significant security risks. This package is included in Sprout solely for backward compatibility with Sprig.

We strongly recommend generating certificates and performing other cryptographic operations outside of templates to maintain security and follow best practices.

In future versions, this package will be removed from Sprout.

bcrypt

The function generates a bcrypt hash from the given input string, providing a secure way to store passwords or other sensitive data.

Be careful, this method use the default cost of the library and can cause security vulnerabilities.

Signature

Bcrypt(input string) string

Must version

{{ "Hello World" | bcrypt }} // Output: "$2a$12$C1qL8XVjIuGKzQXwC6g6tO"

htpasswd

The function generates an Htpasswd hash from the given username and password strings, typically used for basic authentication in web servers.

Be careful, this method use the default cost of the library and can cause security vulnerabilities.

Signature

Htpasswd(username string, password string) string

Must version

{{ htpasswd "username" "password" }} // Output: "$2a$12$C1qL8XVjIuGKzQXwC6g6tO"

derivePassword

The function derives a password based on the provided counter, password type, password, user, and site, generating a consistent and secure password using these inputs.

Signature

DerivePassword(counter uint32, passwordType, password, user, site string) string

Must version

{{ derivePassword 1 "long" "password" "user" "example.com" }} // Output: "$2a$12$C1qL8XVjIuGKzQXwC6g6tO"

genPrivateKey

The function generates a private key of the specified type, allowing for the creation of cryptographic keys used in various security protocols.

Signature

GeneratePrivateKey(typ string) string

Must version

{{ generatePrivateKey "rsa" }} // Output: "-----BEGIN RSA PRIVATE KEY-----"

buildCustomCert

The function builds a custom certificate using a base64 encoded certificate and private key, enabling the creation of customized SSL/TLS certificates for secure communications.

Signature

BuildCustomCertificate(b64cert string, b64key string) (Certificate, error)

Must version

{{ buildCustomCertificate "b64cert" "b64key" }}
// Output: {"Cert":"b64cert","Key":"b64key"}

genCA

Generates a certificate authority (CA) using the provided common name and validity period, creating the root certificate needed to sign other certificates.

Signature

GenerateCertificateAuthority(cn string, daysValid int) (Certificate, error)

Must version

{{ generateCertificateAuthority "example.com" 365 }}
// Output: {"Cert":"b64cert","Key":"b64key"}

genCAWithKey

Generates a certificate authority using the provided common name, validity period, and an existing private key in PEM format, allowing for more customized or pre-existing key usage in CA creation.

Signature

GenerateCertificateAuthorityWithPEMKey(
	cn string,
	daysValid int,
	privPEM string,
) (Certificate, error)

Must version

{{ generateCertificateAuthorityWithPEMKey "example.com" 365 "privPEM" }}
// Output: {"Cert":"b64cert","Key":"b64key"}

genSelfSignedCert

The function generates a new, self-signed x509 certificate using a 2048-bit RSA private key, allowing for secure communication without relying on an external certificate authority.

Signature

GenerateSelfSignedCertificate(
	cn string,
	ips []interface{},
	alternateDNS []interface{},
	daysValid int,
) (Certificate, error)

Must version

{{ generateSelfSignedCertificate "example.com" ["127.0.0.1"] ["localhost"] 365 }}
// Output: {"Cert":"b64cert","Key":"b64key"}

genSelfSignedCertWithKey

The function generates a new, self-signed x509 certificate using a provided private key in PEM format. This allows you to create a self-signed certificate with an existing PEM-encoded private key, offering more control over the certificate generation process.

Signature

GenerateSelfSignedCertificateWithPEMKey(
	cn string,
	ips []interface{},
	alternateDNS []interface{},
	daysValid int,
	privPEM string,
) (Certificate, error)

Must version

{{ generateSelfSignedCertificateWithPEMKey "example.com" ["127.0.0.1"] ["localhost"] 365 "privPEM" }}
// Output: {"Cert":"b64cert","Key":"b64key"}

genSignedCert

The function generates a new x509 certificate that is signed by a given Certificate Authority (CA) certificate. This allows for the creation of certificates that are trusted by the CA, ensuring secure communication within a trusted network.

Signature

GenerateSignedCertificate(
	cn string,
	ips []interface{},
	alternateDNS []interface{},
	daysValid int,
	ca Certificate,
) (Certificate, error)

Must version

{{ generateSignedCertificate "example.com" ["127.0.0.1"] ["localhost"] 365 ca }}
// Output: {"Cert":"b64cert","Key":"b64key"}

genSignedCertWithKey

The function generates a new, signed x509 certificate using a given Certificate Authority (CA) certificate and a private key in PEM format. This allows for the creation of a certificate that is not only signed by a trusted CA but also utilizes a specific PEM-encoded private key, ensuring secure and authenticated communication.

Signature

GenerateSignedCertificateWithPEMKey(
	cn string,
	ips []interface{},
	alternateDNS []interface{},
	daysValid int,
	ca Certificate,
	privPEM string,
) (Certificate, error)

Must version

{{ generateSignedCertificateWithPEMKey "example.com" ["127.0.0.1"] ["localhost"] 365 ca "privPEM" }}
// Output: {"Cert":"b64cert","Key":"b64key"}

encryptAES

The function encrypts a plaintext string using AES encryption, with the encryption key derived from the provided password. This ensures that the data is securely encrypted, making it unreadable without the correct password.

Signature

EncryptAES(password string, plaintext string) (string, error)

Must version

{{ encryptAES "password" "plaintext" }} // Output: "b64encrypted"

decryptAES

The function decrypts a base64-encoded string that was encrypted using AES encryption, using the provided password to return the original plaintext.

Signature

DecryptAES(password string, crypt64 string) (string, error)

Must version

{{ decryptAES "password" "b64encrypted" }} // Output: "plaintext"

Last updated

#18: v0.5 loaders with handlers and registries

Change request updated