golang crypto
xxxxxxxxxx
package helpers
import (
"crypto"
"crypto/rand"
"crypto/rsa"
"crypto/sha256"
"crypto/x509"
"encoding/base64"
"encoding/pem"
"errors"
"os"
"strings"
)
func (h *rsaCrypto) Asymmetric(req *Asymmetric, password string) error {
salt := rand.Reader
rsaPrivateKey := new(rsa.PrivateKey)
internalClientID := os.Getenv("INTERNAL_CLIENT_ID")
internalClientKey := os.Getenv("INTERNAL_CLIENT_KEY")
internalPrivateKey := os.Getenv("INTERNAL_PRIVATE_KEY")
internalPublicKey := os.Getenv("INTERNAL_PUBLIC_KEY")
headers := Asymmetric{}
headers.ClientID = strings.TrimSpace(req.ClientID)
headers.ClientKey = strings.TrimSpace(req.ClientKey)
headers.PrivateKey = strings.TrimSpace(req.PrivateKey)
cipherBody := []byte(headers.ClientID + ":" + headers.ClientKey + ":" + headers.PrivateKey)
cipherBodyHash256 := sha256.New()
cipherBodyHash256.Write(cipherBody)
cipherBodyHash := cipherBodyHash256.Sum(nil)
if headers.PrivateKey == "" {
return errors.New("PEM PrivateKey certificate must be a base64 format")
} else if headers.ClientID != internalClientID {
return errors.New("Invalid ClientId")
} else if headers.ClientKey != internalClientKey {
return errors.New("Invalid ClientKey")
} else if strings.Compare(headers.PrivateKey, internalPrivateKey) != 0 {
return errors.New("Invalid PrivateKey")
}
decodedPrivateKey, err := base64.StdEncoding.DecodeString(headers.PrivateKey)
if err != nil {
return err
}
headers.PrivateKey = string(decodedPrivateKey)
pemDecode, _ := pem.Decode([]byte(headers.PrivateKey))
if pemDecode == nil {
return errors.New("Invalid PEM PrivateKey certificate")
}
switch pemDecode.Type {
case PRIVPKCS1:
if password != "" && x509.IsEncryptedPEMBlock(pemDecode) {
pemBlockDecrypt, err := x509.DecryptPEMBlock(pemDecode, []byte(strings.TrimSpace(password)))
if err != nil {
return err
}
parsePrivateKey, err := x509.ParsePKCS1PrivateKey(pemBlockDecrypt)
if err != nil {
return err
}
rsaPrivateKey = parsePrivateKey
}
parsePrivateKey, err := x509.ParsePKCS1PrivateKey(pemDecode.Bytes)
if err != nil {
return err
}
rsaPrivateKey = parsePrivateKey
break
case PRIVPKCS8:
if password != "" && x509.IsEncryptedPEMBlock(pemDecode) {
pemBlockDecrypt, err := x509.DecryptPEMBlock(pemDecode, []byte(strings.TrimSpace(password)))
if err != nil {
return err
}
parsePrivateKey, err := x509.ParsePKCS8PrivateKey(pemBlockDecrypt)
if err != nil {
return err
}
rsaPrivateKey = parsePrivateKey.(*rsa.PrivateKey)
}
parsePrivateKey, err := x509.ParsePKCS8PrivateKey(pemDecode.Bytes)
if err != nil {
return err
}
rsaPrivateKey = parsePrivateKey.(*rsa.PrivateKey)
break
default:
return errors.New("Invalid PEM PrivateKey certificate")
}
if err := rsaPrivateKey.Validate(); err != nil {
return err
}
signature, err := rsa.SignPKCS1v15(salt, rsaPrivateKey, crypto.SHA256, cipherBodyHash)
if err != nil {
return err
}
rsaPublicKeyRaw, err := h.PublicKey(internalPublicKey, true)
if err != nil {
return err
}
rsaPublicKey, err := x509.ParsePKIXPublicKey(rsaPublicKeyRaw)
if err != nil {
return err
}
if err := rsa.VerifyPKCS1v15(rsaPublicKey.(*rsa.PublicKey), crypto.SHA256, cipherBodyHash, signature); err != nil {
return err
}
return nil
}
xxxxxxxxxx
<nav class="navbar navbar-expand-lg navbar-light bg-light">
<div class="container-fluid">
<a class="navbar-brand" href="#">Navbar</a>
<button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarNavAltMarkup" aria-controls="navbarNavAltMarkup" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse" id="navbarNavAltMarkup">
<div class="navbar-nav">
<a class="nav-link active" aria-current="page" href="#">Home</a>
<a class="nav-link" href="#">Features</a>
<a class="nav-link" href="#">Pricing</a>
<a class="nav-link disabled" href="#" tabindex="-1" aria-disabled="true">Disabled</a>
</div>
</div>
</div>
</nav>
xxxxxxxxxx
// toast in react
// create toast.js component
import { toast } from 'react-toastify';
import 'react-toastify/dist/ReactToastify.css';
toast.configure()
const options = {
autoClose: 2000,
className: '',
position: toast.POSITION.TOP_RIGHT,
};
export const toastSuccess = message => {
console.log("Hello0 success toast")
toast.success(message, options);
}
export const toastError = message => {
toast.error(message, options);
}
export const toastWarning = message => {
toast.warn(message, options);
}
export const toastInformation = message => {
toast.info(message, options);
}
export const toastDark = message => {
toast.dark(message, options);
}
export const toastDefault = message => {
toast(message, options);
}
// wherever in need that toast use like this
import { toastError, toastSuccess } from "./Toast";
toastSuccess("User successfully registered");
toastError("User is not created try again");
xxxxxxxxxx
salt := rand.Reader
headers := AsymmetricSignatureSnap{}
headers.ClientKey = mandiriClientKey
headers.TimeStamp = time.Now().Add(time.Duration(time.Second * 10)).Format(time.RFC3339)
privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
panic(fmt.Errorf("GenerateKey :%s", err.Error()))
}
cipherText := []byte(headers.ClientKey + ":" + headers.TimeStamp)
// cipherTextHash256 := sha256.New()
// cipherTextHash256.Write(cipherText)
// cipherTextHash := cipherTextHash256.Sum(nil)
secretKey := []byte(mandriPrivateKey)
secretKeyHash256 := sha256.New()
secretKeyHash256.Write(secretKey)
secretKeyHash := secretKeyHash256.Sum(nil)
// err = rsa.DecryptPKCS1v15SessionKey(salt, privateKey, secretKey, secretKeyHash)
// if err != nil {
// panic(fmt.Errorf("DecryptPKCS1v15SessionKey: %s", err.Error()))
// }
privateKeySign, err := privateKey.Sign(salt, secretKeyHash, crypto.SHA256)
if err != nil {
panic(fmt.Errorf("Sign: %s", err.Error()))
}
fmt.Println("Sign: ", base64.StdEncoding.EncodeToString(privateKeySign))
// privateKeySign, err := rsa.SignPSS(salt, privateKey, crypto.SHA256, sha256Key, nil)
// if err != nil {
// panic(fmt.Errorf("SignPSS: %s", err.Error()))
// }
// err = rsa.VerifyPSS(&privateKey.PublicKey, crypto.SHA256, sha256Key, privateKeySign, nil)
// if err != nil {
// panic(fmt.Errorf("VerifyPSS: %s", err.Error()))
// }
// x509Config := x509.Certificate{}
// x509Config.SerialNumber = big.NewInt(2096)
// x509Config.PublicKeyAlgorithm = x509.PublicKeyAlgorithm(x509.PEMCipherAES256)
// x509Config.SignatureAlgorithm = x509.SignatureAlgorithm(x509.SHA256WithRSA)
// x509Res, err := x509.CreateCertificate(salt, &x509Config, &x509Config, privateKey.Public(), privateKey)
// if err != nil {
// panic(fmt.Errorf("CreateCertificate: %s", err.Error()))
// }
pemPrivateKeyOptions := &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(privateKey)}
pemPrivateKey := new(bytes.Buffer)
if err := pem.Encode(pemPrivateKey, pemPrivateKeyOptions); err != nil {
panic(fmt.Errorf("MarshalPKCS1PrivateKey: %s", err.Error()))
}
fmt.Printf("\n")
fmt.Println("pemPrivateKey: ", base64.StdEncoding.EncodeToString(pemPrivateKey.Bytes()))
pemPublicKeyOptions := &pem.Block{Type: "PUBLIC KEY", Bytes: x509.MarshalPKCS1PublicKey(&privateKey.PublicKey)}
pemPublic := new(bytes.Buffer)
if err := pem.Encode(pemPublic, pemPublicKeyOptions); err != nil {
panic(fmt.Errorf("MarshalPKCS1PublicKey: %s", err.Error()))
}
fmt.Printf("\n")
fmt.Println("pemPublic: ", base64.StdEncoding.EncodeToString(pemPublic.Bytes()))
encryptOAEP, err := rsa.EncryptOAEP(crypto.Hash(x509.SHA256WithRSA).New(), salt, &privateKey.PublicKey, cipherText, nil)
if err := pem.Encode(pemPublic, pemPublicKeyOptions); err != nil {
panic(fmt.Errorf("EncryptOAEP: %s", err.Error()))
}
fmt.Printf("\n")
fmt.Println("EncryptOAEP: ", base64.StdEncoding.EncodeToString(encryptOAEP))
signPKCS1v15, err := rsa.SignPKCS1v15(salt, privateKey, crypto.Hash(x509.SHA256WithRSA), encryptOAEP)
if err := pem.Encode(pemPublic, pemPublicKeyOptions); err != nil {
panic(fmt.Errorf("SignPKCS1v15: %s", err.Error()))
}
fmt.Printf("\n")
fmt.Println("SignPKCS1v15: ", base64.StdEncoding.EncodeToString(signPKCS1v15))
golang crypto
xxxxxxxxxx
const (
PRIVPKCS1 = "RSA PRIVATE KEY"
PRIVPKCS8 = "PRIVATE KEY"
PUBPKCS1 = "RSA PUBLIC KEY"
PUBPKCS8 = "PUBLIC KEY"
CERTIFICATE = "CERTIFICATE"
)
type (
IRsaCrypto interface {
PrivateKey(value string) error
PublicKey(value string, raw bool) ([]byte, error)
Asymmetric(req *Asymmetric, password string) error
}
Asymmetric struct {
ClientID string `json:"clientId"`
ClientKey string `json:"clientKey"`
PrivateKey string `json:"privateKey"`
}
rsaCrypto struct{}
)
func NewRsa() IRsaCrypto {
return &rsaCrypto{}
}
func (h *rsaCrypto) PrivateKey(value string) error {
var privateKey string
decoded, err := base64.StdEncoding.DecodeString(strings.TrimSpace(value))
if err != nil {
return err
}
pemDecoded, _ := pem.Decode([]byte(decoded))
if pemDecoded == nil {
return errors.New("Invalid PEM PrivateKey certificate")
}
if pemDecoded.Type == PRIVPKCS1 {
privateKey = string(pem.EncodeToMemory(pemDecoded))
} else if pemDecoded.Type == PRIVPKCS8 {
privateKey = string(pem.EncodeToMemory(pemDecoded))
} else if pemDecoded.Type == CERTIFICATE {
privateKey = string(pem.EncodeToMemory(pemDecoded))
} else {
return errors.New("Invalid PEM PrivateKey certificate")
}
if privateKey == "" {
return errors.New("Invalid PEM PrivateKey certificate")
}
return nil
}
func (h *rsaCrypto) PublicKey(value string, rawPem bool) ([]byte, error) {
var publicKey []byte
externalPublicKey, err := base64.StdEncoding.DecodeString(strings.TrimSpace(value))
if err != nil {
return nil, err
}
pemDecoded, _ := pem.Decode([]byte(externalPublicKey))
if pemDecoded == nil {
return nil, errors.New("Invalid PEM PublicKey certificate")
}
if !rawPem && pemDecoded.Type == PUBPKCS1 {
publicKey = pem.EncodeToMemory(pemDecoded)
} else if !rawPem && pemDecoded.Type == PUBPKCS8 {
publicKey = pem.EncodeToMemory(pemDecoded)
} else if !rawPem && pemDecoded.Type == CERTIFICATE {
publicKey = pem.EncodeToMemory(pemDecoded)
} else {
publicKey = pemDecoded.Bytes
}
return publicKey, nil
}
// NEXT CODE IN BELOW
golang crypto
xxxxxxxxxx
package helpers
import (
"crypto/aes"
"crypto/cipher"
"crypto/hmac"
"crypto/rand"
"crypto/sha256"
"crypto/sha512"
"encoding/hex"
"errors"
"golang.org/x/crypto/scrypt"
)
type (
Cypto interface {
AES256Encrypt(secretKey, plainText string) (string, error)
AES256Decrypt(secretKey string, cipherText string) (string, error)
HMACSHA512Sign(secretKey, data string) (string, error)
HMACSHA512Verify(secretKey, data, hash string) bool
SHA256Sign(plainText string) (string, error)
SHA512Sign(plainText string) (string, error)
}
crypto struct{}
)
func NewCrypto() Cypto {
return &crypto{}
}
func (h *crypto) AES256Encrypt(secretKey, plainText string) (string, error) {
secretKeyByte := make([]byte, len(secretKey))
secretKeyByte = []byte(secretKey)
plainTextByte := make([]byte, len(plainText))
plainTextByte = []byte(plainText)
tagSize := 16
if len(secretKeyByte) < 32 {
return "", errors.New("Secretkey length mismatch")
}
key, err := scrypt.Key([]byte(secretKey), []byte("salt"), 1024, 8, 1, 32)
if err != nil {
return "", err
}
block, err := aes.NewCipher(key)
if err != nil {
return "", err
}
gcm, err := cipher.NewGCMWithTagSize(block, tagSize)
if err != nil {
return "", err
}
nonceSize := make([]byte, gcm.NonceSize())
if _, err = rand.Read(nonceSize); err != nil {
return "", err
}
cipherText := gcm.Seal(nonceSize, nonceSize, []byte(plainTextByte), nil)
return hex.EncodeToString(cipherText), nil
}
func (h *crypto) AES256Decrypt(secretKey string, cipherText string) (string, error) {
secretKeyByte := make([]byte, len(secretKey))
secretKeyByte = []byte(secretKey)
tagSize := 16
if len(secretKeyByte) < 32 {
return "", errors.New("Secretkey length mismatch")
}
key, err := scrypt.Key(secretKeyByte, []byte("salt"), 1024, 8, 1, 32)
if err != nil {
return "", err
}
cipherTextByte, err := hex.DecodeString(cipherText)
if err != nil {
return "", err
}
block, err := aes.NewCipher(key)
if err != nil {
return "", err
}
gcm, err := cipher.NewGCMWithTagSize(block, tagSize)
if err != nil {
return "", err
}
nonceSize := make([]byte, gcm.NonceSize())
if _, err = rand.Read(nonceSize); err != nil {
return "", err
} else if len(cipherTextByte) < len(nonceSize) {
return "", errors.New("Cipher text to short")
}
nonce, ciphertext := cipherTextByte[:len(nonceSize)], cipherTextByte[len(nonceSize):]
plaintext, err := gcm.Open(nil, []byte(nonce), []byte(ciphertext), nil)
if err != nil {
return "", err
}
return string(plaintext), nil
}
func (h *crypto) HMACSHA512Sign(secretKey, data string) (string, error) {
hashHMAC512 := hmac.New(sha512.New, []byte(secretKey))
if _, err := hashHMAC512.Write([]byte(data)); err != nil {
return "", err
}
return hex.EncodeToString(hashHMAC512.Sum(nil)), nil
}
func (h *crypto) HMACSHA512Verify(secretKey, data, hash string) bool {
hashHMAC512 := hmac.New(sha512.New, []byte(secretKey))
if _, err := hashHMAC512.Write([]byte(data)); err != nil {
return false
}
return hmac.Equal([]byte(hash), hashHMAC512.Sum(nil))
}
func (h *crypto) SHA256Sign(plainText string) (string, error) {
hashSHA256 := sha256.New()
if _, err := hashSHA256.Write([]byte(plainText)); err != nil {
return "", err
}
return hex.EncodeToString(hashSHA256.Sum(nil)), nil
}
func (h *crypto) SHA512Sign(plainText string) (string, error) {
hashSHA512 := sha512.New()
if _, err := hashSHA512.Write([]byte(plainText)); err != nil {
return "", err
}
return hex.EncodeToString(hashSHA512.Sum(nil)), nil
}