hmacsigner

import "github.com/daaku/hmacsigner"

Documentation: https://godoc.org/github.com/daaku/hmacsigner

Package hmacsigner provides signed blobs.

It:

1. Includes a version.
2. Includes 8 byte nanosecond unix timestamp.
3. Includes 8 byte salt.
4. Requires a Secret of at least 32 bytes.
5. Does not encrypt the payload.
6. Enforces HMAC-SHA256 signatures.
7. Outputs URL safe Base64 encoding.

Usage

var (
	// ErrTooShort indicates the data to parse is too short to be valid.
	ErrTooShort = errors.New("hmacsigner: too short")

	// ErrInvalidVersion indicates the version was invalid.
	ErrInvalidVersion = errors.New("hmacsigner: invalid version")

	// ErrInvalidEncoding indicates the encoding is invalid.
	ErrInvalidEncoding = errors.New("hmacsigner: invalid encoding")

	// ErrTimestampExpired indicates the timestamp has expired.
	ErrTimestampExpired = errors.New("hmacsigner: timestamp expired")

	// ErrSignatureMismatch indicates the signature is not as expected.
	ErrSignatureMismatch = errors.New("hmacsigner: signature mismatch")
)

type Signer

type Signer struct {
	Secret []byte        // Secret must be at least 32 bytes.
	TTL    time.Duration // TTL must be non zero.
}

Signer handles generating and parsing signed data.

func (*Signer) Gen

func (s *Signer) Gen(payload []byte) []byte

Gen returns the signed payload.

func (*Signer) Parse

func (s *Signer) Parse(b []byte) ([]byte, error)

Parse returns the original payload. It verifies the signature and ensures the TTL is respected.