Skip to content

Latest commit

 

History

History
795 lines (554 loc) · 27.6 KB

password.md

File metadata and controls

795 lines (554 loc) · 27.6 KB

password

import "github.com/image357/password"

Package password provides a simple-password-manager library with an encryption backend to handle app passwords. For full documentation visit https://github.com/image357/password/blob/main/docs/password.md

Index

Constants

DefaultFileEnding is the default file extension for password files.

const DefaultFileEnding string = "pwd"

DefaultStorePath is the default relative storage path of a file storage backend.

const DefaultStorePath = "./password"

RecoveryIdSuffix stores the id/file suffix that identifies recovery key files.

const RecoveryIdSuffix string = ".recovery"

Variables

Managers stores a map of string identifiers for all created password managers. The identifier "default" always holds the default manager from GetDefaultManager. It can be set via SetDefaultManager. Do not manipulate directly.

var Managers = map[string]*Manager{
    "default": NewManager(),
}

func Check

func Check(id string, password string, key string) (bool, error)

Check an existing password for equality with the provided password. key is the encryption secret for storage.

func Clean

func Clean() error

Clean (delete) all stored passwords.

func Decrypt

func Decrypt(ciphertext string, secret string) (string, error)

Decrypt a given ciphertext in base64 representation with AES256. The secret is hashed with the custom Hash function. Galois Counter Mode is used. The nonce is retrieved as a prefix of the ciphertext.

func DecryptOTP

func DecryptOTP(cipherBytes []byte, secret []byte) string

DecryptOTP returns the decrypted message from a One-Time-Pad (OTP) encryption.

func Delete

func Delete(id string) error

Delete an existing password.

func DisableHashing

func DisableHashing()

DisableHashing will set the config variable Manager.HashPassword of the default password manager to false. This disables storage of hashed passwords.

func DisableRecovery

func DisableRecovery()

DisableRecovery will stop recovery key file storage alongside passwords.

func DumpJSON

func DumpJSON() (string, error)

DumpJSON serializes the storage backend to a JSON string.

func EnableHashing

func EnableHashing()

EnableHashing will set the config variable Manager.HashPassword of the default password manager to true. This enables storage of hashed passwords.

func EnableRecovery

func EnableRecovery(key string)

EnableRecovery will enforce recovery key file storage alongside passwords.

func Encrypt

func Encrypt(text string, secret string) (string, error)

Encrypt a given text with AES256 and return a base64 representation. The secret is hashed with the custom Hash function. Galois Counter Mode is used. The nonce is stored as a prefix of the ciphertext.

func EncryptOTP

func EncryptOTP(text string) ([]byte, []byte)

EncryptOTP returns a One-Time-Pad (OTP) encrypted message and its OTP secret.

func Exists

func Exists(id string) (bool, error)

Exists tests if a given id already exists in the storage backend.

func FilePath

func FilePath(id string) (string, error)

FilePath returns the storage filepath of a given password-id with system-specific path separators. It accepts system-unspecific or mixed id separators, i.e. forward- and backward-slashes are treated as the same character.

func Get

func Get(id string, key string) (string, error)

Get an existing password with id. key is the encryption secret for storage.

func GetStorePath

func GetStorePath() (string, error)

GetStorePath returns the current storage path with system-specific path separators.

func List

func List() ([]string, error)

List all stored password-ids.

func LoadJSON

func LoadJSON(input string) error

LoadJSON deserializes a JSON string into the storage backend.

func NormalizeId

func NormalizeId(id string) string

NormalizeId transforms path to lower case letters and normalizes the path separator

func Overwrite

func Overwrite(id string, password string, key string) error

Overwrite an existing password or create a new one. key is the encryption secret for storage.

func ReadFromDisk

func ReadFromDisk(path string) error

ReadFromDisk loads a FileStorage backend from disk into the current storage. Warning: This method does not block operations on the underlying storage backends (read/write/create/delete). You should stop operations manually before usage or ignore the reported error. Data consistency is guaranteed.

func RegisterDefaultManager

func RegisterDefaultManager(identifier string)

RegisterDefaultManager will register the current default password manger under the identifier and set a new default manager.

func RewriteKey

func RewriteKey(id string, oldKey string, newKey string) error

RewriteKey changes the storage key of a password from oldKey to newKey. Encryption hashes will be renewed. Stored metadata will be unchanged. If enabled, recovery entries will be recreated.

func Set

func Set(id string, oldPassword string, newPassword string, key string) error

Set an existing password-id or create a new one. oldPassword must match the currently stored password. key is the encryption secret for storage.

func SetDefaultManager

func SetDefaultManager(manager *Manager)

SetDefaultManager will overwrite the current default password manager with the provided one.

func SetStorePath

func SetStorePath(path string) error

SetStorePath accepts a new storage path with system-unspecific or mixed path separators.

func SetTemporaryStorage

func SetTemporaryStorage()

SetTemporaryStorage overwrites the current storage backend with a memory based one.

func Unset

func Unset(id string, password string, key string) error

Unset (delete) an existing password. password must match the currently stored password. key is the encryption secret for storage.

func WriteToDisk

func WriteToDisk(path string) error

WriteToDisk saves the current storage to files via FileStorage mechanisms. Warning: This method does not block operations on the underlying storage backends (read/write/create/delete). You should stop operations manually before usage or ignore the reported error. Data consistency is guaranteed.

type FileStorage

FileStorage is a file based storage backend.

type FileStorage struct {
    // contains filtered or unexported fields
}

func NewFileStorage

func NewFileStorage() *FileStorage

NewFileStorage returns a default initialized storage backend for persistent files.

func (*FileStorage) Clean

func (f *FileStorage) Clean() error

Clean (delete) all stored passwords.

func (*FileStorage) Delete

func (f *FileStorage) Delete(id string) error

Delete an existing password.

func (*FileStorage) DumpJSON

func (f *FileStorage) DumpJSON() (string, error)

DumpJSON serializes the storage backend to a JSON string. Warning: This method does not block operations on the underlying storage backend (read/write/create/delete). You should stop operations manually before usage or ignore the reported error. Data consistency is guaranteed.

func (*FileStorage) Exists

func (f *FileStorage) Exists(id string) (bool, error)

Exists tests if a given id already exists in the storage backend.

func (*FileStorage) FilePath

func (f *FileStorage) FilePath(id string) string

FilePath returns the storage filepath of a given password-id with system-specific path separators. It accepts system-unspecific or mixed id separators, i.e. forward- and backward-slashes are treated as the same character.

func (*FileStorage) GetStorePath

func (f *FileStorage) GetStorePath() string

GetStorePath returns the current storage path with system-specific path separators.

func (*FileStorage) List

func (f *FileStorage) List() ([]string, error)

List all stored password-ids.

func (*FileStorage) LoadJSON

func (f *FileStorage) LoadJSON(input string) error

LoadJSON deserializes a JSON string into the storage backend. Warning: This method does not block operations on the underlying storage backend (read/write/create/delete). You should stop operations manually before usage or ignore the reported error. Data consistency is guaranteed.

func (*FileStorage) Retrieve

func (f *FileStorage) Retrieve(id string) (string, error)

Retrieve data from an existing file. id is converted to the corresponding filepath.

func (*FileStorage) SetStorePath

func (f *FileStorage) SetStorePath(path string)

SetStorePath accepts a new storage path with system-unspecific or mixed path separators.

func (*FileStorage) Store

func (f *FileStorage) Store(id string, data string) error

Store (create/overwrite) the provided data in a file. id is converted to the corresponding filepath. If necessary, subfolders are created.

type HashFunc

HashFunc is a function signature. The Hash function will be called for password and secret hashing.

type HashFunc func(data []byte, salt []byte) [32]byte

Hash will calculate a 32 byte hash from a given byte slice. It is used for password and secret hashing. You can overwrite it with any function that meets the HashFunc signature. By default, it is set to a variant of argon2.Key.

var Hash HashFunc = argon2iHash

type Manager

type Manager struct {
    // HashPassword signals if passwords will be stored as hashes.
    HashPassword bool
    // contains filtered or unexported fields
}

func GetDefaultManager

func GetDefaultManager() *Manager

GetDefaultManager returns the current default password manager.

func NewManager

func NewManager() *Manager

NewManager creates a new passwordManager instance and applies basic initialization.

func (*Manager) Check

func (m *Manager) Check(id string, password string, key string) (bool, error)

Check an existing password for equality with the provided password. key is the encryption secret for storage.

func (*Manager) Clean

func (m *Manager) Clean() error

Clean (delete) all stored passwords.

func (*Manager) Delete

func (m *Manager) Delete(id string) error

Delete an existing password.

func (*Manager) DisableRecovery

func (m *Manager) DisableRecovery()

DisableRecovery will stop recovery key file storage alongside passwords.

func (*Manager) EnableRecovery

func (m *Manager) EnableRecovery(key string)

EnableRecovery will enforce recovery key file storage alongside passwords.

func (*Manager) Exists

func (m *Manager) Exists(id string) (bool, error)

Exists tests if a given id already exists in the storage backend.

func (*Manager) Get

func (m *Manager) Get(id string, key string) (string, error)

Get an existing password with id. key is the encryption secret for storage.

func (*Manager) List

func (m *Manager) List() ([]string, error)

List all stored password-ids.

func (*Manager) Overwrite

func (m *Manager) Overwrite(id string, password string, key string) error

Overwrite an existing password or create a new one. key is the encryption secret for storage.

func (*Manager) RewriteKey

func (m *Manager) RewriteKey(id string, oldKey string, newKey string) error

RewriteKey changes the storage key of a password from oldKey to newKey. Encryption hashes will be renewed. Stored metadata will be unchanged. If enabled, recovery entries will be recreated.

func (*Manager) Set

func (m *Manager) Set(id string, oldPassword string, newPassword string, key string) error

Set an existing password-id or create a new one. oldPassword must match the currently stored password. key is the encryption secret for storage.

func (*Manager) Unset

func (m *Manager) Unset(id string, password string, key string) error

Unset (delete) an existing password. password must match the currently stored password. key is the encryption secret for storage.

type Storage

type Storage interface {
    // Store (create/overwrite) the provided data.
    Store(id string, data string) error

    // Retrieve data from an existing storage entry.
    Retrieve(id string) (string, error)

    // Exists tests if a given id already exists in the storage backend.
    Exists(id string) (bool, error)

    // List all stored password-ids.
    List() ([]string, error)

    // Delete an existing password.
    Delete(id string) error

    // Clean (delete) all stored passwords.
    Clean() error

    // DumpJSON serializes the storage backend to a JSON string.
    DumpJSON() (string, error)

    // LoadJSON deserializes a JSON string into the storage backend.
    LoadJSON(input string) error
}

type TemporaryStorage

TemporaryStorage is a memory based storage backend.

type TemporaryStorage struct {
    // contains filtered or unexported fields
}

func NewTemporaryStorage

func NewTemporaryStorage() *TemporaryStorage

NewTemporaryStorage returns a memory based storage backend.

func (*TemporaryStorage) Clean

func (t *TemporaryStorage) Clean() error

Clean (delete) all stored passwords.

func (*TemporaryStorage) Delete

func (t *TemporaryStorage) Delete(id string) error

Delete an existing password.

func (*TemporaryStorage) DumpJSON

func (t *TemporaryStorage) DumpJSON() (string, error)

DumpJSON serializes the storage backend to a JSON string.

func (*TemporaryStorage) Exists

func (t *TemporaryStorage) Exists(id string) (bool, error)

Exists tests if a given id already exists in the storage backend.

func (*TemporaryStorage) List

func (t *TemporaryStorage) List() ([]string, error)

List all stored password-ids.

func (*TemporaryStorage) LoadJSON

func (t *TemporaryStorage) LoadJSON(input string) error

LoadJSON deserializes a JSON string into the storage backend.

func (*TemporaryStorage) ReadFromDisk

func (t *TemporaryStorage) ReadFromDisk(path string) error

ReadFromDisk loads a FileStorage backend from disk into a temporary storage. Warning: This method does not block operations on the underlying storage backends (read/write/create/delete). You should stop operations manually before usage or ignore the reported error. Data consistency is guaranteed.

func (*TemporaryStorage) Retrieve

func (t *TemporaryStorage) Retrieve(id string) (string, error)

Retrieve data from an existing memory location.

func (*TemporaryStorage) Store

func (t *TemporaryStorage) Store(id string, data string) error

Store (create/overwrite) the provided data.

func (*TemporaryStorage) WriteToDisk

func (t *TemporaryStorage) WriteToDisk(path string) error

WriteToDisk saves the temporary storage to files via FileStorage mechanisms. Warning: This method does not block operations on the underlying storage backends (read/write/create/delete). You should stop operations manually before usage or ignore the reported error. Data consistency is guaranteed.

Generated by gomarkdoc