-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathhasher.go
More file actions
34 lines (27 loc) · 840 Bytes
/
hasher.go
File metadata and controls
34 lines (27 loc) · 840 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
package keysmith
import (
"crypto/sha256"
"crypto/subtle"
"encoding/hex"
)
// Hasher hashes raw API keys for secure storage.
type Hasher interface {
// Hash produces a deterministic hash of the raw key.
Hash(rawKey string) (string, error)
// Verify checks whether a raw key matches a stored hash.
Verify(rawKey, hash string) (bool, error)
}
// DefaultHasher returns a SHA-256 hasher.
func DefaultHasher() Hasher { return &sha256Hasher{} }
type sha256Hasher struct{}
func (h *sha256Hasher) Hash(rawKey string) (string, error) {
sum := sha256.Sum256([]byte(rawKey))
return hex.EncodeToString(sum[:]), nil
}
func (h *sha256Hasher) Verify(rawKey, hash string) (bool, error) {
computed, err := h.Hash(rawKey)
if err != nil {
return false, err
}
return subtle.ConstantTimeCompare([]byte(computed), []byte(hash)) == 1, nil
}