 |
qb
2.0.0.0
C++17 Actor Framework
|
|
qb
2.0.0.0
C++17 Actor Framework
|
Provides cryptographic operations and utilities. More...
#include <crypto.h>
Classes | |
| struct | Argon2Params |
| Parameters for the Argon2 algorithm. More... | |
| class | base64 |
| Base64 encoding and decoding utilities. More... | |
Public Types | |
| enum class | SymmetricAlgorithm { AES_128_CBC , AES_192_CBC , AES_256_CBC , AES_128_GCM , AES_192_GCM , AES_256_GCM , CHACHA20_POLY1305 } |
| Supported symmetric cipher algorithms. | |
| enum class | DigestAlgorithm { MD5 , SHA1 , SHA224 , SHA256 , SHA384 , SHA512 , BLAKE2B512 , BLAKE2S256 } |
| Supported digest algorithms. | |
| enum class | Argon2Variant { Argon2d , Argon2i , Argon2id } |
| Variants of the Argon2 algorithm. | |
| enum class | KdfAlgorithm { PBKDF2 , HKDF , Argon2 } |
| Key derivation algorithms. | |
| enum class | ECIESMode { STANDARD , AES_GCM , CHACHA20 } |
| Operation modes for elliptic curve encryption. | |
| enum class | EnvelopeFormat { RAW , JSON , BASE64 } |
| Format for envelope encryption outputs. | |
Public Member Functions | |
| template<typename T, std::size_t N> | |
| std::string | generate_random_string (std::size_t len, const T range[N]) |
| Generate a random string using characters from the specified array. | |
Static Public Member Functions | |
| template<typename T = std::mt19937> | |
| static auto | random_generator () |
| Create a cryptographically secure random number generator. | |
| template<typename T> | |
| static std::string | generate_random_string (std::size_t len, T const &range) |
| Generate a random string using characters from the specified range. | |
| static std::string | to_hex_string (const std::string &input, std::string_view const &range=range_hex_upper) noexcept |
| Convert a binary string to a hexadecimal string. | |
| static int | hex_value (unsigned char hex_digit) noexcept |
| Get the numeric value of a hexadecimal digit. | |
| static std::string | hex_to_string (const std::string &input) noexcept |
| Convert a hexadecimal string to a formatted string. | |
| static std::string | evp (std::istream &stream, const EVP_MD *md) noexcept |
| Calculate a hash from an input stream using a specified digest algorithm. | |
| static std::string | md5 (const std::string &input, std::size_t iterations=1) noexcept |
| Calculate an MD5 hash of a string. | |
| static std::string | md5 (std::istream &stream, std::size_t iterations=1) noexcept |
| Calculate an MD5 hash of data from an input stream. | |
| static std::string | sha1 (const std::string &input, std::size_t iterations=1) noexcept |
| Calculate a SHA-1 hash of a string. | |
| static std::string | sha1 (std::istream &stream, std::size_t iterations=1) noexcept |
| Calculate a SHA-1 hash of data from an input stream. | |
| static std::string | sha256 (const std::string &input, std::size_t iterations=1) noexcept |
| Calculate a SHA-256 hash of a string. | |
| static std::string | sha256 (std::istream &stream, std::size_t iterations=1) noexcept |
| Calculate a SHA-256 hash of data from an input stream. | |
| static std::string | sha512 (const std::string &input, std::size_t iterations=1) noexcept |
| Calculate a SHA-512 hash of a string. | |
| static std::string | sha512 (std::istream &stream, std::size_t iterations=1) noexcept |
| Calculate a SHA-512 hash of data from an input stream. | |
| static std::string | pbkdf2 (const std::string &password, const std::string &salt, int iterations, int key_size) noexcept |
| Derive a key using PBKDF2. | |
| static std::string | base64_encode (const unsigned char *data, size_t len) |
| Encode binary data to Base64. | |
| static std::vector< unsigned char > | base64_decode (const std::string &input) |
| Decode a Base64 string to binary data. | |
| static std::vector< unsigned char > | hmac_sha256 (const std::vector< unsigned char > &key, const std::string &data) |
| Calculate an HMAC-SHA256 hash. | |
| static std::vector< unsigned char > | sha256 (const std::vector< unsigned char > &data) |
| Calculate a SHA-256 hash of binary data. | |
| static std::vector< unsigned char > | xor_bytes (const std::vector< unsigned char > &a, const std::vector< unsigned char > &b) |
| XOR two byte arrays. | |
| static std::vector< unsigned char > | generate_random_bytes (size_t size) |
| Generate cryptographically secure random bytes. | |
| static std::vector< unsigned char > | generate_iv (SymmetricAlgorithm algorithm) |
| Generate a random initialization vector (IV) | |
| static std::vector< unsigned char > | generate_key (SymmetricAlgorithm algorithm) |
| Generate a random key. | |
| static std::vector< unsigned char > | encrypt (const std::vector< unsigned char > &plaintext, const std::vector< unsigned char > &key, const std::vector< unsigned char > &iv, SymmetricAlgorithm algorithm, const std::vector< unsigned char > &aad={}) |
| Encrypt data using a symmetric algorithm. | |
| static std::vector< unsigned char > | decrypt (const std::vector< unsigned char > &ciphertext, const std::vector< unsigned char > &key, const std::vector< unsigned char > &iv, SymmetricAlgorithm algorithm, const std::vector< unsigned char > &aad={}) |
| Decrypt data using a symmetric algorithm. | |
| static std::vector< unsigned char > | hash (const std::vector< unsigned char > &data, DigestAlgorithm algorithm) |
| Compute a generic hash using the specified algorithm. | |
| static std::vector< unsigned char > | hmac (const std::vector< unsigned char > &data, const std::vector< unsigned char > &key, DigestAlgorithm algorithm) |
| Compute an HMAC using the specified algorithm. | |
| static std::pair< std::string, std::string > | generate_rsa_keypair (int bits=2048) |
| Generate an RSA key pair. | |
| static std::pair< std::string, std::string > | generate_ec_keypair (const std::string &curve="prime256v1") |
| Generate an EC key pair. | |
| static std::vector< unsigned char > | rsa_sign (const std::vector< unsigned char > &data, const std::string &private_key, DigestAlgorithm digest=DigestAlgorithm::SHA256) |
| Sign data using an RSA private key. | |
| static bool | rsa_verify (const std::vector< unsigned char > &data, const std::vector< unsigned char > &signature, const std::string &public_key, DigestAlgorithm digest=DigestAlgorithm::SHA256) |
| Verify an RSA signature. | |
| static std::vector< unsigned char > | ec_sign (const std::vector< unsigned char > &data, const std::string &private_key, DigestAlgorithm digest=DigestAlgorithm::SHA256) |
| Sign data using an EC private key. | |
| static bool | ec_verify (const std::vector< unsigned char > &data, const std::vector< unsigned char > &signature, const std::string &public_key, DigestAlgorithm digest=DigestAlgorithm::SHA256) |
| Verify an EC signature. | |
| static std::vector< unsigned char > | ecdh_derive_secret (const std::string &private_key, const std::string &peer_public_key) |
| Derive a shared secret using ECDH. | |
| static bool | secure_random_fill (std::vector< unsigned char > &buffer) |
| Fill a vector with secure random bytes. | |
| static const EVP_MD * | get_evp_md (DigestAlgorithm algorithm) |
| Convert a digest algorithm enum to its corresponding EVP_MD. | |
| static std::vector< unsigned char > | argon2_kdf (const std::string &password, size_t key_length, const Argon2Params ¶ms, Argon2Variant variant=Argon2Variant::Argon2id) |
| Key derivation based on Argon2. | |
| static std::vector< unsigned char > | hkdf (const std::vector< unsigned char > &input_key_material, const std::vector< unsigned char > &salt, const std::vector< unsigned char > &info, size_t output_length, DigestAlgorithm digest=DigestAlgorithm::SHA256) |
| Key derivation with HKDF (HMAC-based Key Derivation Function) | |
| static std::vector< unsigned char > | derive_key (const std::string &password, const std::vector< unsigned char > &salt, size_t key_length, KdfAlgorithm algorithm=KdfAlgorithm::Argon2, int iterations=10000, const Argon2Params &argon2_params=Argon2Params()) |
| High-level function to derive a key from a password. | |
| static std::vector< unsigned char > | ecies_encrypt (const std::vector< unsigned char > &plaintext, const std::string &recipient_public_key, ECIESMode mode=ECIESMode::AES_GCM, DigestAlgorithm digest=DigestAlgorithm::SHA256) |
| Integrated Elliptic Curve Encryption (ECIES) | |
| static std::vector< unsigned char > | ecies_decrypt (const std::vector< unsigned char > &ciphertext, const std::string &private_key, ECIESMode mode=ECIESMode::AES_GCM, DigestAlgorithm digest=DigestAlgorithm::SHA256) |
| ECIES decryption. | |
| static std::string | envelope_encrypt (const std::vector< unsigned char > &plaintext, const std::string &recipient_public_key, SymmetricAlgorithm algorithm=SymmetricAlgorithm::AES_256_GCM, EnvelopeFormat format=EnvelopeFormat::BASE64) |
| Envelope encryption. | |
| static std::vector< unsigned char > | envelope_decrypt (const std::string &ciphertext, const std::string &private_key, EnvelopeFormat format=EnvelopeFormat::BASE64) |
| Envelope decryption. | |
| static bool | constant_time_compare (const std::vector< unsigned char > &a, const std::vector< unsigned char > &b) |
| Secure string comparison (resistant to timing attacks) | |
| static std::string | generate_token (const std::string &payload, const std::vector< unsigned char > &key, uint64_t ttl=0) |
| Generate a secure token with optional TTL. | |
| static std::string | verify_token (const std::string &token, const std::vector< unsigned char > &key) |
| Verify and decrypt a token. | |
| static std::string | base64url_encode (const std::vector< unsigned char > &data) |
| Base64URL encode. | |
| static std::vector< unsigned char > | base64url_decode (const std::string &input) |
| Base64URL decode. | |
| static std::vector< unsigned char > | generate_salt (size_t length) |
| Generate a secure random salt. | |
| static std::string | hash_password (const std::string &password, Argon2Variant variant=Argon2Variant::Argon2id) |
| Hash a password securely using Argon2. | |
| static bool | verify_password (const std::string &password, const std::string &hash) |
| Verify a password against a stored hash. | |
| static std::pair< std::string, std::string > | generate_ed25519_keypair () |
| Generate Ed25519 signing key pair. | |
| static std::pair< std::vector< unsigned char >, std::vector< unsigned char > > | generate_ed25519_keypair_bytes () |
| Generate Ed25519 keypair returning raw byte vectors. | |
| static std::vector< unsigned char > | ed25519_sign (const std::vector< unsigned char > &data, const std::string &private_key) |
| Sign data using Ed25519 private key. | |
| static std::vector< unsigned char > | ed25519_sign (const std::vector< unsigned char > &data, const std::vector< unsigned char > &private_key) |
| Sign data using Ed25519 with raw private key bytes. | |
| static bool | ed25519_verify (const std::vector< unsigned char > &data, const std::vector< unsigned char > &signature, const std::string &public_key) |
| Verify Ed25519 signature. | |
| static bool | ed25519_verify (const std::vector< unsigned char > &data, const std::vector< unsigned char > &signature, const std::vector< unsigned char > &public_key) |
| Verify Ed25519 signature with raw public key bytes. | |
| static std::pair< std::string, std::string > | generate_x25519_keypair () |
| Generate X25519 key pair for key exchange. | |
| static std::pair< std::vector< unsigned char >, std::vector< unsigned char > > | generate_x25519_keypair_bytes () |
| Generate X25519 keypair returning raw byte vectors. | |
| static std::vector< unsigned char > | x25519_key_exchange (const std::vector< unsigned char > &private_key, const std::vector< unsigned char > &peer_public_key) |
| X25519 key exchange. | |
| static std::vector< unsigned char > | x25519_key_exchange (const std::string &private_key_pem, const std::string &peer_public_key_pem) |
| X25519 key exchange with PEM keys. | |
| static std::vector< unsigned char > | generate_unique_iv (size_t size=12) |
| Random initialization vector for one-time use. | |
| static std::string | encrypt_with_metadata (const std::vector< unsigned char > &plaintext, const std::vector< unsigned char > &key, const std::string &metadata, SymmetricAlgorithm algorithm=SymmetricAlgorithm::AES_256_GCM) |
| Authenticated encryption of data with additional authentication. | |
| static std::optional< std::pair< std::vector< unsigned char >, std::string > > | decrypt_with_metadata (const std::string &ciphertext, const std::vector< unsigned char > &key, SymmetricAlgorithm algorithm=SymmetricAlgorithm::AES_256_GCM) |
| Decryption and verification of data and metadata integrity. | |
| static std::pair< std::vector< unsigned char >, std::vector< unsigned char > > | ecies_encrypt (const std::vector< unsigned char > &data, const std::vector< unsigned char > &recipient_public_key, const std::vector< unsigned char > &optional_shared_info={}, ECIESMode mode=ECIESMode::AES_GCM) |
| static std::vector< unsigned char > | ecies_decrypt (const std::vector< unsigned char > &encrypted_data, const std::vector< unsigned char > &ephemeral_public_key, const std::vector< unsigned char > &recipient_private_key, const std::vector< unsigned char > &optional_shared_info={}, ECIESMode mode=ECIESMode::AES_GCM) |
Static Public Attributes | |
| static constexpr const std::string_view | range_numeric = "0123456789" |
| Character range for numeric values (0-9) | |
| static constexpr const std::string_view | range_alpha |
| Character range for alphabetic values (A-Z, a-z) | |
| static constexpr const std::string_view | range_alpha_lower |
| Character range for lowercase alphabetic values (a-z) | |
| static constexpr const std::string_view | range_alpha_upper |
| Character range for uppercase alphabetic values (A-Z) | |
| static constexpr const std::string_view | range_alpha_numeric |
| Character range for alphanumeric values (0-9, A-Z, a-z) | |
| static constexpr const std::string_view | range_alpha_numeric_special |
| Character range for alphanumeric values and special characters. | |
| static constexpr const std::string_view | range_hex_upper = "0123456789ABCDEF" |
| Character range for uppercase hexadecimal values (0-9, A-F) | |
| static constexpr const std::string_view | range_hex_lower = "0123456789abcdef" |
| Character range for lowercase hexadecimal values (0-9, a-f) | |
| static constexpr const std::string_view | range_byte |
| Character range for binary bytes (0-255) | |
Provides cryptographic operations and utilities.
This class serves as a container for cryptographic operations including hashing, encoding, encryption, and random string generation. It provides a collection of static methods that can be called directly.
|
inlinestatic |
Create a cryptographically secure random number generator.
Creates a random number generator of type T (defaulting to mt19937) seeded with a secure random seed sequence.
| T | The type of random number generator to create (default: std::mt19937) |
|
inlinestatic |
Generate a random string using characters from the specified range.
Creates a random string of the specified length using only characters from the provided range.
| T | The type of the character range |
| len | The length of the random string to generate |
| range | The range of characters to use in the string |
|
inline |
Generate a random string using characters from the specified array.
Creates a random string of the specified length using only characters from the provided array.
| T | The type of the character array elements |
| N | The size of the character array |
| len | The length of the random string to generate |
| range | The array of characters to use in the string |
|
staticnoexcept |
Convert a binary string to a hexadecimal string.
Converts each byte in the input string to a two-character hexadecimal representation, using characters from the specified range.
| input | The binary string to convert |
| range | The range of characters to use for hexadecimal digits (default: uppercase) |
|
staticnoexcept |
Get the numeric value of a hexadecimal digit.
Converts a hexadecimal digit character to its numeric value (0-15).
| hex_digit | The hexadecimal digit character |
|
staticnoexcept |
Convert a hexadecimal string to a formatted string.
Converts a string of hexadecimal bytes to a formatted string representation.
| input | The hexadecimal string to convert |
|
staticnoexcept |
Calculate a hash from an input stream using a specified digest algorithm.
Computes a cryptographic hash of the data in the input stream using the specified OpenSSL message digest.
| stream | The input stream containing the data to hash |
| md | The OpenSSL message digest to use |
|
staticnoexcept |
Calculate an MD5 hash of a string.
Computes the MD5 hash of the input string, optionally applying the hash function multiple times for extra security.
| input | The string to hash |
| iterations | Number of times to apply the hash function (default: 1) |
|
staticnoexcept |
Calculate an MD5 hash of data from an input stream.
Computes the MD5 hash of the data in the input stream, optionally applying the hash function multiple times for extra security.
| stream | The input stream containing the data to hash |
| iterations | Number of times to apply the hash function (default: 1) |
|
staticnoexcept |
Calculate a SHA-1 hash of a string.
Computes the SHA-1 hash of the input string, optionally applying the hash function multiple times for extra security.
| input | The string to hash |
| iterations | Number of times to apply the hash function (default: 1) |
|
staticnoexcept |
Calculate a SHA-1 hash of data from an input stream.
Computes the SHA-1 hash of the data in the input stream, optionally applying the hash function multiple times for extra security.
| stream | The input stream containing the data to hash |
| iterations | Number of times to apply the hash function (default: 1) |
|
staticnoexcept |
Calculate a SHA-256 hash of a string.
Computes the SHA-256 hash of the input string, optionally applying the hash function multiple times for extra security.
| input | The string to hash |
| iterations | Number of times to apply the hash function (default: 1) |
|
staticnoexcept |
Calculate a SHA-256 hash of data from an input stream.
Computes the SHA-256 hash of the data in the input stream, optionally applying the hash function multiple times for extra security.
| stream | The input stream containing the data to hash |
| iterations | Number of times to apply the hash function (default: 1) |
|
staticnoexcept |
Calculate a SHA-512 hash of a string.
Computes the SHA-512 hash of the input string, optionally applying the hash function multiple times for extra security.
| input | The string to hash |
| iterations | Number of times to apply the hash function (default: 1) |
|
staticnoexcept |
Calculate a SHA-512 hash of data from an input stream.
Computes the SHA-512 hash of the data in the input stream, optionally applying the hash function multiple times for extra security.
| stream | The input stream containing the data to hash |
| iterations | Number of times to apply the hash function (default: 1) |
|
staticnoexcept |
Derive a key using PBKDF2.
Uses the PBKDF2 (Password-Based Key Derivation Function 2) algorithm to derive a key from a password and salt.
| password | The password to derive the key from |
| salt | The salt to use in the derivation process |
| iterations | Number of iterations to use in the derivation |
| key_size | Size of the derived key in bytes |
|
static |
Encode binary data to Base64.
Converts binary data to a Base64-encoded string. This method does not include newline characters in the output.
| data | Pointer to the binary data to encode |
| len | Length of the binary data in bytes |
|
static |
Decode a Base64 string to binary data.
Converts a Base64-encoded string back to its original binary form.
| input | The Base64-encoded string to decode |
|
static |
Calculate an HMAC-SHA256 hash.
Computes an HMAC-SHA256 hash of the input data using the provided key.
| key | The key to use for the HMAC computation |
| data | The data to hash |
|
static |
Calculate a SHA-256 hash of binary data.
Computes the SHA-256 hash of the input binary data.
| data | The binary data to hash |
|
static |
XOR two byte arrays.
Performs a bitwise XOR operation between corresponding bytes of two arrays.
| a | The first byte array |
| b | The second byte array |
| std::runtime_error | if the arrays have different sizes |
|
static |
Generate cryptographically secure random bytes.
Uses OpenSSL's RAND_bytes to generate secure random bytes.
| size | Number of random bytes to generate |
|
static |
Generate a random initialization vector (IV)
Creates an IV of appropriate size for the specified algorithm.
| algorithm | The symmetric algorithm for which to generate the IV |
|
static |
Generate a random key.
Creates a key of appropriate size for the specified algorithm.
| algorithm | The symmetric algorithm for which to generate the key |
|
static |
Encrypt data using a symmetric algorithm.
Encrypts the provided data using the specified algorithm, key, and IV. For GCM mode, also computes and appends an authentication tag.
| plaintext | The data to encrypt |
| key | The encryption key |
| iv | The initialization vector |
| algorithm | The encryption algorithm to use |
| aad | Additional authenticated data (for AEAD modes like GCM) |
|
static |
Decrypt data using a symmetric algorithm.
Decrypts the provided data using the specified algorithm, key, and IV. For GCM mode, also verifies the authentication tag.
| ciphertext | The data to decrypt |
| key | The decryption key |
| iv | The initialization vector |
| algorithm | The encryption algorithm that was used |
| aad | Additional authenticated data (for AEAD modes like GCM) |
|
static |
Compute a generic hash using the specified algorithm.
| data | The data to hash |
| algorithm | The hash algorithm to use |
|
static |
Compute an HMAC using the specified algorithm.
| data | The data to authenticate |
| key | The authentication key |
| algorithm | The hash algorithm to use |
|
static |
Generate an RSA key pair.
| bits | The key size in bits (e.g., 2048, 3072, 4096) |
|
static |
Generate an EC key pair.
| curve | The curve name (e.g., "prime256v1", "secp384r1", "secp521r1") |
|
static |
Sign data using an RSA private key.
| data | The data to sign |
| private_key | PEM-encoded private key |
| digest | The digest algorithm to use |
|
static |
Verify an RSA signature.
| data | The data that was signed |
| signature | The signature to verify |
| public_key | PEM-encoded public key |
| digest | The digest algorithm that was used |
|
static |
Sign data using an EC private key.
| data | The data to sign |
| private_key | PEM-encoded private key |
| digest | The digest algorithm to use |
|
static |
Verify an EC signature.
| data | The data that was signed |
| signature | The signature to verify |
| public_key | PEM-encoded public key |
| digest | The digest algorithm that was used |
|
static |
Derive a shared secret using ECDH.
| private_key | PEM-encoded EC private key |
| peer_public_key | PEM-encoded EC public key |
|
static |
Fill a vector with secure random bytes.
| buffer | The vector to fill |
|
static |
Convert a digest algorithm enum to its corresponding EVP_MD.
| algorithm | The digest algorithm |
|
static |
Key derivation based on Argon2.
Implements the Argon2 algorithm (2id by default) to derive a secure key from a password. Argon2 is designed to be resistant to dedicated hardware attacks by using a large amount of memory and parallel operations.
| password | Input password |
| key_length | Length of the key to generate (in bytes) |
| params | Parameters for the Argon2 algorithm |
| variant | Argon2 variant to use |
|
static |
Key derivation with HKDF (HMAC-based Key Derivation Function)
Implements HKDF according to RFC 5869 to derive one or more keys from input key material. HKDF is particularly useful for extracting entropy from a non-uniform source and extending it to the desired size.
| input_key_material | Input key material |
| salt | Optional salt for the extraction step |
| info | Contextual information for the expansion step |
| output_length | Length of the key to generate |
| digest | Hash algorithm to use |
|
static |
High-level function to derive a key from a password.
Provides a unified interface for different key derivation algorithms. Recommendations:
| password | Password or input key |
| salt | Salt for derivation |
| key_length | Length of the key to generate |
| algorithm | Derivation algorithm to use |
| iterations | Number of iterations (for PBKDF2) |
| argon2_params | Parameters for Argon2 (ignored if another algorithm is used) |
|
static |
Integrated Elliptic Curve Encryption (ECIES)
Implements ECIES (Elliptic Curve Integrated Encryption Scheme), which combines public key cryptography using elliptic curves and symmetric encryption to provide a secure hybrid system.
| plaintext | Data to encrypt |
| recipient_public_key | Recipient's public key (PEM) |
| mode | ECIES operation mode |
| digest | Hash algorithm to use |
|
static |
ECIES decryption.
Decrypts data encrypted with ECIES.
| ciphertext | Encrypted data |
| private_key | Recipient's private key (PEM) |
| mode | ECIES operation mode used for encryption |
| digest | Hash algorithm used for encryption |
|
static |
Envelope encryption.
Implements envelope encryption: a symmetric key is generated, used to encrypt the data, and then itself encrypted with a public key. This method is more efficient than ECIES for large volumes of data.
| plaintext | Data to encrypt |
| recipient_public_key | Recipient's public key (PEM) |
| algorithm | Symmetric algorithm to use |
| format | Output format for encrypted data |
|
static |
Envelope decryption.
Decrypts data encrypted with envelope encryption.
| ciphertext | Encrypted data |
| private_key | Recipient's private key (PEM) |
| format | Format of the encrypted data |
|
static |
Secure string comparison (resistant to timing attacks)
Compares two byte strings in constant time to avoid information leaks through execution time analysis attacks.
| a | First string |
| b | Second string |
|
static |
Generate a secure token with optional TTL.
Creates a token containing the specified payload, encrypted and authenticated. The token can optionally include an expiration time.
| payload | The payload to include in the token |
| key | The key to use for encryption |
| ttl | Time to live in seconds (0 = no expiration) |
|
static |
Verify and decrypt a token.
Verifies the token's authenticity and expiration time, and returns the payload. Returns an empty string if the token is invalid or expired.
| token | The token to verify |
| key | The key used for encryption |
|
static |
Base64URL encode.
Encodes data using Base64URL (a variant of Base64 that is safe for use in URLs and filenames).
| data | The data to encode |
|
static |
Base64URL decode.
Decodes data from Base64URL format.
| input | The Base64URL encoded string |
|
static |
Generate a secure random salt.
| length | Length of the salt in bytes |
|
static |
Hash a password securely using Argon2.
| password | The password to hash |
| variant | Argon2 variant to use |
|
static |
Verify a password against a stored hash.
| password | The password to verify |
| hash | The stored hash |
|
static |
Generate Ed25519 signing key pair.
Generates an Ed25519 signing key pair, designed for speed and security.
|
static |
Generate Ed25519 keypair returning raw byte vectors.
|
static |
Sign data using Ed25519 private key.
Signs data with the Ed25519 algorithm using a PEM-encoded private key.
| data | Data to sign. |
| private_key | Ed25519 private key in PEM format. |
|
static |
Sign data using Ed25519 with raw private key bytes.
Signe des données avec l'algorithme Ed25519.
| data | Données à signer |
| private_key | Clé privée Ed25519 au format PEM |
|
static |
Verify Ed25519 signature.
Verifies an Ed25519 signature using a PEM-encoded public key.
| data | Data that was signed. |
| signature | Signature to verify. |
| public_key | Ed25519 public key in PEM format. |
|
static |
Verify Ed25519 signature with raw public key bytes.
Vérifie une signature Ed25519.
| data | Données qui ont été signées |
| signature | Signature à vérifier |
| public_key | Clé publique Ed25519 au format PEM |
|
static |
Generate X25519 key pair for key exchange.
Generates an X25519 key pair for Elliptic Curve Diffie-Hellman (ECDH) key exchange.
|
static |
Generate X25519 keypair returning raw byte vectors.
Génère une paire de clés X25519 pour l'échange de clés Diffie-Hellman sur courbe elliptique.
|
static |
X25519 key exchange.
Derives a shared secret using the X25519 algorithm.
| private_key | X25519 private key in vector format |
| peer_public_key | Peer's public key in vector format |
|
static |
X25519 key exchange with PEM keys.
Derives a shared secret using the X25519 algorithm.
| private_key_pem | X25519 private key in PEM format |
| peer_public_key_pem | Peer's public key in PEM format |
|
static |
Random initialization vector for one-time use.
Generates a random initialization vector guaranteed to be unique, by including a counter and timestamp to avoid duplicates.
| size | Size of the initialization vector in bytes |
|
static |
Authenticated encryption of data with additional authentication.
Encrypts data with authentication, adding metadata protected by integrity (e.g., user ID, timestamp). The metadata is included in the AAD for authenticated encryption.
| plaintext | Data to encrypt |
| key | Encryption key |
| metadata | Metadata to protect (not encrypted but authenticated) |
| algorithm | Algorithm to use |
|
static |
Decryption and verification of data and metadata integrity.
Decrypts data protected by encrypt_with_metadata and verifies the integrity of the metadata.
| ciphertext | Structured encrypted data |
| key | Decryption key |
| algorithm | Algorithm used for encryption |
|
staticconstexpr |
Character range for alphabetic values (A-Z, a-z)
|
staticconstexpr |
Character range for lowercase alphabetic values (a-z)
|
staticconstexpr |
Character range for uppercase alphabetic values (A-Z)
|
staticconstexpr |
Character range for alphanumeric values (0-9, A-Z, a-z)
|
staticconstexpr |
Character range for alphanumeric values and special characters.
|
staticconstexpr |
Character range for binary bytes (0-255)
1.14.0 