go-crypt (crypt)
Package crypt provides go language wrappers around crypt(3). For further information on crypt see the
man page
If you have questions about how to use crypt (the C function), it is likely this is not the package you are looking for.
NOTE Depending on the platform, this package provides a Crypt function that is backed by different
flavors of the libc crypt. This is done by detecting the GOOS and trying to build using crypt_r (the GNU
extension) when on linux, and wrapping around plain 'ol crypt (guarded by a global lock) otherwise.
Example
import (
"fmt"
"github.com/amoghe/go-crypt"
)
func main() {
md5, err := crypt.Crypt("password", "in")
if err != nil {
fmt.Errorf("error:", err)
return
}
sha512, err := crypt.Crypt("password", "$6$SomeSaltSomePepper$")
if err != nil {
fmt.Errorf("error:", err)
return
}
fmt.Println("MD5:", md5)
fmt.Println("SHA512:", sha512)
}A Note On "Salt"
You can find out more about salt here
The hash algorithm can be selected via the salt string. Here is how to do it (relevant section from the man page):
If salt is a character string starting with the characters
"$id$" followed by a string terminated by "$":
$id$salt$encrypted
then instead of using the DES machine, id identifies the
encryption method used and this then determines how the rest
of the password string is interpreted. The following values
of id are supported:
ID | Method
─────────────────────────────────────────────────────────
1 | MD5
2a | Blowfish (not in mainline glibc; added in some
| Linux distributions)
5 | SHA-256 (since glibc 2.7)
6 | SHA-512 (since glibc 2.7)
So $5$salt$encrypted is an SHA-256 encoded password and
$6$salt$encrypted is an SHA-512 encoded one.
"salt" stands for the up to 16 characters following "$id$" in
the salt. The encrypted part of the password string is the
actual computed password. The size of this string is fixed:
MD5 | 22 characters
SHA-256 | 43 characters
SHA-512 | 86 characters
Platforms
This package has been tested on the following platforms:
- ubuntu 14.04.2 (libc 2.19)
- ubuntu 12.04.5 (libc 2.15)
- centos (libc 2.17)
- fedora 22 (libc 2.21)
All the platforms tested on have GNU libc (with extensions) so that the GOOS=linux always
compiles the reentrant versions of the crypt function (crypt_r), and exposes it to go land.
Other platforms (freebsd, netbsd) should also work (in theory) since their libc expose at least a posix compliant crypt function. On these platforms the fallback should compile and expose the 'plain' (non reentrant, thus globally locked) crypt function.
Unfortunately, I do not have access to machines that run anything other than Linux, hence the other platforms have not been tested, however I believe they should work just fine. If you can verify this (or provide a patch that fixes this), I would be grateful.
TODO
- Find someone with access to *BSD system(s)
License
Released under the MIT License