github.com/wuhuizuo/gomplate@v3.5.0+incompatible/docs/content/functions/crypto.md

github.com/wuhuizuo/gomplate@v3.5.0+incompatible/docs/content/functions/crypto.md (about)

     1  ---
     2  title: crypto functions
     3  menu:
     4    main:
     5      parent: functions
     6  ---
     7  
     8  A set of crypto-related functions to be able to perform hashing and (simple!) encryption operations with `gomplate`.
     9  
    10  _Note: These functions are mostly wrappers of existing functions in the Go standard library. The authors of gomplate are not cryptographic experts, however, and so can not guarantee correctness of implementation. It is recommended to have your resident security experts inspect gomplate's code before using gomplate for critical security infrastructure!_
    11  
    12  ## `crypto.Bcrypt`
    13  
    14  Uses the [bcrypt](https://en.wikipedia.org/wiki/Bcrypt) password hashing algorithm to generate the hash of a given string. Wraps the [`golang.org/x/crypto/brypt`](https://godoc.org/golang.org/x/crypto/bcrypt) package.
    15  
    16  ### Usage
    17  
    18  ```go
    19  crypto.Bcrypt [cost] input
    20  ```
    21  ```go
    22  input | crypto.Bcrypt [cost]
    23  ```
    24  
    25  ### Arguments
    26  
    27  | name | description |
    28  |------|-------------|
    29  | `cost` | _(optional)_ the cost, as a number from `4` to `31` - defaults to `10` |
    30  | `input` | _(required)_ the input to hash, usually a password |
    31  
    32  ### Examples
    33  
    34  ```console
    35  $ gomplate -i '{{ "foo" | crypto.Bcrypt }}'
    36  $2a$10$jO8nKZ1etGkKK7I3.vPti.fYDAiBqwazQZLUhaFoMN7MaLhTP0SLy
    37  ```
    38  ```console
    39  $ gomplate -i '{{ crypto.Bcrypt 4 "foo" }}
    40  $2a$04$zjba3N38sjyYsw0Y7IRCme1H4gD0MJxH8Ixai0/sgsrf7s1MFUK1C
    41  ```
    42  
    43  ## `crypto.PBKDF2`
    44  
    45  Run the Password-Based Key Derivation Function &num;2 as defined in
    46  [RFC 8018 (PKCS &num;5 v2.1)](https://tools.ietf.org/html/rfc8018#section-5.2).
    47  
    48  This function outputs the binary result as a hexadecimal string.
    49  
    50  ### Usage
    51  
    52  ```go
    53  crypto.PBKDF2 password salt iter keylen [hashfunc]
    54  ```
    55  
    56  ### Arguments
    57  
    58  | name | description |
    59  |------|-------------|
    60  | `password` | _(required)_ the password to use to derive the key |
    61  | `salt` | _(required)_ the salt |
    62  | `iter` | _(required)_ iteration count |
    63  | `keylen` | _(required)_ desired length of derived key |
    64  | `hashfunc` | _(optional)_ the hash function to use - must be one of the allowed functions (either in the SHA-1 or SHA-2 sets). Defaults to `SHA-1` |
    65  
    66  ### Examples
    67  
    68  ```console
    69  $ gomplate -i '{{ crypto.PBKDF2 "foo" "bar" 1024 8 }}'
    70  32c4907c3c80792b
    71  ```
    72  
    73  ## `crypto.SHA1`, `crypto.SHA224`, `crypto.SHA256`, `crypto.SHA384`, `crypto.SHA512`, `crypto.SHA512_224`, `crypto.SHA512_256`
    74  
    75  Compute a checksum with a SHA-1 or SHA-2 algorithm as defined in [RFC 3174](https://tools.ietf.org/html/rfc3174) (SHA-1) and [FIPS 180-4](http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf) (SHA-2).
    76  
    77  These functions output the binary result as a hexadecimal string.
    78  
    79  _Note: SHA-1 is cryptographically broken and should not be used for secure applications._
    80  
    81  ### Usage
    82  ```
    83  crypto.SHA1 input
    84  crypto.SHA224 input
    85  crypto.SHA256 input
    86  crypto.SHA384 input
    87  crypto.SHA512 input
    88  crypto.SHA512_224 input
    89  crypto.SHA512_256 input
    90  ```
    91  
    92  ### Arguments
    93  
    94  | name | description |
    95  |------|-------------|
    96  | `input` | _(required)_ the data to hash - can be binary data or text |
    97  
    98  ### Examples
    99  
   100  ```console
   101  $ gomplate -i '{{ crypto.SHA1 "foo" }}'
   102  f1d2d2f924e986ac86fdf7b36c94bcdf32beec15
   103  ```
   104  ```console
   105  $ gomplate -i '{{ crypto.SHA512 "bar" }}'
   106  cc06808cbbee0510331aa97974132e8dc296aeb795be229d064bae784b0a87a5cf4281d82e8c99271b75db2148f08a026c1a60ed9cabdb8cac6d24242dac4063
   107  ```
   108  
   109  ## `crypto.WPAPSK`
   110  
   111  This is really an alias to [`crypto.PBKDF2`](#crypto.PBKDF2) with the
   112  values necessary to convert ASCII passphrases to the WPA pre-shared keys for use with WiFi networks.
   113  
   114  This can be used, for example, to help generate a configuration for [wpa_supplicant](http://w1.fi/wpa_supplicant/).
   115  
   116  ### Usage
   117  
   118  ```go
   119  crypto.WPAPSK ssid password
   120  ```
   121  
   122  ### Arguments
   123  
   124  | name | description |
   125  |------|-------------|
   126  | `ssid` | _(required)_ the WiFi SSID (network name) - must be less than 32 characters |
   127  | `password` | _(required)_ the password - must be between 8 and 63 characters |
   128  
   129  ### Examples
   130  
   131  ```console
   132  $ PW=abcd1234 gomplate -i '{{ crypto.WPAPSK "mynet" (getenv "PW") }}'
   133  2c201d66f01237d17d4a7788051191f31706844ac3ffe7547a66c902f2900d34
   134  ```