github.com/wynshop-open-source/gomplate@v3.5.0+incompatible/docs-src/content/functions/crypto.yml

github.com/wynshop-open-source/gomplate@v3.5.0+incompatible/docs-src/content/functions/crypto.yml (about)

     1  ns: crypto
     2  preamble: |
     3    A set of crypto-related functions to be able to perform hashing and (simple!) encryption operations with `gomplate`.
     4  
     5    _Note: These functions are mostly wrappers of existing functions in the Go standard library. The authors of gomplate are not cryptographic experts, however, and so can not guarantee correctness of implementation. It is recommended to have your resident security experts inspect gomplate's code before using gomplate for critical security infrastructure!_
     6  funcs:
     7    - name: crypto.Bcrypt
     8      description: |
     9        Uses the [bcrypt](https://en.wikipedia.org/wiki/Bcrypt) password hashing algorithm to generate the hash of a given string. Wraps the [`golang.org/x/crypto/brypt`](https://godoc.org/golang.org/x/crypto/bcrypt) package.
    10      pipeline: true
    11      arguments:
    12        - name: cost
    13          required: false
    14          description: the cost, as a number from `4` to `31` - defaults to `10`
    15        - name: input
    16          required: true
    17          description: the input to hash, usually a password
    18      examples:
    19        - |
    20          $ gomplate -i '{{ "foo" | crypto.Bcrypt }}'
    21          $2a$10$jO8nKZ1etGkKK7I3.vPti.fYDAiBqwazQZLUhaFoMN7MaLhTP0SLy
    22        - |
    23          $ gomplate -i '{{ crypto.Bcrypt 4 "foo" }}
    24          $2a$04$zjba3N38sjyYsw0Y7IRCme1H4gD0MJxH8Ixai0/sgsrf7s1MFUK1C
    25    - name: crypto.PBKDF2
    26      description: |
    27        Run the Password-Based Key Derivation Function &num;2 as defined in
    28        [RFC 8018 (PKCS &num;5 v2.1)](https://tools.ietf.org/html/rfc8018#section-5.2).
    29  
    30        This function outputs the binary result as a hexadecimal string.
    31      pipeline: false
    32      arguments:
    33        - name: password
    34          required: true
    35          description: the password to use to derive the key
    36        - name: salt
    37          required: true
    38          description: the salt
    39        - name: iter
    40          required: true
    41          description: iteration count
    42        - name: keylen
    43          required: true
    44          description: desired length of derived key
    45        - name: hashfunc
    46          required: false
    47          description: the hash function to use - must be one of the allowed functions (either in the SHA-1 or SHA-2 sets). Defaults to `SHA-1`
    48      examples:
    49        - |
    50          $ gomplate -i '{{ crypto.PBKDF2 "foo" "bar" 1024 8 }}'
    51          32c4907c3c80792b
    52    - rawName: '`crypto.SHA1`, `crypto.SHA224`, `crypto.SHA256`, `crypto.SHA384`, `crypto.SHA512`, `crypto.SHA512_224`, `crypto.SHA512_256`'
    53      description: |
    54        Compute a checksum with a SHA-1 or SHA-2 algorithm as defined in [RFC 3174](https://tools.ietf.org/html/rfc3174) (SHA-1) and [FIPS 180-4](http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf) (SHA-2).
    55  
    56        These functions output the binary result as a hexadecimal string.
    57  
    58        _Note: SHA-1 is cryptographically broken and should not be used for secure applications._
    59      pipeline: false
    60      rawUsage: |
    61        ```
    62        crypto.SHA1 input
    63        crypto.SHA224 input
    64        crypto.SHA256 input
    65        crypto.SHA384 input
    66        crypto.SHA512 input
    67        crypto.SHA512_224 input
    68        crypto.SHA512_256 input
    69        ```
    70      arguments:
    71        - name: input
    72          required: true
    73          description: the data to hash - can be binary data or text
    74      examples:
    75        - |
    76          $ gomplate -i '{{ crypto.SHA1 "foo" }}'
    77          f1d2d2f924e986ac86fdf7b36c94bcdf32beec15
    78        - |
    79          $ gomplate -i '{{ crypto.SHA512 "bar" }}'
    80          cc06808cbbee0510331aa97974132e8dc296aeb795be229d064bae784b0a87a5cf4281d82e8c99271b75db2148f08a026c1a60ed9cabdb8cac6d24242dac4063
    81    - name: crypto.WPAPSK
    82      description: |
    83        This is really an alias to [`crypto.PBKDF2`](#crypto.PBKDF2) with the
    84        values necessary to convert ASCII passphrases to the WPA pre-shared keys for use with WiFi networks.
    85  
    86        This can be used, for example, to help generate a configuration for [wpa_supplicant](http://w1.fi/wpa_supplicant/).
    87      pipeline: false
    88      arguments:
    89        - name: ssid
    90          required: true
    91          description: the WiFi SSID (network name) - must be less than 32 characters
    92        - name: password
    93          required: true
    94          description: the password - must be between 8 and 63 characters
    95      examples:
    96        - |
    97          $ PW=abcd1234 gomplate -i '{{ crypto.WPAPSK "mynet" (getenv "PW") }}'
    98          2c201d66f01237d17d4a7788051191f31706844ac3ffe7547a66c902f2900d34