crypto
packagestandard library go1.25.5
Go to latest Published: Dec 2, 2025 License:BSD-3-Clause
Opens a new window with list of versions in this module.
Latest Latest
This package is not in the latest version of its module.
Opens a new window with license information.
Imports:3 Opens a new window with list of imports.
Imported by:47,135 Opens a new window with list of known importers.
Details
Validgo.mod file
The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
- Redistributable license
Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
- Tagged version
Modules with tagged versions give importers more predictable builds.
- Stable version
When a project reaches major version v1 it is considered stable.
- Learn more about best practices
Repository
Links
Report a Vulnerability
Documentation¶
Overview¶
Package crypto collects common cryptographic constants.
Index¶
Constants¶
This section is empty.
Variables¶
This section is empty.
Functions¶
funcRegisterHash¶
RegisterHash registers a function that returns a new instance of the givenhash function. This is intended to be called from the init function inpackages that implement hash functions.
funcSignMessage¶added ingo1.25.0
func SignMessage(signerSigner, randio.Reader, msg []byte, optsSignerOpts) (signature []byte, errerror)
SignMessage signs msg with signer. If signer implementsMessageSigner,[MessageSigner.SignMessage] is called directly. Otherwise, msg is hashedwith opts.HashFunc() and signed with [Signer.Sign].
Types¶
typeDecrypter¶added ingo1.5
type Decrypter interface {// Public returns the public key corresponding to the opaque,// private key.Public()PublicKey// Decrypt decrypts msg. The opts argument should be appropriate for// the primitive used. See the documentation in each implementation for// details.Decrypt(randio.Reader, msg []byte, optsDecrypterOpts) (plaintext []byte, errerror)}Decrypter is an interface for an opaque private key that can be used forasymmetric decryption operations. An example would be an RSA keykept in a hardware module.
typeDecrypterOpts¶added ingo1.5
type DecrypterOptsany
typeHash¶
type Hashuint
Hash identifies a cryptographic hash function that is implemented in anotherpackage.
const (MD4Hash = 1 +iota// import golang.org/x/crypto/md4MD5// import crypto/md5SHA1// import crypto/sha1SHA224// import crypto/sha256SHA256// import crypto/sha256SHA384// import crypto/sha512SHA512// import crypto/sha512MD5SHA1// no implementation; MD5+SHA1 used for TLS RSARIPEMD160// import golang.org/x/crypto/ripemd160SHA3_224// import golang.org/x/crypto/sha3SHA3_256// import golang.org/x/crypto/sha3SHA3_384// import golang.org/x/crypto/sha3SHA3_512// import golang.org/x/crypto/sha3SHA512_224// import crypto/sha512SHA512_256// import crypto/sha512BLAKE2s_256// import golang.org/x/crypto/blake2sBLAKE2b_256// import golang.org/x/crypto/blake2bBLAKE2b_384// import golang.org/x/crypto/blake2bBLAKE2b_512// import golang.org/x/crypto/blake2b)
func (Hash)HashFunc¶added ingo1.4
HashFunc simply returns the value of h so thatHash implementsSignerOpts.
func (Hash)New¶
New returns a new hash.Hash calculating the given hash function. New panicsif the hash function is not linked into the binary.
typeMessageSigner¶added ingo1.25.0
type MessageSigner interface {SignerSignMessage(randio.Reader, msg []byte, optsSignerOpts) (signature []byte, errerror)}MessageSigner is an interface for an opaque private key that can be used forsigning operations where the message is not pre-hashed by the caller.It is a superset of the Signer interface so that it can be passed to APIswhich accept Signer, which may try to do an interface upgrade.
MessageSigner.SignMessage and MessageSigner.Sign should produce the sameresult given the same opts. In particular, MessageSigner.SignMessage shouldonly accept a zero opts.HashFunc if the Signer would also accept messageswhich are not pre-hashed.
Implementations which do not provide the pre-hashed Sign API should implementSigner.Sign by always returning an error.
typePrivateKey¶
type PrivateKeyany
PrivateKey represents a private key using an unspecified algorithm.
Although this type is an empty interface for backwards compatibility reasons,all private key types in the standard library implement the following interface
interface{ Public() crypto.PublicKey Equal(x crypto.PrivateKey) bool}as well as purpose-specific interfaces such asSigner andDecrypter, whichcan be used for increased type safety within applications.
typePublicKey¶added ingo1.2
type PublicKeyany
PublicKey represents a public key using an unspecified algorithm.
Although this type is an empty interface for backwards compatibility reasons,all public key types in the standard library implement the following interface
interface{ Equal(x crypto.PublicKey) bool}which can be used for increased type safety within applications.
typeSigner¶added ingo1.4
type Signer interface {// Public returns the public key corresponding to the opaque,// private key.Public()PublicKey// Sign signs digest with the private key, possibly using entropy from// rand. For an RSA key, the resulting signature should be either a// PKCS #1 v1.5 or PSS signature (as indicated by opts). For an (EC)DSA// key, it should be a DER-serialised, ASN.1 signature structure.//// Hash implements the SignerOpts interface and, in most cases, one can// simply pass in the hash function used as opts. Sign may also attempt// to type assert opts to other types in order to obtain algorithm// specific values. See the documentation in each package for details.//// Note that when a signature of a hash of a larger message is needed,// the caller is responsible for hashing the larger message and passing// the hash (as digest) and the hash function (as opts) to Sign.Sign(randio.Reader, digest []byte, optsSignerOpts) (signature []byte, errerror)}Signer is an interface for an opaque private key that can be used forsigning operations. For example, an RSA key kept in a hardware module.
typeSignerOpts¶added ingo1.4
type SignerOpts interface {// HashFunc returns an identifier for the hash function used to produce// the message passed to Signer.Sign, or else zero to indicate that no// hashing was done.HashFunc()Hash}SignerOpts contains options for signing with aSigner.
Source Files
Directories¶
| Path | Synopsis |
|---|---|
Package aes implements AES encryption (formerly Rijndael), as defined in U.S. Federal Information Processing Standards Publication 197. | Package aes implements AES encryption (formerly Rijndael), as defined in U.S. Federal Information Processing Standards Publication 197. |
Package cipher implements standard block cipher modes that can be wrapped around low-level block cipher implementations. | Package cipher implements standard block cipher modes that can be wrapped around low-level block cipher implementations. |
Package des implements the Data Encryption Standard (DES) and the Triple Data Encryption Algorithm (TDEA) as defined in U.S. Federal Information Processing Standards Publication 46-3. | Package des implements the Data Encryption Standard (DES) and the Triple Data Encryption Algorithm (TDEA) as defined in U.S. Federal Information Processing Standards Publication 46-3. |
Package dsa implements the Digital Signature Algorithm, as defined in FIPS 186-3. | Package dsa implements the Digital Signature Algorithm, as defined in FIPS 186-3. |
Package ecdh implements Elliptic Curve Diffie-Hellman over NIST curves and Curve25519. | Package ecdh implements Elliptic Curve Diffie-Hellman over NIST curves and Curve25519. |
Package ecdsa implements the Elliptic Curve Digital Signature Algorithm, as defined in [FIPS 186-5]. | Package ecdsa implements the Elliptic Curve Digital Signature Algorithm, as defined in [FIPS 186-5]. |
Package ed25519 implements the Ed25519 signature algorithm. | Package ed25519 implements the Ed25519 signature algorithm. |
Package elliptic implements the standard NIST P-224, P-256, P-384, and P-521 elliptic curves over prime fields. | Package elliptic implements the standard NIST P-224, P-256, P-384, and P-521 elliptic curves over prime fields. |
Package hkdf implements the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) as defined in RFC 5869. | Package hkdf implements the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) as defined in RFC 5869. |
Package hmac implements the Keyed-Hash Message Authentication Code (HMAC) as defined in U.S. Federal Information Processing Standards Publication 198. | Package hmac implements the Keyed-Hash Message Authentication Code (HMAC) as defined in U.S. Federal Information Processing Standards Publication 198. |
internal | |
boring Package boring provides access to BoringCrypto implementation functions. | Package boring provides access to BoringCrypto implementation functions. |
boring/bcache Package bcache implements a GC-friendly cache (see Cache) for BoringCrypto. | Package bcache implements a GC-friendly cache (see Cache) for BoringCrypto. |
boring/sig Package sig holds “code signatures” that can be called and will result in certain code sequences being linked into the final binary. | Package sig holds “code signatures” that can be called and will result in certain code sequences being linked into the final binary. |
entropy Package entropy provides the passive entropy source for the FIPS 140-3 module. | Package entropy provides the passive entropy source for the FIPS 140-3 module. |
fips140/alias Package alias implements memory aliasing tests. | Package alias implements memory aliasing tests. |
fips140/check Package check implements the FIPS 140 load-time code+data verification. | Package check implements the FIPS 140 load-time code+data verification. |
fips140/check/checktest Package checktest defines some code and data for use in the crypto/internal/fips140/check test. | Package checktest defines some code and data for use in the crypto/internal/fips140/check test. |
fips140/drbg Package drbg provides cryptographically secure random bytes usable by FIPS code. | Package drbg provides cryptographically secure random bytes usable by FIPS code. |
fips140/edwards25519 Package edwards25519 implements group logic for the twisted Edwards curve | Package edwards25519 implements group logic for the twisted Edwards curve |
fips140/edwards25519/field Package field implements fast arithmetic modulo 2^255-19. | Package field implements fast arithmetic modulo 2^255-19. |
fips140/hmac Package hmac implements HMAC according to [FIPS 198-1]. | Package hmac implements HMAC according to [FIPS 198-1]. |
fips140/mlkem Package mlkem implements the quantum-resistant key encapsulation method ML-KEM (formerly known as Kyber), as specified in [NIST FIPS 203]. | Package mlkem implements the quantum-resistant key encapsulation method ML-KEM (formerly known as Kyber), as specified in [NIST FIPS 203]. |
fips140/nistec Package nistec implements the elliptic curves from NIST SP 800-186. | Package nistec implements the elliptic curves from NIST SP 800-186. |
fips140/sha256 Package sha256 implements the SHA-224 and SHA-256 hash algorithms as defined in FIPS 180-4. | Package sha256 implements the SHA-224 and SHA-256 hash algorithms as defined in FIPS 180-4. |
fips140/sha3 Package sha3 implements the SHA-3 fixed-output-length hash functions and the SHAKE variable-output-length functions defined by [FIPS 202], as well as the cSHAKE extendable-output-length functions defined by [SP 800-185]. | Package sha3 implements the SHA-3 fixed-output-length hash functions and the SHAKE variable-output-length functions defined by [FIPS 202], as well as the cSHAKE extendable-output-length functions defined by [SP 800-185]. |
fips140/sha512 Package sha512 implements the SHA-384, SHA-512, SHA-512/224, and SHA-512/256 hash algorithms as defined in FIPS 180-4. | Package sha512 implements the SHA-384, SHA-512, SHA-512/224, and SHA-512/256 hash algorithms as defined in FIPS 180-4. |
fips140/ssh Package ssh implements the SSH KDF as specified in RFC 4253, Section 7.2 and allowed by SP 800-135 Revision 1. | Package ssh implements the SSH KDF as specified in RFC 4253, Section 7.2 and allowed by SP 800-135 Revision 1. |
fips140/tls13 Package tls13 implements the TLS 1.3 Key Schedule as specified in RFC 8446, Section 7.1 and allowed by FIPS 140-3 IG 2.4.B Resolution 7. | Package tls13 implements the TLS 1.3 Key Schedule as specified in RFC 8446, Section 7.1 and allowed by FIPS 140-3 IG 2.4.B Resolution 7. |
fips140cache Package fips140cache provides a weak map that associates the lifetime of values with the lifetime of keys. | Package fips140cache provides a weak map that associates the lifetime of values with the lifetime of keys. |
fips140deps Package fipsdeps contains wrapper packages for internal APIs that are exposed to the FIPS module. | Package fipsdeps contains wrapper packages for internal APIs that are exposed to the FIPS module. |
impl Package impl is a registry of alternative implementations of cryptographic primitives, to allow selecting them for testing. | Package impl is a registry of alternative implementations of cryptographic primitives, to allow selecting them for testing. |
randutil Package randutil contains internal randomness utilities for various crypto packages. | Package randutil contains internal randomness utilities for various crypto packages. |
sysrand Package rand provides cryptographically secure random bytes from the operating system. | Package rand provides cryptographically secure random bytes from the operating system. |
Package md5 implements the MD5 hash algorithm as defined in RFC 1321. | Package md5 implements the MD5 hash algorithm as defined in RFC 1321. |
Package mlkem implements the quantum-resistant key encapsulation method ML-KEM (formerly known as Kyber), as specified in [NIST FIPS 203]. | Package mlkem implements the quantum-resistant key encapsulation method ML-KEM (formerly known as Kyber), as specified in [NIST FIPS 203]. |
Package pbkdf2 implements the key derivation function PBKDF2 as defined in RFC 8018 (PKCS #5 v2.1). | Package pbkdf2 implements the key derivation function PBKDF2 as defined in RFC 8018 (PKCS #5 v2.1). |
Package rand implements a cryptographically secure random number generator. | Package rand implements a cryptographically secure random number generator. |
Package rc4 implements RC4 encryption, as defined in Bruce Schneier's Applied Cryptography. | Package rc4 implements RC4 encryption, as defined in Bruce Schneier's Applied Cryptography. |
Package rsa implements RSA encryption as specified in PKCS #1 and RFC 8017. | Package rsa implements RSA encryption as specified in PKCS #1 and RFC 8017. |
Package sha1 implements the SHA-1 hash algorithm as defined in RFC 3174. | Package sha1 implements the SHA-1 hash algorithm as defined in RFC 3174. |
Package sha256 implements the SHA224 and SHA256 hash algorithms as defined in FIPS 180-4. | Package sha256 implements the SHA224 and SHA256 hash algorithms as defined in FIPS 180-4. |
Package sha3 implements the SHA-3 hash algorithms and the SHAKE extendable output functions defined in FIPS 202. | Package sha3 implements the SHA-3 hash algorithms and the SHAKE extendable output functions defined in FIPS 202. |
Package sha512 implements the SHA-384, SHA-512, SHA-512/224, and SHA-512/256 hash algorithms as defined in FIPS 180-4. | Package sha512 implements the SHA-384, SHA-512, SHA-512/224, and SHA-512/256 hash algorithms as defined in FIPS 180-4. |
Package subtle implements functions that are often useful in cryptographic code but require careful thought to use correctly. | Package subtle implements functions that are often useful in cryptographic code but require careful thought to use correctly. |
Package tls partially implements TLS 1.2, as specified in RFC 5246, and TLS 1.3, as specified in RFC 8446. | Package tls partially implements TLS 1.2, as specified in RFC 5246, and TLS 1.3, as specified in RFC 8446. |
internal/fips140tls Package fips140tls controls whether crypto/tls requires FIPS-approved settings. | Package fips140tls controls whether crypto/tls requires FIPS-approved settings. |
Package x509 implements a subset of the X.509 standard. | Package x509 implements a subset of the X.509 standard. |
internal/macos Package macOS provides cgo-less wrappers for Core Foundation and Security.framework, similarly to how package syscall provides access to libSystem.dylib. | Package macOS provides cgo-less wrappers for Core Foundation and Security.framework, similarly to how package syscall provides access to libSystem.dylib. |
pkix Package pkix contains shared, low level structures used for ASN.1 parsing and serialization of X.509 certificates, CRL and OCSP. | Package pkix contains shared, low level structures used for ASN.1 parsing and serialization of X.509 certificates, CRL and OCSP. |
Click to show internal directories.
Click to hide internal directories.