32 lines
698 B
Go
32 lines
698 B
Go
package vault
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"crypto/sha256"
|
|
|
|
"golang.org/x/crypto/pbkdf2"
|
|
)
|
|
|
|
func Pbkdf2Deriver() KeyDeriver {
|
|
const (
|
|
saltLength = 8
|
|
iterations = 1000
|
|
keyLength = 32
|
|
)
|
|
return KeyDeriverFunc(func(passphrase string, existingSalt []byte) (key []byte, salt []byte) {
|
|
salt = make([]byte, saltLength)
|
|
if existingSalt == nil {
|
|
// http://www.ietf.org/rfc/rfc2898.txt
|
|
// Salt.
|
|
_, _ = rand.Read(salt)
|
|
} else if len(existingSalt) >= saltLength {
|
|
copy(salt, existingSalt[:saltLength])
|
|
} else {
|
|
copy(salt, existingSalt)
|
|
_, _ = rand.Read(salt[len(existingSalt):])
|
|
}
|
|
|
|
return pbkdf2.Key([]byte(passphrase), salt, iterations, keyLength, sha256.New), salt
|
|
})
|
|
}
|