{"id":42148652,"url":"https://github.com/meshplus/crypto-standard","last_synced_at":"2026-01-26T18:09:09.701Z","repository":{"id":45849539,"uuid":"327204138","full_name":"meshplus/crypto-standard","owner":"meshplus","description":null,"archived":false,"fork":false,"pushed_at":"2021-12-02T05:39:56.000Z","size":367,"stargazers_count":2,"open_issues_count":1,"forks_count":3,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-08-01T04:30:00.337Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/meshplus.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-01-06T04:56:55.000Z","updated_at":"2021-12-02T05:39:59.000Z","dependencies_parsed_at":"2022-09-19T02:01:39.605Z","dependency_job_id":null,"html_url":"https://github.com/meshplus/crypto-standard","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/meshplus/crypto-standard","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/meshplus%2Fcrypto-standard","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/meshplus%2Fcrypto-standard/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/meshplus%2Fcrypto-standard/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/meshplus%2Fcrypto-standard/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/meshplus","download_url":"https://codeload.github.com/meshplus/crypto-standard/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/meshplus%2Fcrypto-standard/sbom","scorecard":{"id":637220,"data":{"date":"2025-08-11","repo":{"name":"github.com/meshplus/crypto-standard","commit":"9e2190d8568e6eb5d5acf200bf2955ef4c6a72d7"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.7,"checks":[{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":2,"reason":"Found 2/8 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/meshplus/crypto-standard/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/meshplus/crypto-standard/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/meshplus/crypto-standard/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/meshplus/crypto-standard/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/meshplus/crypto-standard/ci.yml/master?enable=pin","Warn: downloadThenRun not pinned by hash: scripts/fmt.sh:10","Info:   0 out of   4 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 9 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"35 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-ff7x-qrg7-qggm","Warn: Project is vulnerable to: GHSA-q42p-pg8m-cqh6","Warn: Project is vulnerable to: GHSA-w457-6q6x-cgp9","Warn: Project is vulnerable to: GHSA-62gr-4qp9-h98f","Warn: Project is vulnerable to: GHSA-f52g-6jhx-586p","Warn: Project is vulnerable to: GHSA-2cf5-4w76-r9qv","Warn: Project is vulnerable to: GHSA-3cqr-58rm-57f8","Warn: Project is vulnerable to: GHSA-g9r4-xpmj-mj65","Warn: Project is vulnerable to: GHSA-q2c6-c6pm-g3gh","Warn: Project is vulnerable to: GHSA-765h-qjxv-5f44","Warn: Project is vulnerable to: GHSA-f2jv-r9rf-7988","Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj","Warn: Project is vulnerable to: GHSA-qqgx-2p2h-9c37","Warn: Project is vulnerable to: GHSA-4xc9-xhrj-v574","Warn: Project is vulnerable to: GHSA-x5rq-j2xg-h7qm","Warn: Project is vulnerable to: GHSA-jf85-cpcp-j695","Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw","Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9","Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm","Warn: Project is vulnerable to: GHSA-4xcv-9jjx-gfj3","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m","Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-44c6-4v22-4mhx","Warn: Project is vulnerable to: GHSA-4x5v-gmq8-25ch","Warn: Project is vulnerable to: GHSA-7xcx-6wjh-7xp2","Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v","Warn: Project is vulnerable to: GHSA-38fc-wpqx-33j7","Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7","Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh","Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-21T09:33:45.039Z","repository_id":45849539,"created_at":"2025-08-21T09:33:45.039Z","updated_at":"2025-08-21T09:33:45.039Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28784093,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-26T13:55:28.044Z","status":"ssl_error","status_checked_at":"2026-01-26T13:55:26.068Z","response_time":59,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-26T18:09:04.511Z","updated_at":"2026-01-26T18:09:09.693Z","avatar_url":"https://github.com/meshplus.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"crypto-standard\n============\n\n\u003e Standard crypto algorithm implement.\n\n## Table of Contents\n\n- [Usage](#usage)\n- [API](#api)\n- [Mockgen](#mockgen)\n- [GitCZ](#gitcz)\n- [Contribute](#contribute)\n- [License](#license)\n\n## usage\n### hash\n```\n    hasher := NewHasher(SHA3_512)\n\thash, _ := hasher.Hash([]byte(msg))\n\thashHex := hex.EncodeToString(hash)\n```\n### symmetric encryption\n```\n    aes := new(AES)\n    key := []byte(\"12345678123456781234567812345678\")\n    c, _ := aes.Encrypt(key, []byte(msg))\n    o, _ := aes.Decrypt(key, c)\n```\n### signature\n```\n    h, _ := hash.NewHasher(hash.KECCAK_256).Hash(msg)\n    priv, _ := GenerateKey(AlgoP256K1)\n    bytes, _ := priv.Bytes()\n    //r, s is encoded, then about 72bytes\n    sign, _ := priv.Sign(bytes, h)\n    pub, _ := priv.PublicKey()\n    b, err := pub.Verify(nil, sign, h)\n```\nThe vast majority of flato's ecdsa check (non-guomi) actually uses the recovery method, which is called the 'recovery mode' of the check in this package. This method is more efficient.\nThe main feature of using this kind of check in flato is that the public key is not provided during the verification, but the public key value is calculated by sign, then the address is calculated by the public key value, and the address is compared to complete the check.\n\n\nNote: The use of this check in flato cannot use the above check method. If this is the case, please refer to the code below.\n```\n    //Calculation signature\n    h, _ := hash.NewHasher(hash.KECCAK_256).Hash(msg)\n    //The effect of incoming AlgoP256K1 or AlgoP256K1Recover is the same here\n    priv, _ := GenerateKey(AlgoP256K1)  \n    bytes, _ := priv.Bytes()\n    //r, s is encoded, then about 72bytes\n    sign, _ := priv.Sign(bytes, h) \n\n    //You may get an address from some way, but you can also calculate the address in this way here.\n    pub, _ := priv.PublicKey()\n    pubByte,_ := pub.Bytes()\n    temp,_ := hash.NewHasher(hash.KECCAK_256).Hash(pubByte)\n    address:= temp[12:]\n\n    //Here's how you can use the address, hash, and signature data to complete the check.\n    recoverPub := NewECDSAPublicKey().FromBytes(address, AlgoP256K1Recover)\n    b, err := recoverPub.Verify(nil, sign, h)\n```\n## api\n### hash\nInstantiate Hasher\n```func NewHasher(hashType HashType) *Hasher```\n\nComputational hash\n```func (h *Hasher) Hash(msg []byte) (hash []byte, err error)```\n\n### symmetric encryption\nEncrypt\n```func (ea *AES) Encrypt(key, originMsg []byte, reader io.Reader) (encryptedMsg []byte, err error)```\n\nDecrypt\n```func (ea *AES) Decrypt(key, encryptedMsg []byte) (originMsg []byte, err error)```\n\n### signature\nGenerate key pair\n```func GenerateKey(opt int) (*ECDSAPrivateKey, error) ```\n\nGenerate signature\n```func (key *ECDSAPrivateKey) Sign(k, digest []byte, reader io.Reader) (signature []byte, err error) ```\n\nVerification signature\n```func (key *ECDSAPublicKey) Verify(_ []byte, signature, digest []byte) (valid bool, err error) ```\n\n\n## Mockgen\n\nInstall **mockgen** : `go get github.com/golang/mock/mockgen`\n\nHow to use?\n\n- source： Specify interface file\n- destination: Generated file name\n- package:The package name of the generated file\n- imports: Dependent package that requires import\n- aux_files: Attach a file when there is more than one file in the interface file\n- build_flags: Parameters passed to the build tool\n\nEg.`mockgen -destination mock/mock_crypto.go -package crypto -source crypto.go`\n\n## GitCZ\n\n**Note**: Please use command `npm install` if you are the first time to use `git cz` in this repo.\n\n## Contribute\n\nPRs are welcome!\n\nSmall note: If editing the Readme, please conform to the [standard-readme](https://github.com/RichardLitt/standard-readme) specification.\n\n## License\n\ncrypto-standard is currently under Apache 2.0 license. See the LICENSE file for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmeshplus%2Fcrypto-standard","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmeshplus%2Fcrypto-standard","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmeshplus%2Fcrypto-standard/lists"}