The ALTCHA Go Library is a lightweight, zero-dependency library designed for creating and verifying ALTCHA challenges, specifically tailored for Go applications.
This library is compatible with:
- Go 1.18+
- All major platforms (Linux, Windows, macOS)
To install the ALTCHA Go Library, use the following command:
go get github.com/altcha-org/altcha-lib-goHere’s a basic example of how to use the ALTCHA Go Library:
package main import ( "fmt" "log" "time" "github.com/altcha-org/altcha-lib-go" ) func main() { hmacKey := "secret hmac key" // Create a new challenge challenge, err := altcha.CreateChallenge(altcha.ChallengeOptions{ HMACKey: hmacKey, MaxNumber: 100000, // the maximum random number }) if err != nil { log.Fatal(err) } fmt.Println("Challenge created:", challenge) // Example number var number int64 = 12345 // Example payload to verify payload := altcha.Payload{ Algorithm: challenge.Algorithm, Challenge: challenge.Challenge, Number: &number, Salt: challenge.Salt, Signature: challenge.Signature, } // Verify the solution ok, err := altcha.VerifySolution(payload, hmacKey, true) if err != nil { log.Fatal(err) } if ok { fmt.Println("Solution verified!") } else { fmt.Println("Invalid solution.") } }Creates a new challenge for ALTCHA.
Parameters:
options ChallengeOptions:Algorithm Algorithm: Hashing algorithm to use (SHA-1,SHA-256,SHA-512, default:SHA-256).MaxNumber int64: Maximum number for the random number generator (default: 1,000,000).SaltLength int: Length of the random salt (default: 12 bytes).HMACKey string: Required HMAC key.Salt string: Optional salt string. If not provided, a random salt will be generated.Number *int64: Optional specific number to use. If not provided, a random number will be generated.Expires *time.Time: Optional expiration time for the challenge.Params url.Values: Optional URL-encoded query parameters.
Returns: Challenge, error
Verifies an ALTCHA solution.
Parameters:
payload map[string]interface{}: The solution payload to verify.hmacKey string: The HMAC key used for verification.checkExpires bool: Whether to check if the challenge has expired.
Returns: bool, error
Extracts URL parameters from the payload's salt.
Parameters:
payload map[string]interface{}: The payload containing the salt.
Returns: url.Values
VerifyFieldsHash(formData map[string][]string, fields []string, fieldsHash string, algorithm Algorithm) (bool, error)
Verifies the hash of form fields.
Parameters:
formData map[string][]string: The form data to hash.fields []string: The fields to include in the hash.fieldsHash string: The expected hash value.algorithm Algorithm: Hashing algorithm (SHA-1,SHA-256,SHA-512).
Returns: bool, error
VerifyServerSignature(payload interface{}, hmacKey string) (bool, ServerSignatureVerificationData, error)
Verifies the server signature.
Parameters:
payload interface{}: The payload to verify (string orServerSignaturePayload).hmacKey string: The HMAC key used for verification.
Returns: bool, ServerSignatureVerificationData, error
SolveChallenge(challenge string, salt string, algorithm Algorithm, max int, start int, stopChan <-chan struct{}) (*Solution, error)
Finds a solution to the given challenge.
Parameters:
challenge string: The challenge hash.salt string: The challenge salt.algorithm Algorithm: Hashing algorithm (SHA-1,SHA-256,SHA-512).max int: Maximum number to iterate to.start int: Starting number.stopChan <-chan struct{}: Channel to receive stop signals.
Returns: *Solution, error
This library provides cryptographically safe variants of core methods using subtle.ConstantTimeCompare to prevent timing attacks [#3]. These methods perform two additional SHA-256 iterations.
Available methods:
VerifySolutionSafeVerifyFieldsHashSafeVerifyServerSignatureSafeSolveChallengeSafe
MIT