32 lines
1.1 KiB
Go
32 lines
1.1 KiB
Go
package nonce
|
|
|
|
import "crypto/rand"
|
|
|
|
// TODO: some crypto scheme require more, is that our case?
|
|
//
|
|
// The spec mention:
|
|
// The REQUIRED nonce parameter nonce MAY be any value.
|
|
// A randomly generated string is RECOMMENDED to provide a unique UCAN, though it MAY
|
|
// also be a monotonically increasing count of the number of links in the hash chain.
|
|
// This field helps prevent replay attacks and ensures a unique CID per delegation.
|
|
// The iss, aud, and exp fields together will often ensure that UCANs are unique,
|
|
// but adding the nonce ensures uniqueness.
|
|
//
|
|
// The recommended size of the nonce differs by key type. In many cases, a random
|
|
// 12-byte nonce is sufficient. If uncertain, check the nonce in your DID's crypto suite.
|
|
//
|
|
// 12 bytes is 10^28, 16 bytes is 10^38. Both sounds like a lot of random to achieve
|
|
// those goals, but maybe the crypto voodoo require more.
|
|
//
|
|
// The rust implementation use 16 bytes nonce.
|
|
|
|
// Generate creates a 12-byte random nonce.
|
|
func Generate() ([]byte, error) {
|
|
res := make([]byte, 12)
|
|
_, err := rand.Read(res)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return res, nil
|
|
}
|