Cryptography Functions
Hash functions (SHA-256, SHA-512, MD5, HMAC), password hashing with Argon2, X25519 key exchange, Ed25519 signatures, TOTP codes, and Base64 encoding.
Crypto Class
All cryptographic functions are available as static methods on the Crypto class. Standalone function aliases are also provided for convenience.
Hash Functions
Crypto.sha256(data)
Compute SHA-256 hash of a string. Also available as sha256().
Parameters
data : String - The data to hash
Returns
String - 64-character hex string (32 bytes)
let hash = Crypto.sha256("hello")
# "2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824"Crypto.sha512(data)
Compute SHA-512 hash of a string. Also available as sha512().
Parameters
data : String - The data to hash
Returns
String - 128-character hex string (64 bytes)
let hash = Crypto.sha512("hello")
# 128-character hex stringCrypto.md5(data)
Compute MD5 hash of a string. Also available as md5(). Note: MD5 is cryptographically broken. Use only for checksums, not security.
Parameters
data : String - The data to hash
Returns
String - 32-character hex string (16 bytes)
let hash = Crypto.md5("hello")
# "5d41402abc4b2a76b9719d911017c592"Crypto.hmac(message, key)
Compute HMAC-SHA256 message authentication code. Also available as hmac().
Parameters
message : String - The message to authenticatekey : String - The secret keyReturns
String - 64-character hex string (32 bytes)
let mac = Crypto.hmac("message", "secret_key")
# Use for API signature verification, webhook validation, etc.Password Hashing
Crypto.argon2_hash(password)
Hash a password using Argon2id (recommended algorithm). Also available as argon2_hash() and password_hash().
Parameters
password : String - The plain text password to hash
Returns
String - The Argon2id hash string
let hash = Crypto.argon2_hash("secretpassword")
# $argon2id$v=19$m=19456,t=2,p=1$...Crypto.argon2_verify(password, hash)
Verify a password against an Argon2id hash. Also available as argon2_verify() and password_verify().
Parameters
password : String - The plain text password to verifyhash : String - The stored hash to verify againstReturns
Bool - true if password matches, false otherwise
if Crypto.argon2_verify(user_input, stored_hash)
println("Password correct!")
else
println("Invalid password")
endX25519 Key Exchange
Crypto.x25519_keypair()
Generate an X25519 key pair for Diffie-Hellman key exchange. Also available as x25519_keypair().
Returns
Hash - { "private": String, "public": String } (hex-encoded, 64 chars each)
let keypair = Crypto.x25519_keypair
println(keypair["public"]) # Hex-encoded public key
println(keypair["private"]) # Hex-encoded private keyCrypto.x25519_public_key(private_key)
Derive the public key from a private key. Also available as x25519_public_key().
Parameters
private_key : String - Hex-encoded private key
Returns
String - Hex-encoded public key
let keypair = Crypto.x25519_keypair
let derived_public = Crypto.x25519_public_key(keypair["private"])
# derived_public == keypair["public"]Ed25519 Signatures
Crypto.ed25519_keypair()
Generate an Ed25519 signing key pair for digital signatures. Also available as ed25519_keypair().
Returns
Hash - { "private": String, "public": String } (hex-encoded, 64 chars each)
let keypair = Crypto.ed25519_keypair
# Use keypair["private"] to sign messages
# Share keypair["public"] for verificationTOTP (Time-based One-Time Password)
RFC 6238 compliant TOTP generation and verification. Compatible with Google Authenticator, Authy, and other authenticator apps.
Crypto.totp_generate(secret, time?, period?)
Generate a TOTP code (6-digit time-based one-time password). Uses HMAC-SHA1 per RFC 6238.
Parameters
secret : String - Base32-encoded secret keytime : Int? - Optional Unix timestamp (defaults to current time)period : Int? - Optional time window in seconds (defaults to 30)Returns
String - 6-digit TOTP code
# Generate code for current time
let code = Crypto.totp_generate("JBSWY3DPEHPK3PXP")
# Generate code for specific time
let code = Crypto.totp_generate("JBSWY3DPEHPK3PXP", 1704067200, 30)
# Use RFC 6238 test vector
let code = Crypto.totp_generate("GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ", 59, 30)
# Returns "287082"Crypto.totp_verify(secret, code, time?, period?)
Verify a TOTP code against a secret. Accepts the current code and the previous/next code (1 step window) to handle clock drift.
Parameters
secret : String - Base32-encoded secret keycode : String - 6-digit TOTP code to verifytime : Int? - Optional Unix timestamp (defaults to current time)period : Int? - Optional time window in seconds (defaults to 30)Returns
Bool - true if code is valid, false otherwise
let secret = "JBSWY3DPEHPK3PXP"
let user_code = request.body["code"]
if Crypto.totp_verify(secret, user_code)
println("Authentication successful!")
else
println("Invalid code")
endCrypto.totp_uri(secret, account_name?, issuer?, period?)
Generate an otpauth:// URI for easy TOTP setup in authenticator apps. This URI can be encoded into a QR code.
Parameters
secret : String - Base32-encoded secret keyaccount_name : String? - Optional account name (e.g., email)issuer : String? - Optional service name (e.g., "MyApp")period : Int? - Optional time window in seconds (defaults to 30)Returns
String - otpauth:// URI
let secret = "JBSWY3DPEHPK3PXP"
let uri = Crypto.totp_uri(secret, "[email protected]", "MyApp", 30)
# Returns: otpauth://totp/MyApp:user%40example.com?secret=...&algorithm=SHA1&digits=6&period=30
# Use with QR code library
let qr_data = QRCode.encode(uri)
# Display qr_data to user for scanning