Tags
#php
#kotlin
#bash
#go
#sql
#rust
#typescript
#html
#java
#python
#files
#utils
#strings
#http
#concurrency
#async
#json
#arrays
#security
#types
#crypto
#database
#dates
#format
PHP
Build & Sign a JWT (HS256)
Generate a JWT manually using only base64-url and hash_hmac — no library required. Demonstrates header/payload/signature concatenation and the exp claim.
@admin
PHP
Verify a JWT (HS256)
Pair to jwtSign: verify the signature, check the exp claim, and return the decoded payload — or null on any failure. Uses hash_equals for constant-time signature comparison.
PHP
TOTP Code Generate + Verify
Generate and verify a 6-digit time-based one-time password (RFC 6238) compatible with Google Authenticator / Authy. Uses a base32-encoded secret and 30-second time steps.
TypeScript
Crypto-Strong Random Password
Generate a strong random password in browser or modern Node. Uses crypto.getRandomValues with rejection sampling for an unbiased distribution.
Python
Generate Strong Random Password
Build a password using the `secrets` module (CSPRNG) with rejection sampling for unbiased distribution. Use this — NOT random.choice, which is seeded predictably.
PHP
Generate Secure API Key
Mint an API key with a recognizable prefix ("sk_live_…") and 32 bytes of crypto-random entropy encoded as URL-safe base64. Stripe-style readable IDs.
Python
JWT Sign + Verify (PyJWT)
The de-facto JWT library for Python. HS256 demo with an exp claim and the standard "verify everything" decode flow. Mind that PyJWT raises specific exceptions you can catch separately.
JavaScript
Web Crypto — AES-GCM Encrypt & Decrypt
Encrypts and decrypts text using AES-GCM (256-bit) via the browser's native Web Crypto API — no external library needed. A random 96-bit IV is generated per encryption and prepended to the output so decryption can recover it. Suitable for encrypting sensitive data client-side before storage.
Bash
Generate SSH Keypair Non-Interactively
ssh-keygen normally prompts. Pass -N "" for empty passphrase, -f for the path, -t ed25519 for modern key type. Idempotent — skip if a key already exists.
Go
SHA-256 Hash of File or String
`crypto/sha256` is the canonical hash. Use the streaming `Hash` interface for files — never load multi-GB content into memory just to hash it.
Bash
Generate UUID
Several portable ways to mint a v4 UUID from the shell — useful for request IDs, idempotency keys, temporary filenames.
Python
Password Hashing with hashlib.scrypt
Hash a password with the stdlib scrypt (memory-hard, slow by design — resistant to GPU/ASIC attacks). Stores salt + parameters inline so verification doesn't need a separate config.
Bash
Hash File (SHA-256)
Compute and verify file checksums for downloads, backups, and integrity audits. sha256sum on Linux; shasum -a 256 on macOS.
PHP
Random Readable Token
Generate a short, human-readable random token using an alphabet that omits look-alike characters (0/O, 1/l/I). Useful for invite codes, short-lived signin tokens, password reset codes — anything a human might type.
Go
Crypto-Random Bytes + Hex/Base64
`crypto/rand` is the cryptographic CSPRNG. Use it for tokens, session IDs, API keys, password salts — anywhere `math/rand` would be a security bug.
PHP
Encrypt / Decrypt with libsodium
Symmetric AEAD encryption using the libsodium "secretbox" (XSalsa20-Poly1305). Built into PHP since 7.2 — no extension needed. Returns base64 ciphertext with the nonce prepended.
Bash
HMAC-SHA256 with openssl
Sign a payload with a shared secret for webhook verification (Stripe, GitHub, etc.). openssl reads the input from stdin or -in.