Created
August 28, 2018 13:55
-
-
Save proteye/b97212e263df17a20486e65397da8005 to your computer and use it in GitHub Desktop.
AES encryption/decryption with PBKDF2 key derivation example in Go language
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "bytes" | |
| "crypto/aes" | |
| "crypto/cipher" | |
| "crypto/rand" | |
| "crypto/sha256" | |
| "encoding/base64" | |
| "errors" | |
| "fmt" | |
| "io" | |
| "strings" | |
| "golang.org/x/crypto/pbkdf2" | |
| ) | |
| const BlockSize = 32 | |
| func deriveKey(passphrase string, salt []byte) []byte { | |
| // http://www.ietf.org/rfc/rfc2898.txt | |
| if salt == nil { | |
| salt = make([]byte, 8) | |
| // rand.Read(salt) | |
| } | |
| return pbkdf2.Key([]byte(passphrase), salt, 1000, BlockSize, sha256.New) | |
| } | |
| func addBase64Padding(value string) string { | |
| m := len(value) % 4 | |
| if m != 0 { | |
| value += strings.Repeat("=", 4-m) | |
| } | |
| return value | |
| } | |
| func removeBase64Padding(value string) string { | |
| return strings.Replace(value, "=", "", -1) | |
| } | |
| func Pad(src []byte) []byte { | |
| padding := aes.BlockSize - len(src)%aes.BlockSize | |
| padtext := bytes.Repeat([]byte{byte(padding)}, padding) | |
| return append(src, padtext...) | |
| } | |
| func Unpad(src []byte) ([]byte, error) { | |
| length := len(src) | |
| unpadding := int(src[length-1]) | |
| if unpadding > length { | |
| return nil, errors.New("unpad error. This could happen when incorrect encryption key is used") | |
| } | |
| return src[:(length - unpadding)], nil | |
| } | |
| func encrypt(key []byte, text string) (string, error) { | |
| block, err := aes.NewCipher(key) | |
| if err != nil { | |
| return "", err | |
| } | |
| msg := Pad([]byte(text)) | |
| ciphertext := make([]byte, aes.BlockSize+len(msg)) | |
| iv := ciphertext[:aes.BlockSize] | |
| if _, err := io.ReadFull(rand.Reader, iv); err != nil { | |
| return "", err | |
| } | |
| cfb := cipher.NewCFBEncrypter(block, iv) | |
| cfb.XORKeyStream(ciphertext[aes.BlockSize:], []byte(msg)) | |
| finalMsg := removeBase64Padding(base64.URLEncoding.EncodeToString(ciphertext)) | |
| return finalMsg, nil | |
| } | |
| func decrypt(key []byte, text string) (string, error) { | |
| block, err := aes.NewCipher(key) | |
| if err != nil { | |
| return "", err | |
| } | |
| decodedMsg, err := base64.URLEncoding.DecodeString(addBase64Padding(text)) | |
| if err != nil { | |
| return "", err | |
| } | |
| if (len(decodedMsg) % aes.BlockSize) != 0 { | |
| return "", errors.New("blocksize must be multipe of decoded message length") | |
| } | |
| iv := decodedMsg[:aes.BlockSize] | |
| msg := decodedMsg[aes.BlockSize:] | |
| cfb := cipher.NewCFBDecrypter(block, iv) | |
| cfb.XORKeyStream(msg, msg) | |
| unpadMsg, err := Unpad(msg) | |
| if err != nil { | |
| return "", err | |
| } | |
| return string(unpadMsg), nil | |
| } | |
| func main() { | |
| key := deriveKey("password", nil) | |
| encryptMsg, _ := encrypt(key, "Hello World") | |
| fmt.Println(encryptMsg) | |
| msg, _ := decrypt(key, encryptMsg) | |
| fmt.Println(msg) | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment