-
-
Save rafaelsq/9d9dc5501173146774c8 to your computer and use it in GitHub Desktop.
encrypt data!
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "fmt" | |
| "golang.org/x/crypto/bcrypt" | |
| ) | |
| func main() { | |
| pass := []byte("pa$$w0rd") | |
| salt := make([]byte, 32) | |
| data, err := bcrypt.GenerateFromPassword(pass, bcrypt.MinCost) | |
| fmt.Println(">", string(data), err) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os, random, struct | |
| from Crypto.Cipher import AES | |
| def encrypt_file(key, in_filename, out_filename=None, chunksize=64*1024): | |
| """ Encrypts a file using AES (CBC mode) with the | |
| given key. | |
| key: | |
| The encryption key - a string that must be | |
| either 16, 24 or 32 bytes long. Longer keys | |
| are more secure. | |
| in_filename: | |
| Name of the input file | |
| out_filename: | |
| If None, '<in_filename>.enc' will be used. | |
| chunksize: | |
| Sets the size of the chunk which the function | |
| uses to read and encrypt the file. Larger chunk | |
| sizes can be faster for some files and machines. | |
| chunksize must be divisible by 16. | |
| """ | |
| if not out_filename: | |
| out_filename = in_filename + '.enc' | |
| iv = ''.join(chr(random.randint(0, 0xFF)) for i in range(16)) | |
| encryptor = AES.new(key, AES.MODE_CBC, iv) | |
| filesize = os.path.getsize(in_filename) | |
| with open(in_filename, 'rb') as infile: | |
| with open(out_filename, 'wb') as outfile: | |
| outfile.write(struct.pack('<Q', filesize)) | |
| outfile.write(iv) | |
| while True: | |
| chunk = infile.read(chunksize) | |
| if len(chunk) == 0: | |
| break | |
| elif len(chunk) % 16 != 0: | |
| chunk += ' ' * (16 - len(chunk) % 16) | |
| outfile.write(encryptor.encrypt(chunk)) | |
| def decrypt_file(key, in_filename, out_filename=None, chunksize=24*1024): | |
| """ Decrypts a file using AES (CBC mode) with the | |
| given key. Parameters are similar to encrypt_file, | |
| with one difference: out_filename, if not supplied | |
| will be in_filename without its last extension | |
| (i.e. if in_filename is 'aaa.zip.enc' then | |
| out_filename will be 'aaa.zip') | |
| """ | |
| if not out_filename: | |
| out_filename = os.path.splitext(in_filename)[0] | |
| with open(in_filename, 'rb') as infile: | |
| origsize = struct.unpack('<Q', infile.read(struct.calcsize('Q')))[0] | |
| iv = infile.read(16) | |
| decryptor = AES.new(key, AES.MODE_CBC, iv) | |
| with open(out_filename, 'wb') as outfile: | |
| while True: | |
| chunk = infile.read(chunksize) | |
| if len(chunk) == 0: | |
| break | |
| outfile.write(decryptor.decrypt(chunk)) | |
| outfile.truncate(origsize) | |
| # source | |
| # http://eli.thegreenplace.net/2010/06/25/aes-encryption-of-files-in-python-with-pycrypto |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "bytes" | |
| "crypto/md5" | |
| "crypto/sha1" | |
| "encoding/base64" | |
| "encoding/json" | |
| "fmt" | |
| "log" | |
| "strings" | |
| "github.com/spacemonkeygo/openssl" | |
| "golang.org/x/crypto/pbkdf2" | |
| ) | |
| func main() { | |
| masterpass := []byte("pa$$w0rd") | |
| encodedKey := `U2FsdGVkX18O742tiin24L289EipX0yfOvS24X+XPnS2MRItGW1qQr4Lw5qd6dMYGa7zhbMUY1K/bbO0i7X0gwP/QgxCOHlyCnosq9yH0SIP7uQ8StAE1gxWaY2GM42oCIaKgXS3uvvSrtKZOyJizmgnMcA4KR5fNbfRHQoiZaWpT+2L+eckYeglN/+FN4YuAwgREzydBbzwGrJkDwWGuaHdXVBVRUMNjqJy7lP7gQ8iIVh6dPR1V733cgckPWLY6BaWs4CMrFu+/UOuPSvtnDXGjHCEXzwLjPKNKCvTF2h585Nl3zlMw/G/ZSlg0sjdy0MHOjIMMRjTKidzICNbNZgEKBe7BlW/MUBmaV4Vca+om2I8kcnC/7fBOevmZG810/zWlsPgt6nStroIMFeq1Vmqc4GnFa2GZcpKIpD7QJwAfcTfN0ALBlXgaXzO0/3bZduN2rMhoUygVPGncEcsnMfFKyknbuUXW/RHNxoOdS3k7n18yi6ZoQAeV+AVeKgHCinrGoKmmWHNTyvnZ/AXtkceuLcu99PaZidAErQdTsxxtCAUfPD++2Qs1LKwr/J9z1cnJM7TybBB+J4uNyWVLIV4WhyHGL4SZmCT2Apf0ZbqPWFKaSkelg96S5xQ0+epMxv4r6qsZoIBBJjijboWfl6UTgSzqcaDeQUbajhKTEZl65zqq00y3BG51i6AuLpjkhKNVitc/Xhu1dOT5YEja3wGsSLL2axSqSk2PG80PmprHduTkLArQkeEihED3UhtMVC40CvRcjr17FTxRjkDI2iZfDYWIxOIFDUZ1LPwiJXP3Egoi+HRFSZqQ5Uyv6WaET3a+drQFHHw+bliWYbRodx/qqb8t6ubnox/i9iaQ+eYqRXrKz58uXqBcJBhpa3+uU+Vj92qBBBxcCReZ+X5xYf9Kv8JOmjturFG1rG31qPrFuEKT+6xNSYa8qWP7rk3uKo/SZES03f4fwxDmP1/SxZtVtufWqkvvYM7ml6zwOj6fY2+65+3x2a3A/stAVtYjWLtqJbbzjzj2nSEcXr7+QN3TP0gRotbU+iLwgkrP97FPnj8ri3vmnQgqquvKu5C4dqNo6lwQuB/PaS9MF+vfHJlkDaTbk0SqfiWwjSnGJ4wQvGUCxSP2GUio4HoMmyuBy7gQ/UsU9ijuoVt/Geu3OwTpa8B7mmiWzcd5cwq/kjxJ9l460dhcyvLfoSWCDRVyvQd2kDAPRxqZ3FPKu4RNqOXr5EnqMqCeA3p6kp+copCgQUEEJxduisgYzNxdjgViWYbYzOgepKCq0jqOIrg7Rud3vD152VhbLXORyqmoYVZ3sNWTMpPCdD1mO2zkierl2JZRf78EpYUq6rzdGS9ZXApYSMH0iRIrC9rxHdHiMNPm5WVU6clVIDbcvyhMoGu` | |
| encodedPassword := `U2FsdGVkX19rzutpu67A2hGyjdoLGSnWEtTGcfSKK7w4SUATx2y3bB0HdvXpTrODvJjAa73eJUDF+oRMYVyh6k9EIBCW8XI+1aKbtQGNVnJtRoW7xrpkl3TdgC++x0e4UPjB+LBA79LK8gHTr4Ad2Kd06dWTxwpqAgsLU3VI6ZUXvoctUk9ffxCHzZocQBBHnEInovrp+/kUHZxYWZkS6/2wZiY60PH9gYyatenh472mNgS9h0sH3FW38HFVKudhxj4uIiYr+gO3Y6XxTq9th7ykhV4FwpYXL9xbKptE2H8=` | |
| iterations := 100000 | |
| // First, we need to convert key and password data from base64 to raw bytes using | |
| // helper method used to make sure there are no escape "\" chars in the key. | |
| key, err := base64decode(encodedKey) | |
| if err != nil { | |
| log.Fatalln("key is not base64:", err) | |
| } | |
| password, err := base64decode(encodedPassword) | |
| if err != nil { | |
| log.Fatalln("password is not base64:", err) | |
| } | |
| fmt.Println("key", key) | |
| fmt.Println("pass", password) | |
| // Encrypted key data is salted. To determine if key is salted you can compare | |
| // its first 8 bytes "Salted__". The rest 8 bytes are actual salt data. | |
| keySalt := key[8:16] | |
| keyData := key[16:] | |
| // Next step is to get an encryption key and IV by applying PBKDF2 to master password | |
| derivedKey := pbkdf2.Key(masterpass, keySalt, iterations, 32, sha1.New) | |
| // Now we need to extract AES key and IV from newly derived key | |
| aesKey := derivedKey[0:16] | |
| aesIv := derivedKey[16:32] | |
| // After we got AES key and IV we can use it to decrypt our key contents | |
| keyRaw, err := decrypt(keyData, aesKey, aesIv) | |
| if err != nil { | |
| log.Fatalln("unable to decrypt key:", err) | |
| } | |
| // If key decryption is successful, lets use that key to decrypt our password contents. | |
| // First, we would need to get salt and update password data | |
| passwordSalt := password[8:16] | |
| passwordData := password[16:] | |
| // Now, lets derive AES key and IV from password contents | |
| passwordKey, passwordIv := deriveKey(keyRaw, passwordSalt) | |
| // And finally, decrypt password contents | |
| passwordRaw, err := decrypt(passwordData, passwordKey, passwordIv) | |
| if err != nil { | |
| log.Fatalln("unable to decrypt password:", err) | |
| } | |
| // Print out the result | |
| printJson(passwordRaw) | |
| } | |
| func decrypt(data, key, iv []byte) ([]byte, error) { | |
| cipher, err := openssl.GetCipherByName("aes-128-cbc") | |
| if err != nil { | |
| return nil, err | |
| } | |
| ctx, err := openssl.NewDecryptionCipherCtx(cipher, nil, key, iv) | |
| if err != nil { | |
| return nil, err | |
| } | |
| cipherbytes, err := ctx.DecryptUpdate(data) | |
| if err != nil { | |
| return nil, err | |
| } | |
| finalbytes, err := ctx.DecryptFinal() | |
| if err != nil { | |
| return nil, err | |
| } | |
| cipherbytes = append(cipherbytes, finalbytes...) | |
| return cipherbytes, nil | |
| } | |
| func deriveKey(password []byte, salt []byte) (key []byte, iv []byte) { | |
| rounds := 2 | |
| data := append(password, salt...) | |
| md5Hashes := make([][]byte, rounds) | |
| sum := md5.Sum(data) | |
| md5Hashes[0] = append([]byte{}, sum[:]...) | |
| for i := 1; i < rounds; i++ { | |
| sum = md5.Sum(append(md5Hashes[i-1], data...)) | |
| md5Hashes[i] = append([]byte{}, sum[:]...) | |
| } | |
| return md5Hashes[0], md5Hashes[1] | |
| } | |
| func base64decode(data string) ([]byte, error) { | |
| sanitized := strings.Replace(data, `\`, "", -1) | |
| return base64.StdEncoding.DecodeString(sanitized) | |
| } | |
| func printJson(data []byte) { | |
| var buff bytes.Buffer | |
| if err := json.Indent(&buff, data, "", " "); err == nil { | |
| log.Printf("%s\n", buff.Bytes()) | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "crypto/aes" | |
| "crypto/cipher" | |
| "crypto/rand" | |
| "encoding/base64" | |
| "fmt" | |
| "io" | |
| ) | |
| func main() { | |
| originalText := "encrypt this golang" | |
| fmt.Println(originalText) | |
| key := []byte("example key 1234") | |
| // encrypt value to base64 | |
| cryptoText := encrypt(key, originalText) | |
| fmt.Println(cryptoText) | |
| // encrypt base64 crypto to original value | |
| text := decrypt(key, cryptoText) | |
| fmt.Printf(text) | |
| } | |
| // encrypt string to base64 crypto using AES | |
| func encrypt(key []byte, text string) string { | |
| // key := []byte(keyText) | |
| plaintext := []byte(text) | |
| block, err := aes.NewCipher(key) | |
| if err != nil { | |
| panic(err) | |
| } | |
| // The IV needs to be unique, but not secure. Therefore it's common to | |
| // include it at the beginning of the ciphertext. | |
| ciphertext := make([]byte, aes.BlockSize+len(plaintext)) | |
| iv := ciphertext[:aes.BlockSize] | |
| if _, err := io.ReadFull(rand.Reader, iv); err != nil { | |
| panic(err) | |
| } | |
| stream := cipher.NewCFBEncrypter(block, iv) | |
| stream.XORKeyStream(ciphertext[aes.BlockSize:], plaintext) | |
| // convert to base64 | |
| return base64.URLEncoding.EncodeToString(ciphertext) | |
| } | |
| // decrypt from base64 to decrypted string | |
| func decrypt(key []byte, cryptoText string) string { | |
| ciphertext, _ := base64.URLEncoding.DecodeString(cryptoText) | |
| block, err := aes.NewCipher(key) | |
| if err != nil { | |
| panic(err) | |
| } | |
| // The IV needs to be unique, but not secure. Therefore it's common to | |
| // include it at the beginning of the ciphertext. | |
| if len(ciphertext) < aes.BlockSize { | |
| panic("ciphertext too short") | |
| } | |
| iv := ciphertext[:aes.BlockSize] | |
| ciphertext = ciphertext[aes.BlockSize:] | |
| stream := cipher.NewCFBDecrypter(block, iv) | |
| // XORKeyStream can work in-place if the two arguments are the same. | |
| stream.XORKeyStream(ciphertext, ciphertext) | |
| return fmt.Sprintf("%s", ciphertext) | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "crypto/sha1" | |
| "fmt" | |
| "golang.org/x/crypto/pbkdf2" | |
| ) | |
| func main() { | |
| pass := "123456;)" | |
| salt := make([]byte, 32) | |
| data := pbkdf2.Key([]byte(pass), salt, 4096, 32, sha1.New) | |
| fmt.Println(">", string(data)) | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "fmt" | |
| "golang.org/x/crypto/scrypt" | |
| ) | |
| func main() { | |
| // http://www.tarsnap.com/scrypt.html | |
| data, err := scrypt.Key([]byte("pa$$w0rd"), make([]byte, 32), 16384, 8, 1, 32) | |
| fmt.Println(">", string(data), err) | |
| } |
<script type="text/javascript" src="https://rawgit.com/ricmoo/aes-js/master/index.js"></script>
<script type="text/javascript" src="https://rawgit.com/dcodeIO/bcrypt.js/master/dist/bcrypt.min.js"></script>
<script type="text/javascript">
var pass = "p4S$wD!";
var salt = dcodeIO.bcrypt.genSaltSync(12);
var hash = dcodeIO.bcrypt.hashSync(pass, salt)
var key = aesjs.util.convertStringToBytes(hash.slice(16, 32))
var iv = aesjs.util.convertStringToBytes(hash.slice(0, 16))
var aesCbc = new aesjs.ModeOfOperation.cbc(key, iv);
var enc = aesCbc.encrypt(textMustBe16Byte);
console.log(enc);
</script>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://sosedoff.com/2015/05/30/exploring-1password-crypto.html
http://stackoverflow.com/a/18819040/5277071
segundo http://www.tarsnap.com/scrypt.html, dentre outras fontes jogadas por aí,
utilizar o Scrypt em vez do PBKFD2 ou Mesmo Bcrypt é melhor.
Problema é implementação.
Tendo em vista que o Bcrypt é suficientemente seguro; https://github.com/dcodeIO/bcrypt.js
JS AES; https://github.com/ricmoo/aes-js