Last active
April 24, 2024 03:13
-
-
Save donvito/efb2c643b724cf6ff453da84985281f8 to your computer and use it in GitHub Desktop.
AES-256 encrypt/decrypt in Go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "crypto/aes" | |
| "crypto/cipher" | |
| "crypto/rand" | |
| "encoding/hex" | |
| "fmt" | |
| "io" | |
| ) | |
| func main() { | |
| bytes := make([]byte, 32) //generate a random 32 byte key for AES-256 | |
| if _, err := rand.Read(bytes); err != nil { | |
| panic(err.Error()) | |
| } | |
| key := hex.EncodeToString(bytes) //encode key in bytes to string and keep as secret, put in a vault | |
| fmt.Printf("key to encrypt/decrypt : %s\n", key) | |
| encrypted := encrypt("Hello Encrypt", key) | |
| fmt.Printf("encrypted : %s\n", encrypted) | |
| decrypted := decrypt(encrypted, key) | |
| fmt.Printf("decrypted : %s\n", decrypted) | |
| } | |
| func encrypt(stringToEncrypt string, keyString string) (encryptedString string) { | |
| //Since the key is in string, we need to convert decode it to bytes | |
| key, _ := hex.DecodeString(keyString) | |
| plaintext := []byte(stringToEncrypt) | |
| //Create a new Cipher Block from the key | |
| block, err := aes.NewCipher(key) | |
| if err != nil { | |
| panic(err.Error()) | |
| } | |
| //Create a new GCM - https://en.wikipedia.org/wiki/Galois/Counter_Mode | |
| //https://golang.org/pkg/crypto/cipher/#NewGCM | |
| aesGCM, err := cipher.NewGCM(block) | |
| if err != nil { | |
| panic(err.Error()) | |
| } | |
| //Create a nonce. Nonce should be from GCM | |
| nonce := make([]byte, aesGCM.NonceSize()) | |
| if _, err = io.ReadFull(rand.Reader, nonce); err != nil { | |
| panic(err.Error()) | |
| } | |
| //Encrypt the data using aesGCM.Seal | |
| //Since we don't want to save the nonce somewhere else in this case, we add it as a prefix to the encrypted data. The first nonce argument in Seal is the prefix. | |
| ciphertext := aesGCM.Seal(nonce, nonce, plaintext, nil) | |
| return fmt.Sprintf("%x", ciphertext) | |
| } | |
| func decrypt(encryptedString string, keyString string) (decryptedString string) { | |
| key, _ := hex.DecodeString(keyString) | |
| enc, _ := hex.DecodeString(encryptedString) | |
| //Create a new Cipher Block from the key | |
| block, err := aes.NewCipher(key) | |
| if err != nil { | |
| panic(err.Error()) | |
| } | |
| //Create a new GCM | |
| aesGCM, err := cipher.NewGCM(block) | |
| if err != nil { | |
| panic(err.Error()) | |
| } | |
| //Get the nonce size | |
| nonceSize := aesGCM.NonceSize() | |
| //Extract the nonce from the encrypted data | |
| nonce, ciphertext := enc[:nonceSize], enc[nonceSize:] | |
| //Decrypt the data | |
| plaintext, err := aesGCM.Open(nil, nonce, ciphertext, nil) | |
| if err != nil { | |
| panic(err.Error()) | |
| } | |
| return fmt.Sprintf("%s", plaintext) | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment