-
-
Save kkirsche/e28da6754c39d5e7ea10 to your computer and use it in GitHub Desktop.
| package example_test | |
| import ( | |
| "crypto/aes" | |
| "crypto/cipher" | |
| "hex" | |
| "io" | |
| ) | |
| // AES-GCM should be used because the operation is an authenticated encryption | |
| // algorithm designed to provide both data authenticity (integrity) as well as | |
| // confidentiality. | |
| // Merged into Golang in https://go-review.googlesource.com/#/c/18803/ | |
| func ExampleNewGCMEncrypter() { | |
| // The key argument should be the AES key, either 16 or 32 bytes | |
| // to select AES-128 or AES-256. | |
| key := []byte("AES256Key-32Characters1234567890") | |
| plaintext := []byte("exampleplaintext") | |
| block, err := aes.NewCipher(key) | |
| if err != nil { | |
| panic(err.Error()) | |
| } | |
| // Never use more than 2^32 random nonces with a given key because of the risk of a repeat. | |
| nonce := make([]byte, 12) | |
| if _, err := io.ReadFull(rand.Reader, nonce); err != nil { | |
| panic(err.Error()) | |
| } | |
| aesgcm, err := cipher.NewGCM(block) | |
| if err != nil { | |
| panic(err.Error()) | |
| } | |
| ciphertext := aesgcm.Seal(nil, nonce, plaintext, nil) | |
| fmt.Printf("%x\n", ciphertext) | |
| } | |
| func ExampleNewGCMDecrypter() { | |
| // The key argument should be the AES key, either 16 or 32 bytes | |
| // to select AES-128 or AES-256. | |
| key := []byte("AES256Key-32Characters1234567890") | |
| ciphertext, _ := hex.DecodeString("f90fbef747e7212ad7410d0eee2d965de7e890471695cddd2a5bc0ef5da1d04ad8147b62141ad6e4914aee8c512f64fba9037603d41de0d50b718bd665f019cdcd") | |
| nonce, _ := hex.DecodeString("bb8ef84243d2ee95a41c6c57") | |
| block, err := aes.NewCipher(key) | |
| if err != nil { | |
| panic(err.Error()) | |
| } | |
| aesgcm, err := cipher.NewGCM(block) | |
| if err != nil { | |
| panic(err.Error()) | |
| } | |
| plaintext, err := aesgcm.Open(nil, nonce, ciphertext, nil) | |
| if err != nil { | |
| panic(err.Error()) | |
| } | |
| fmt.Printf("%s\n", string(plaintext)) | |
| } |
actually nonce are pre-setted between devices, or somehow securely will sent into client to decrypt response
@ManouchehrRasoulli depends on your use case. You assumed how this is being used, and assumed incorrectly. This was written for one way usage in which it is impossible for that to occur as you described.
@Nv7-GitHub nonce and iv technically aren't secret in GCM (this can differ with other versions like CTR). You can append it to the ciphertext. With that said, some circumstances don't allow that, in which I'd direct you to https://datatracker.ietf.org/doc/html/rfc5116#section-3.2.1
This code is just bad. The encryption code generates a random nonce:
// Never use more than 2^32 random nonces with a given key because of the risk of a repeat.
nonce := make([]byte, 12)
if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
panic(err.Error())
}and the decryption code uses a fixed nonce:
nonce, _ := hex.DecodeString("bb8ef84243d2ee95a41c6c57")The correct mechanism is to attach the nonce to the ciphertext in the encrypt function and detach and use it in the decrypt function. The nonce isn't a secret value.
Further, don't use a "32 character AES key":
- Some characters are more than 1 byte 😉
- Any key that gets used that isn't randomly generated should always be passed through a KDF first. Argon2 is a good option.
@lukejoshuapark thanks for the feedback, this was not and is not a "use this example for whatever encryption you want". For the original use case, the code has been vetted by an outside security firm and the points you raised are not in play for the use case this specific code was designed for.
I am also wondering, how do you decrypt without the nonce?