Last active
February 23, 2024 14:56
-
-
Save kkirsche/e28da6754c39d5e7ea10 to your computer and use it in GitHub Desktop.
AES-256 GCM Encryption Example in Golang
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package example_test | |
| import ( | |
| "crypto/aes" | |
| "crypto/cipher" | |
| "hex" | |
| "io" | |
| ) | |
| // AES-GCM should be used because the operation is an authenticated encryption | |
| // algorithm designed to provide both data authenticity (integrity) as well as | |
| // confidentiality. | |
| // Merged into Golang in https://go-review.googlesource.com/#/c/18803/ | |
| func ExampleNewGCMEncrypter() { | |
| // The key argument should be the AES key, either 16 or 32 bytes | |
| // to select AES-128 or AES-256. | |
| key := []byte("AES256Key-32Characters1234567890") | |
| plaintext := []byte("exampleplaintext") | |
| block, err := aes.NewCipher(key) | |
| if err != nil { | |
| panic(err.Error()) | |
| } | |
| // Never use more than 2^32 random nonces with a given key because of the risk of a repeat. | |
| nonce := make([]byte, 12) | |
| if _, err := io.ReadFull(rand.Reader, nonce); err != nil { | |
| panic(err.Error()) | |
| } | |
| aesgcm, err := cipher.NewGCM(block) | |
| if err != nil { | |
| panic(err.Error()) | |
| } | |
| ciphertext := aesgcm.Seal(nil, nonce, plaintext, nil) | |
| fmt.Printf("%x\n", ciphertext) | |
| } | |
| func ExampleNewGCMDecrypter() { | |
| // The key argument should be the AES key, either 16 or 32 bytes | |
| // to select AES-128 or AES-256. | |
| key := []byte("AES256Key-32Characters1234567890") | |
| ciphertext, _ := hex.DecodeString("f90fbef747e7212ad7410d0eee2d965de7e890471695cddd2a5bc0ef5da1d04ad8147b62141ad6e4914aee8c512f64fba9037603d41de0d50b718bd665f019cdcd") | |
| nonce, _ := hex.DecodeString("bb8ef84243d2ee95a41c6c57") | |
| block, err := aes.NewCipher(key) | |
| if err != nil { | |
| panic(err.Error()) | |
| } | |
| aesgcm, err := cipher.NewGCM(block) | |
| if err != nil { | |
| panic(err.Error()) | |
| } | |
| plaintext, err := aesgcm.Open(nil, nonce, ciphertext, nil) | |
| if err != nil { | |
| panic(err.Error()) | |
| } | |
| fmt.Printf("%s\n", string(plaintext)) | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@lukejoshuapark thanks for the feedback, this was not and is not a "use this example for whatever encryption you want". For the original use case, the code has been vetted by an outside security firm and the points you raised are not in play for the use case this specific code was designed for.