fdce947c91
This statement is just simply wrong and even dangerous if people start to believe their application is secure, because they used Base64
88 lines
3.4 KiB
Markdown
88 lines
3.4 KiB
Markdown
# 9.6 Encrypting and decrypting data
|
|
|
|
The previous section describes how to securely store passwords, but sometimes it might be neccessary to modify some sensitive encrypted data that has already been stored into our database. When data decryption is required, we should use a symmetric encryption algorithm instead of the one-way hashing techniques we've previously covered.
|
|
|
|
## Advanced encryption and decryption
|
|
|
|
The Go language supports symmetric encryption algorithms in its `crypto` package. Two advanced encryption modules are:
|
|
|
|
- `crypto/aes` package: AES (Advanced Encryption Standard), also known as Rijndael encryption method, is used by the U.S. federal government as a block encryption standard.
|
|
- `crypto/des` package: DES (Data Encryption Standard), is a symmetric encryption standard . It's currently the most widely used key system, especially in protecting the security of financial data. It used to be the United States federal government's encryption standard, but has now been replaced by AES.
|
|
|
|
Because using these two encryption algorithms is quite similar, we'll just use the `aes` package in the following example to demonstrate how you'd typically use these packages:
|
|
|
|
package main
|
|
|
|
import (
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
"fmt"
|
|
"os"
|
|
)
|
|
|
|
var commonIV = []byte{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}
|
|
|
|
func main() {
|
|
// Need to encrypt a string
|
|
plaintext := []byte("My name is Astaxie")
|
|
// If there is an incoming string of words to be encrypted, set plaintext to that incoming string
|
|
if len(os.Args) > 1 {
|
|
plaintext = []byte(os.Args[1])
|
|
}
|
|
|
|
// aes encryption string
|
|
key_text := "astaxie12798akljzmknm.ahkjkljl;k"
|
|
if len(os.Args) > 2 {
|
|
key_text = os.Args[2]
|
|
}
|
|
|
|
fmt.Println(len(key_text))
|
|
|
|
// Create the aes encryption algorithm
|
|
c, err := aes.NewCipher([]byte(key_text))
|
|
if err != nil {
|
|
fmt.Printf("Error: NewCipher(%d bytes) = %s", len(key_text), err)
|
|
os.Exit(-1)
|
|
}
|
|
|
|
// Encrypted string
|
|
cfb := cipher.NewCFBEncrypter(c, commonIV)
|
|
ciphertext := make([]byte, len(plaintext))
|
|
cfb.XORKeyStream(ciphertext, plaintext)
|
|
fmt.Printf("%s=>%x\n", plaintext, ciphertext)
|
|
|
|
// Decrypt strings
|
|
cfbdec := cipher.NewCFBDecrypter(c, commonIV)
|
|
plaintextCopy := make([]byte, len(plaintext))
|
|
cfbdec.XORKeyStream(plaintextCopy, ciphertext)
|
|
fmt.Printf("%x=>%s\n", ciphertext, plaintextCopy)
|
|
}
|
|
|
|
Calling the above function `aes.NewCipher` (whose []byte key parameter must be 16, 24 or 32, corresponding to the AES-128, AES-192 or AES-256 algorithms, respectively), returns a `cipher.Block` Interface that implements three functions:
|
|
|
|
type Block interface {
|
|
// BlockSize returns the cipher's block size.
|
|
BlockSize() int
|
|
|
|
// Encrypt encrypts the first block in src into dst.
|
|
// Dst and src may point at the same memory.
|
|
Encrypt(dst, src []byte)
|
|
|
|
// Decrypt decrypts the first block in src into dst.
|
|
// Dst and src may point at the same memory.
|
|
Decrypt(dst, src []byte)
|
|
}
|
|
|
|
These three functions implement encryption and decryption operations; see the Go documentation for a more detailed explanation.
|
|
|
|
## Summary
|
|
|
|
This section describes encryption algorithms which can be used in different ways according to your web application's encryption and decryption needs. For applications with even basic security requirements it is recommended to use AES.
|
|
|
|
|
|
## Links
|
|
|
|
- [Directory](<preface.md>)
|
|
- Previous: [store passwords](<09.5.md>)
|
|
- Next: [Summary](<09.7.md>)
|