127 lines
4.3 KiB
Markdown
127 lines
4.3 KiB
Markdown
# 9.6 Encrypt and decrypt data
|
|
|
|
The previous section describes how to store passwords, but sometimes we want to change some sensitive data encrypted and stored up sometime in the future, with the need to decrypt them out , then we should use a symmetric encryption algorithm to meet our needs.
|
|
|
|
## Base64 Encryption and decryption
|
|
|
|
If the Web application is simple enough, data security is no less stringent requirements, then you can use a relatively simple method of encryption and decryption is `base64`, this approach is relatively simple to implement , Go language `base64` package has been well support of this , consider the following examples:
|
|
|
|
package main
|
|
|
|
import (
|
|
"encoding/base64"
|
|
"fmt"
|
|
)
|
|
|
|
func base64Encode(src []byte) []byte {
|
|
return []byte(base64.StdEncoding.EncodeToString(src))
|
|
}
|
|
|
|
func base64Decode(src []byte) ([]byte, error) {
|
|
return base64.StdEncoding.DecodeString(string(src))
|
|
}
|
|
|
|
func main() {
|
|
// encode
|
|
hello := "你好,世界! hello world"
|
|
debyte := base64Encode([]byte(hello))
|
|
fmt.Println(debyte)
|
|
// decode
|
|
enbyte, err := base64Decode(debyte)
|
|
if err != nil {
|
|
fmt.Println(err.Error())
|
|
}
|
|
|
|
if hello != string(enbyte) {
|
|
fmt.Println("hello is not equal to enbyte")
|
|
}
|
|
|
|
fmt.Println(string(enbyte))
|
|
}
|
|
|
|
|
|
## Advanced encryption and decryption
|
|
|
|
Go inside the `crypto` language support symmetric encryption advanced encryption package are:
|
|
|
|
- `crypto/aes` package: AES (Advanced Encryption Standard), also known as Rijndael encryption method used is the U.S. federal government as a block encryption standard.
|
|
- `crypto/des` package: DES (Data Encryption Standard), is a symmetric encryption standard , is currently the most widely used key system, especially in protecting the security of financial data.
|
|
Was a United States federal government encryption standard, but has now been replaced by AES.
|
|
|
|
Because of these two algorithms using methods similar to, so in this, we just aes package as an example to explain their use, see the following example
|
|
|
|
package main
|
|
|
|
import (
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
"fmt"
|
|
"os"
|
|
)
|
|
|
|
var commonIV = []byte{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}
|
|
|
|
func main() {
|
|
// Need to encrypt a string
|
|
plaintext := []byte("My name is Astaxie")
|
|
// If the incoming encrypted strings of words, plaint is that the incoming string
|
|
if len(os.Args) > 1 {
|
|
plaintext = []byte(os.Args[1])
|
|
}
|
|
|
|
// aes encryption string
|
|
key_text := "astaxie12798akljzmknm.ahkjkljl;k"
|
|
if len(os.Args) > 2 {
|
|
key_text = os.Args[2]
|
|
}
|
|
|
|
fmt.Println(len(key_text))
|
|
|
|
// Create the encryption algorithm aes
|
|
c, err := aes.NewCipher([]byte(key_text))
|
|
if err != nil {
|
|
fmt.Printf("Error: NewCipher(%d bytes) = %s", len(key_text), err)
|
|
os.Exit(-1)
|
|
}
|
|
|
|
// Encrypted string
|
|
cfb := cipher.NewCFBEncrypter(c, commonIV)
|
|
ciphertext := make([]byte, len(plaintext))
|
|
cfb.XORKeyStream(ciphertext, plaintext)
|
|
fmt.Printf("%s=>%x\n", plaintext, ciphertext)
|
|
|
|
// Decrypt strings
|
|
cfbdec := cipher.NewCFBDecrypter(c, commonIV)
|
|
plaintextCopy := make([]byte, len(plaintext))
|
|
cfbdec.XORKeyStream(plaintextCopy, ciphertext)
|
|
fmt.Printf("%x=>%s\n", ciphertext, plaintextCopy)
|
|
}
|
|
|
|
Above by calling the function `aes.NewCipher` ( parameter key must be 16, 24 or 32 of the [] byte, respectively, corresponding to the AES-128, AES-192 or AES-256 algorithm ) , returns a `cipher.Block` Interface this interface implements three functions:
|
|
|
|
type Block interface {
|
|
// BlockSize returns the cipher's block size.
|
|
BlockSize() int
|
|
|
|
// Encrypt encrypts the first block in src into dst.
|
|
// Dst and src may point at the same memory.
|
|
Encrypt(dst, src []byte)
|
|
|
|
// Decrypt decrypts the first block in src into dst.
|
|
// Dst and src may point at the same memory.
|
|
Decrypt(dst, src []byte)
|
|
}
|
|
|
|
These three functions implement encryption and decryption operations, a detailed look at the operation of the above example .
|
|
|
|
## Summary
|
|
|
|
This section describes several encryption algorithms, when the development of Web applications can be used in different ways according to the demand for encryption and decryption , the general application of base64 algorithm can be used , then you can use more advanced or AES DES algorithm .
|
|
|
|
|
|
## Links
|
|
|
|
- [Directory](<preface.md>)
|
|
- Previous: [store passwords](<09.5.md>)
|
|
- Next: [Summary](<09.7.md>)
|