simplecipher

package module

v0.1.0 Latest Latest Go to latest Published: Sep 29, 2024 License: BSD-3-Clause Imports: 14 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/cdfmlr/simplecipher

Links

Open Source Insights

README ¶

simplecipher

Package simplecipher provides a simple interface for encrypting and decrypting data using AES.

Features:

A bit more muggle-friendly and ready-to-use interface: wraps around the standard crypto/aes and crypto/cipher package.
string in -> string out: Input key, input plaintext, output ciphertext or output plaintext are all strings. Optional hex, base64 or base32 encoding for ciphertext.
Key derivation: Able to generate a secure key matching the required length from an arbitrary passphrase.
Padding and unpadding for plaintext if necessary.
Fuzz tested.

Cipher modes:

AEAD mode: working with string: GCM.
Block mode: working with string: CBC, CFB, OFB, CTR.
Stream mode: working with io.Reader and io.Writer: CFB, OFB, CTR.

Low-level cipher:

Currently, the only supported underlying block cipher is AES (AES-128, AES-192 and AES-256).

Usage

Install:

go get github.com/cdfmlr/simplecipher

Example:

package main

import (
	"fmt"
	"github.com/cdfmlr/simplecipher"
)

func init() {
	// Set your own salt for key derivation.
	// Never trust the default one.
	simplecipher.DefaultSalt = func() string { return "NaCl" }
}

func main() {
	// don't worry about the key length, we will derive a secure key from it.
	key := "123456"

	// plaintext to be encrypted, any string
	plaintext := "Hello, world!"

	// instance a cipher with the key (and DefaultSalt)
	cipher := simplecipher.SimpleCTR(key)

	// encrypt with cipher
	encrypted, _ := cipher.Encrypt(plaintext)
	fmt.Println("ciphertext:", encrypted)

	// decrypt with cipher
	decrypted, _ := cipher.Decrypt(encrypted)
	fmt.Println("plaintext:", decrypted)
}

Best practice:

Create a new cipher instance for each encryption.
Store and pass the key securely.
Remember to set you own salt for key derivation. And Keep it secret and safe too if possible. (Notice: You need to use the same salt for decryption and encryption.)

APIs

Cipher interface:

Encrypt(plaintext string) (ciphertext string, err error): Encrypt a plaintext string.
Decrypt(ciphertext string) (plaintext string, err error): Decrypt a ciphertext string.

Stream interface:

EncryptStream(in io.Reader, out io.Writer) (err error): Encrypt data from in to out.
DecryptStream(in io.Reader, out io.Writer) (err error): Decrypt data from in to out.

Key derivation interface:

Bytes() []byte: Return the key in bytes. So basically, anything can be a key. And we also treat the nonce, iv, etc. as keys, to make things simple.

Implementations:

Group	Method	Description
simple block	`SimpleCBC`, `SimpleCFB`, `SimpleOFB`, `SimpleCTR`	encrypt/decrypt a string, using another string to derive the key. (AES-256)
new block	`NewCBC`, `NewCFB`, `NewOFB`, `NewCTR`	encrypt/decrypt a string, using your custom key, with options to control key length, iv, padding, etc.
simple stream	`SimpleCFBStream`, `SimpleOFBStream`, `SimpleCTRStream`	encrypt/decrypt data from/to an `io.Reader`/`io.Writer`, using another string to derive the key. (AES-256)
new stream	`NewCFBStream`, `NewOFBStream`, `NewCTRStream`	encrypt/decrypt data from/to an `io.Reader`/`io.Writer`, using your custom key, with options to control key length, iv, padding, etc.
simple AEAD	`SimpleGCM`	encrypt/decrypt a string with associated authenticated data, using another string to derive the key. (AES-256)
new AEAD	`NewGCM`	encrypt/decrypt a string with associated authenticated data, using your custom key, with options to control key length, iv, padding, etc.
key derivation	`NewKey`, `NewAeskey`, `NewNonce`, `NewIV`, `NewRandomIv`	generate a secure key, aes key, nonce, iv from an arbitrary passphrase, with options to control key length, salt, etc.

Which mode should I use?

Click to see the decision tree

flowchart TD
	streamOrBlock{stream or block?}
	associatedData{associated authenticated data?}
	simpleOrCompatibleStream{simple or compatible?}
	simpleOrCompatibleAEAD{simple or compatible?}
	simpleOrCompatibleBlock{simple or compatible?}
	
	newStreams(NewCFBStream, NewOFBStream, NewCTRStream)
	simpleStreams(SimpleCFBStream, SimpleOFBStream, SimpleCTRStream)

	newBlocks(NewCBC, NewCFB, NewOFB, NewCTR)
	simpleBlocks(SimpleCBC, SimpleCFB, SimpleOFB, SimpleCTR)

	newAEADs(NewGCM)
	simpleAEADs(SimpleGCM)

	streamOrBlock--->|io.Reader in, io.Writer out|simpleOrCompatibleStream
	streamOrBlock--->|string in, string out|associatedData
	
	simpleOrCompatibleStream--->|I am a Cryptography Muggle|simpleStreams
	simpleOrCompatibleStream--->|I want to encrypt/decrypt wiht other tools|newStreams

	associatedData--->|I don't know|simpleOrCompatibleBlock
	associatedData--->|Yes|simpleOrCompatibleAEAD

	simpleOrCompatibleBlock--->|Any string as the key|simpleBlocks
	simpleOrCompatibleBlock--->|I want to encrypt/decrypt wiht other tools|newBlocks

	simpleOrCompatibleAEAD--->|Any string as the key|simpleAEADs
	simpleOrCompatibleAEAD--->|I want to encrypt/decrypt wiht other tools|newAEADs

	newBlocks--->|What's the difference?|NewCTR
	simpleBlocks--->|What's the difference?|SimpleCTR
	newStreams--->|What's the difference?|NewCTRStream
	simpleStreams--->|What's the difference?|SimpleCTRStream

What's your use case?

I just want to encrypt/decrypt a string: use SimpleCTR or NewCTR.
- Plus, if you want to associate some authenticated data with the ciphertext: use SimpleGCM or NewGCM.
I am expecting to encrypt/decrypt a lot of data from/to an io.Reader/io.Writer: use SimpleCTRStream or NewCTRStream.

What's the difference between SimpleXXX and NewXXX?

I only use this package for encryption/decryption with another string as the key (or password): SimpleXXX;
I want to encrypt/decrypt with other tools (for example, encrypting via simplecipher, decrypting via OpenSSL), or I am happy to tweak things like iv: NewXXX.

And why CTR? what's the difference between CTR, CFB, OFB and CBC?

Just use CTR if you don't know what to choose. (Because I prefer this name, literally.)
Or learn some cryptography and choose the right one for your use case: Block cipher mode of operation.

Technical details:

SimpleXXX force to use AES-256, while NewXXX allows you to choose from AES-128, AES-192 and AES-256.
SimpleXXX does key derivation with scrypt, and the result is not accessible (though you can always hack it out of course). So use NewXXX if you want to get the key and to use it with other tools.

License

BSD-3-Clause license. See LICENSE file for details.

Documentation ¶

Overview ¶

Package simplecipher wraps the standard library's crypto/cipher package.

It provides a simple interface to encrypt and decrypt strings or io.Reader/io.Writer streams using AES encryption.

Examples ¶

NewCTR
NewKey
SimpleCTR
SimpleCTRStream
SimpleGCM

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrPlaintextBlockSize  = errors.New("plaintext is not a multiple of the block size")
	ErrCipherTextTooShort  = errors.New("ciphertext too short")
	ErrCipherTextBlockSize = errors.New("ciphertext is not a multiple of the block size")
	ErrPanic               = errors.New("recovered from panic")
	ErrCopy                = errors.New("copy error")
	ErrNewAesCipher        = errors.New("aes.NewCipher error")
)

Errors

View Source

var DefaultSalt = func() string {
	return "3c7bef42a1524af19442b1b0a5751d29"
}

DefaultSalt returns a fixed random string to make the key derivation more secure. keyGen use this salt by default.

simplecipher.DefaultSalt = func() string { return "NaCl" }

Make sure to keep this function idempotence, that is, it should return the same result for each call. Otherwise, the decryption may fail due to the inconsistent key derivation.

The returned salt string is recommended to be >= 8 bytes long.

For any use case, it is recommended to customize this function to generate a different salt for each of your applications.

For real security, use New*() Ciphers with WithSalt() option to customize the salt for each key derivation. Or considering use trusted remote procedure calls to fetch the salt to avoid hardcoding the salt into the source code and binaries.

Functions ¶

This section is empty.

Types ¶

type Cipher ¶

type Cipher interface {
	// Encrypt the given plaintext and return the ciphertext as a [DefaultStringCodec] encoded string.
	Encrypt(plainText string) (cipherText string, err error)
	// Decrypt the given ciphertext ([DefaultStringCodec] encoded) and return the plaintext.
	Decrypt(cipherText string) (plainText string, err error)
}

Cipher is an interface for encryption and decryption of strings.

Cipher implementations should recover from underlying panics and return them as errors.

Cipher encodes the ciphertext with DefaultStringCodec when Encrypting and decodes the ciphertext from a DefaultStringCodec string when Decrypting.

func NewCBC ¶

func NewCBC(key, iv Key) Cipher

NewCBC creates a new CBC cipher with the given key and iv.

The iv will be prepended to the ciphertext during encryption, and the first block of the ciphertext will be treated as the IV during decryption.

It's caller's responsibility to ensure the following:

The key must be 16, 24, or 32 bytes long to select AES-128, AES-192, or AES-256.
The IV must be aes.BlockSize bytes long.
The plaintext must be padded to a multiple of aes.BlockSize bytes.

Use SimpleCBC if you are not familiar with these.

See also: cipher.NewCBCDecrypter, cipher.NewCBCEncrypter for low-level usage.

func NewCFB ¶

func NewCFB(key, iv Key) Cipher

NewCFB creates a new CFB cipher with the given key and iv.

The key must be 16, 24, or 32 bytes long to select AES-128, AES-192, or AES-256. The iv must be aes.BlockSize bytes long.

The iv will be prepended to the ciphertext during encryption, and the first block of the ciphertext will be treated as the IV during decryption.

Use SimpleCFB if you are not familiar with this.

See also: cipher.NewCFBDecrypter, cipher.NewCFBEncrypter for low-level usage.

func NewCTR ¶

func NewCTR(key, iv Key) Cipher

NewCTR creates a new CTR cipher with the given key and iv.

The key must be 16, 24, or 32 bytes long to select AES-128, AES-192, or AES-256. The iv must be aes.BlockSize bytes long.

The iv will be prepended to the ciphertext during encryption, and the first block of the ciphertext will be treated as the IV during decryption.

Use SimpleCTR if you are not familiar with this.

See also: cipher.NewCTR for low-level usage.

Example ¶

ExampleNewCTR demonstrates how to use NewCTR to encrypt a plaintext and decrypt the ciphertext using the same key and iv via OpenSSL.

rawKey := "my-raw-key-with-32-bytes-length-"
rawIv := "16ByteInitVector"

cipher := NewCTR(String(rawKey), String(rawIv))

encrypted, _ := cipher.Encrypt("Hello, World!")
fmt.Println("ciphertext by simplecipher:", encrypted)

decrypted, _ := cipher.Decrypt(encrypted)
fmt.Println("decrypted by simplecipher:", decrypted)

// or use openssl to decrypt the ciphertext
// echo "raw ciphertext" | openssl enc -d -aes-256-ctr -K "key in hex" -iv "iv in hex"

rawCiphertext, _ := hex.DecodeString(encrypted[32:]) // remove the iv, openssl doesn't recognize it
hexKey := hex.EncodeToString([]byte(rawKey))
hexIv := hex.EncodeToString([]byte(rawIv))

//fmt.Println("key in hex:", hexKey)
//fmt.Println("iv in hex:", hexIv)

opensslCmd := exec.Command("openssl", "enc", "-d", "-aes-256-ctr", "-K", hexKey, "-iv", hexIv)

opensslStdin, _ := opensslCmd.StdinPipe()
_, _ = opensslStdin.Write(rawCiphertext)
_ = opensslStdin.Close()

opensslDecrypted, _ := opensslCmd.CombinedOutput()
fmt.Println("decrypted by openssl:", string(opensslDecrypted))

Output:

ciphertext by simplecipher: 313642797465496e6974566563746f720c2058d6452bd8771bf706e8b0
decrypted by simplecipher: Hello, World!
decrypted by openssl: Hello, World!

func NewGCM ¶

func NewGCM(key, nonce Key) Cipher

NewGCM creates a new GCM cipher with the given key and nonce. It's caller's responsibility to ensure the following:

The key must be 16 or 32 bytes long to select AES-128 or AES-256.
The nonce must be 12 bytes long.

Use SimpleGCM if you are not familiar with these.

See also: cipher.NewGCM for low-level usage.

func NewOFB ¶

func NewOFB(key, iv Key) Cipher

NewOFB creates a new OFB cipher with the given key and iv.

The key must be 16, 24, or 32 bytes long to select AES-128, AES-192, or AES-256. The iv must be aes.BlockSize bytes long.

The iv will be prepended to the ciphertext during encryption, and the first block of the ciphertext will be treated as the IV during decryption.

Use SimpleOFB if you are not familiar with this.

See also: cipher.NewOFB for low-level usage.

func SimpleCBC ¶

func SimpleCBC(keyPassphrase string) Cipher

SimpleCBC creates a new AES-256-CBC cipher with the given key.

The keyPassphrase parameter can be any arbitrary string. It will be used to derive the real key used in the CBC mode via scrypt.

Random iv will be generated for each encryption and prepended to the ciphertext.

The plaintext is automatically padded to a multiple of aes.BlockSize bytes with PKCS7 padding.

func SimpleCFB ¶

func SimpleCFB(keyPassphrase string) Cipher

SimpleCFB creates a new AES-256-CFB cipher with a key derived from the given keyPassphrase and a random iv prepended to the ciphertext.

func SimpleCTR ¶

func SimpleCTR(keyPassphrase string) Cipher

SimpleCTR creates a new AES-256-CTR cipher with a key derived from the given keyPassphrase and a random iv prepended to the ciphertext.

func SimpleGCM ¶

func SimpleGCM(keyPassphrase, noncePassphrase string) Cipher

SimpleGCM creates a new AES-256-GCM cipher from the given key and nonce.

The keyPassphrase and noncePassphrase parameters can be any arbitrary strings. SimpleGCM will derive the real key and nonce used in the GCM mode from the these passphrases via scrypt.

Attention: SimpleGCM is not compatible with other libraries, because it uses a custom key derivation function. You can only decrypt the encrypted ciphertext with the same version of SimpleGCM and the same passphrases passed to it.

func SimpleOFB ¶

func SimpleOFB(keyPassphrase string) Cipher

SimpleOFB creates a new AES-256-OFB cipher with a key derived from the given keyPassphrase and a random iv prepended to the ciphertext.

type Key ¶

type Key interface {
	// Bytes return a byte slice of the key.
	Bytes() []byte
}

Key is an interface for AES cipher keys, ivs, and nonces.

To keep things simple, basically everything you need to encrypt/decrypt with AES, except the plaintext/ciphertext, are treated as keys in this package.

Notice different use cases of keys require different lengths. Use NewAesKey, NewNonce, or NewIv to create keys matching the requirements if you are not sure.

func Bytes ¶

func Bytes(b []byte) Key

Bytes is a helper function to convert a byte slice to a Key.

func NewAesKey ¶

func NewAesKey(passphrase string, options ...KeyGenOption) Key

NewAesKey creates a new AES key derived from the passphrase.

Aes256 and DefaultSalt are used by default. Use WithSalt and WithLen options to customize the key derivation.

func NewIv ¶

func NewIv(passphrase string, options ...KeyGenOption) Key

NewIv creates a new IV with aes.BlockSize bytes.

The output key will be derived from the passphrase via Sequential Memory-Hard Functions with DefaultSalt.

func NewKey ¶

func NewKey(passphrase string, len KeyLen, salt string) Key

NewKey derives a new key in the specified length from the passphrase.

The output key will be derived from the Passphrase (with Salt) via Sequential Memory-Hard Functions (see scrypt.Key for details).

Any UTF-8 string can be used as an input key (including "") and Salt.

More than 32 bytes are recommended for the Passphrase. And at least 8 bytes are recommended for Salt.

Use NewAesKey, NewNonce, or NewIv for specific key types.

Example ¶

// derive a key from a passphrase

passphrase := "my-secret-key"
keyLen := Aes256 // 32
salt := "NaCl"

key := NewKey(passphrase, keyLen, salt)

// use the key for encryption or any other purpose
_ = key

func NewNonce ¶

func NewNonce(passphrase string, options ...KeyGenOption) Key

NewNonce creates a new nonce with default NonceSize.

The output key will be derived from the passphrase via Sequential Memory-Hard Functions with DefaultSalt.

func NewRandomIv ¶

func NewRandomIv() Key

NewRandomIv creates a new random IV with aes.BlockSize bytes.

func String ¶

func String(s string) Key

String is a helper function to convert a string to a Key.

type KeyGenOption ¶

type KeyGenOption func(gen *keyGen)

KeyGenOption is a functional option to customize the KeyGen struct.

func WithLen ¶

func WithLen(keyLen KeyLen) KeyGenOption

WithLen sets the key length for the AES key. Available key lengths are Aes128, Aes192, and Aes256.

If an invalid key length is provided, it will default to Aes256.

func WithPassphrase ¶

func WithPassphrase(passphrase string) KeyGenOption

WithPassphrase sets the passphrase for the key derivation. The passphrase can be any UTF-8 string. The length of the passphrase is recommended to be >= 32 bytes for security and < 72 bytes for performance.

func WithSalt ¶

func WithSalt(salt string) KeyGenOption

WithSalt sets the salt for the key derivation. The salt should be a random string >= 8 bytes long to make the key derivation more secure.

type KeyLen ¶

type KeyLen int

KeyLen is a type to indicate the length of the key in bytes.

const (
	Aes128 KeyLen = 16
	Aes192 KeyLen = 24
	Aes256 KeyLen = 32
)

Available KeyLen values for AES keys are 16, 24 and 32 bytes for Aes128, Aes192, and Aes256 respectively.

const (
	NonceSize KeyLen = 12
)

NonceSize is the default size of the nonce for AEAD ciphers.

type Stream ¶

type Stream interface {
	// EncryptStream encrypts the given plaintext from the reader
	// and write the ciphertext to the given writer without encoding.
	EncryptStream(plainText io.Reader, cipherText io.Writer) error
	// DecryptStream decrypts the given ciphertext (not encoded)
	// and write the plaintext to the given writer.
	DecryptStream(cipherText io.Reader, plainText io.Writer) error
}

Stream is an interface for encryption and decryption of io.Reader and io.Writer.

Notice that, unlike Cipher, Stream does not encode the ciphertext. The cipherText output of Encrypt and the cipherText input of Decrypt are not encoded in any way (or in NopCodec), they are just raw bytes.

func NewCFBStream ¶

func NewCFBStream(key, iv Key) Stream

NewCFBStream creates a new CFB stream cipher with the given key and iv.

The iv will be used as the initial value for the CFB mode.

It's caller's responsibility to ensure the following:

The key must be 16, 24, or 32 bytes long to select AES-128, AES-192, or AES-256.
The IV must be aes.BlockSize bytes long.

Use SimpleCFBStream if you are not familiar with these. See also: cipher.NewCFBDecrypter, cipher.NewCFBEncrypter for low-level usage.

func NewCTRStream ¶

func NewCTRStream(key, iv Key) Stream

NewCTRStream creates a new CTR stream cipher with the given key and iv.

The iv will be used as the initial value for the CTR mode.

It's caller's responsibility to ensure the following:

The key must be 16, 24, or 32 bytes long to select AES-128, AES-192, or AES-256.
The IV must be aes.BlockSize bytes long.

Use SimpleCTRStream if you are not familiar with these. See also: cipher.NewCTR for low-level usage.

func NewOFBStream ¶

func NewOFBStream(key, iv Key) Stream

NewOFBStream creates a new OFB stream cipher with the given key and iv.

The iv will be used as the initial value for the OFB mode.

It's caller's responsibility to ensure the following:

The key must be 16, 24, or 32 bytes long to select AES-128, AES-192, or AES-256.
The IV must be aes.BlockSize bytes long.

Use SimpleOFBStream if you are not familiar with these. See also: cipher.NewOFB for low-level usage.

func SimpleCFBStream ¶

func SimpleCFBStream(keyPassphrase string) Stream

SimpleCFBStream creates a new AES-256-CFB stream cipher from the given key and iv.

An Aes256 key for encryption/decryption will be derived from the arbitrary keyPassphrase string via scrypt.

The iv will be a random value.

See also: NewCFBStream for more control.

func SimpleCTRStream ¶

func SimpleCTRStream(keyPassphrase string) Stream

SimpleCTRStream creates a new AES-256-CTR stream cipher from the given key and iv.

An Aes256 key for encryption/decryption will be derived from the arbitrary keyPassphrase string via scrypt.

The iv will be a random value.

See also: NewCTRStream for more control.

Example ¶

DefaultSalt = func() string { return "NaCl" }

key := "my-secret-key"
plainText := "Hello, World!"

stream := SimpleCTRStream(key)

// Encrypting
plaintextReader := bytes.NewReader([]byte(plainText))
encryptedBuffer := new(bytes.Buffer)

_ = stream.EncryptStream(plaintextReader, encryptedBuffer)

encrypted := encryptedBuffer.String()
// fmt.Println(encrypted)

// Decrypting
encryptedReader := bytes.NewReader([]byte(encrypted))
decryptedBuffer := new(bytes.Buffer)

_ = stream.DecryptStream(encryptedReader, decryptedBuffer)

decrypted := decryptedBuffer.String()

fmt.Println(decrypted)

Output:

Hello, World!

func SimpleOFBStream ¶

func SimpleOFBStream(keyPassphrase string) Stream

SimpleOFBStream creates a new AES-256-OFB stream cipher from the given key and iv.

An Aes256 key for encryption/decryption will be derived from the arbitrary keyPassphrase string via scrypt.

The iv will be a random value.

See also: NewOFBStream for more control.

type StringCodec ¶

type StringCodec interface {
	EncodeToString(src []byte) string
	DecodeString(s string) ([]byte, error)
}

StringCodec is an interface that provides encoding and decoding functions for Cipher ciphertexts.

var Base32HexCodec StringCodec = base32Codec{base32.HexEncoding}

Base32HexCodec encodes and decodes using base32 encoding with extended hex alphabet:

alphabet is "0123456789ABCDEFGHIJKLMNOPQRSTUV"
padding character is '='

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
pkcs7 Package pkcs7 implements PKCS#7 padding	Package pkcs7 implements PKCS#7 padding

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL