crypt

package module
v1.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 27, 2025 License: MIT Imports: 6 Imported by: 0

README

made-with-Go Go Reference GoReportCard

Go Version Release

crypt

A Simple Crypto Library

Most code in this package was taken from Nic Raboy's AES Crypto Post @ ThePoliglotDeveloper.com

Made some enhancements based on suggestions made on the comments section.

Not intended as a full-fledge library, just some place to put functions I use for simple crypto needs (like putting encrypted sensible data on a json configuration file).

Usage recommendations

Salt and Pepper

A good practice is to use different Salt values for each encripted item.

For example if you are encrypting user passwords you should use a different (and random) salt value for each user. You can store the salt value along with the username and encrypted passwords. You can use the function RandomSalt() for this. A size of 32 bytes or more is recommended.

The passphrase (also sometimes called pepper) can be the same for all items, and must not be stored along with the salt and encrypted data. Your code is a good place to put them. It can be as simple as a human generated string (hence the term passphrase), but you can also use CSPRNG data. The crypt.RandomSalt() function can also be used for this:

// A Simple Utility to generate a CSPRNG based Passphrase
package main

import (
	"encoding/base64"
	"fmt"

	"github.com/moisoto/crypt"
)

func main() {
	pepper, err := crypt.RandomSalt(32)
	if err != nil {
		panic(err)
	}

	phrase := base64.StdEncoding.EncodeToString(pepper)
	fmt.Println("Random Passphrase:", phrase)
}
Crypt and Decrypt

Here's a simple program that shows how to crypt and decrypt a message:

package main

import (
	"encoding/base64"
	"encoding/hex"
	"fmt"

	"github.com/moisoto/crypt"
)

func main() {

	// Salt must be Ramdom and at least 32 bytes in size
	// For example in a username/password database you should generate a
	// random salt for each user and store it along the ciphered password
	salt, err := crypt.RandomSalt(32)
	if err != nil {
		panic(err)
	}

	// You'll usually store your salt as a hex string
	hexSalt := hex.EncodeToString(salt)

	// Your passphrase can be a random string and should not be stored on the database
	// It would be contained in your code ideally.
	// Here we generated one using openssl by executing: openssl rand -base64 32 
	phrase := "dWJLXM9Eo3Nj5IzUpWmQuAtsdnaYfrsIkVrhaE1ESJU="

	// Something you want to cipher
	originalText := "My Secret Message"

	// A byte array is returned
	cipherBytes, err := crypt.Encrypt([]byte(originalText), phrase, salt)
	if err != nil {
		panic(err)
	}

	// Can be encoded as base64 for readability
	cipherText := base64.StdEncoding.EncodeToString(cipherBytes)

	// Or if you need to use it on a URL
	cipherURLText := base64.URLEncoding.EncodeToString(cipherBytes)

	fmt.Println("Hex Salt:", hexSalt)
	fmt.Println("Cipher Text:", cipherText)
	fmt.Println("URL Encoded:", cipherURLText)

	// A byte array is returned
	plainBytes, err := crypt.Decrypt(cipherBytes, phrase, salt)
	if err != nil {
		panic(err)
	}

	decryptedText := string(plainBytes)
	fmt.Println("Decrypted Text:", decryptedText)
}
If you need a more complete crypto library for go:

When browsing the comment section on Nic's Blog Post, I stumbled with Minio's SIO Package for DARE encryption on go. If you need a nicely done crypto library for go, please check it out at https://github.com/minio/sio

Documentation

Overview

Package crypt allows encryption of data using AES.

You should provide a passphrase and a salt value in order to encrypt or decrypt data. Both values should be the same for a given data item.

The salt value should be randomly generated for every item that you wish to encrypt. Function RamdomSalt can be used for that purpose.

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

func Decrypt 

func Decrypt(data []byte, passphrase string, salt []byte) (plainText []byte, err error)

Decrypt takes data encrypted with Encrypt function and returns the original decrypted data. The original passphrase and salt value used to encrypt the data must be provided.

Example 
package main

import (
	"encoding/base64"
	"encoding/hex"
	"fmt"

	"github.com/moisoto/crypt"
)

func main() {
	// Usually hard-coded in your program
	passphrase := "1SRoEa7KvB0mnrZ9QHFmCUqoj3dOsk1Yb3KT1MWrdqo5"

	// You had this stored alongside your Cipher Text
	hexSalt := "abc344e6df6d426d1b38c8989a91e19dcc4ad5918f30d306ba290eaaff12d49e"

	// Your encrypted data
	cipherText := "PX13eAF5+TCD2YX7TdhW9bpM1vNUavlQWMcAVtnq/vQRJbrsiCzUtvbojfW/psY="

	// Convert from Hex String to Byte Array
	salt, err := hex.DecodeString(hexSalt)
	if err != nil {
		panic(err)
	}

	// Convert from Base64 String to Byte Array
	cipherBytes, err := base64.StdEncoding.DecodeString(cipherText)
	if err != nil {
		panic(err)
	}

	// Decrypted data will be returned in a byte array
	clearBytes, err := crypt.Decrypt(cipherBytes, passphrase, salt)
	if err != nil {
		panic(err)
	}

	// Convert to readable text
	clearText := string(clearBytes)

	fmt.Println("Decrypted Data:", clearText)
}

func Encrypt 

func Encrypt(data []byte, passphrase string, salt []byte) (cipherText []byte, err error)

Encrypt takes some data and creates cipherText using AES A passphrase and a ramdon salt must be provided along the data The AES Cipher is created using a key derived from the passphrase and the salt value using the standard PBKDF2 go library

Example 
package main

import (
	"encoding/base64"
	"encoding/hex"
	"fmt"

	"github.com/moisoto/crypt"
)

func main() {
	// Some data you want to encrypt
	clearText := "Some Sensitive Data"

	// Usually hard-coded in your program
	passphrase := "1SRoEa7KvB0mnrZ9QHFmCUqoj3dOsk1Yb3KT1MWrdqo5"

	// Recommended to generate one for each item to cipher
	salt, err := crypt.RandomSalt(32)
	if err != nil {
		panic(err)
	}

	// Encrypted data will be returned in a byte array
	cipherBytes, err := crypt.Encrypt([]byte(clearText), passphrase, salt)
	if err != nil {
		panic(err)
	}

	// Can be encoded as base64 for readability
	cipherText := base64.StdEncoding.EncodeToString(cipherBytes)

	fmt.Println("Salt Text in Hex Format:     ", hex.EncodeToString(salt))
	fmt.Println("Cipher Text in Base64 Format:", cipherText)
}

func RandomSalt 

func RandomSalt(size int) (salt []byte, err error)

RandomSalt can be used to get a randomSalt for use on calls to Encrypt and Decrypt functions

Example 
package main

import (
	"encoding/base64"
	"encoding/hex"
	"fmt"

	"github.com/moisoto/crypt"
)

func main() {
	// Recommended size is 32 or more
	salt, err := crypt.RandomSalt(32)
	if err != nil {
		panic(err)
	}

	// Convert to Hex Format if you need to store it on readable form)
	hexSalt := hex.EncodeToString(salt)

	// Or to Base64
	b64Salt := base64.StdEncoding.EncodeToString(salt)

	fmt.Println("Salt in Hex Format:   ", hexSalt)
	fmt.Println("Salt in Base64 Format:", b64Salt)
}

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.