-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #8 from sharathrnair87/feature/encyption
Encypt using pbkdf2 algo
- Loading branch information
Showing
8 changed files
with
173 additions
and
18 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,125 @@ | ||
package cmd | ||
|
||
import ( | ||
"crypto/aes" | ||
"crypto/cipher" | ||
"crypto/rand" | ||
"crypto/sha256" | ||
"encoding/hex" | ||
"fmt" | ||
"golang.org/x/crypto/pbkdf2" | ||
"io" | ||
"math/big" | ||
"os" | ||
"strings" | ||
) | ||
|
||
func deriveKey(passphrase string, salt []byte) ([]byte, []byte, error) { | ||
if salt == nil { | ||
salt = make([]byte, 32) | ||
if _, err := io.ReadFull(rand.Reader, salt); err != nil { | ||
return nil, nil, fmt.Errorf("%w", err) | ||
} | ||
} | ||
key := pbkdf2.Key([]byte(passphrase), salt, 4096, 32, sha256.New) | ||
return key, salt, nil | ||
} | ||
|
||
func encryptContents(filestream []byte, passphrase string) ([]byte, error) { | ||
key, salt, err := deriveKey(passphrase, nil) | ||
if err != nil { | ||
return nil, fmt.Errorf("❌ Error generating salt: %w", err) | ||
} | ||
block, err := aes.NewCipher(key) | ||
if err != nil { | ||
return nil, fmt.Errorf("❌ Error creating cipher: %w", err) | ||
} | ||
|
||
aesgcm, err := cipher.NewGCM(block) | ||
if err != nil { | ||
return nil, fmt.Errorf("❌ Error creating GCM: %w", err) | ||
} | ||
|
||
nonce := make([]byte, aesgcm.NonceSize()) | ||
if _, err = io.ReadFull(rand.Reader, nonce); err != nil { | ||
return nil, fmt.Errorf("❌ Error generating nonce: %w", err) | ||
} | ||
|
||
ciphertext := aesgcm.Seal(nonce, nonce, filestream, nil) | ||
|
||
if ciphertext == nil { | ||
return nil, fmt.Errorf("❌ Error creating output file: %w", err) | ||
} | ||
|
||
encryptStream := fmt.Sprintf("%s-%s", hex.EncodeToString(salt), hex.EncodeToString(ciphertext)) | ||
|
||
return []byte(encryptStream), nil | ||
} | ||
|
||
func decryptFile(filename string, passphrase string) (string, error) { | ||
outfileName := strings.TrimSuffix(filename, ".enc") | ||
data, err := os.ReadFile(filename) | ||
if err != nil { | ||
return "", fmt.Errorf("❌ Error reading file: %w", err) | ||
} | ||
|
||
parts := strings.Split(string(data), "-") | ||
if len(parts) != 2 { | ||
return "", fmt.Errorf("❌ Error invalid ciphertext format") | ||
} | ||
|
||
salt, _ := hex.DecodeString(parts[0]) | ||
ciphertext, _ := hex.DecodeString(parts[1]) | ||
|
||
key, _, err := deriveKey(passphrase, salt) | ||
if err != nil { | ||
return "", fmt.Errorf("❌ Error parsing salt: %w", err) | ||
} | ||
block, err := aes.NewCipher(key) | ||
if err != nil { | ||
return "", fmt.Errorf("❌ Error creating cipher: %w", err) | ||
} | ||
|
||
aesgcm, err := cipher.NewGCM(block) | ||
if err != nil { | ||
return "", fmt.Errorf("❌ Error creating GCM: %w", err) | ||
} | ||
|
||
nonceSize := aesgcm.NonceSize() | ||
nonce, ciphertext := ciphertext[:nonceSize], ciphertext[nonceSize:] | ||
plaintext, err := aesgcm.Open(nil, nonce, ciphertext, nil) | ||
if err != nil { | ||
return "", fmt.Errorf("❌ Error decrypting: %w", err) | ||
} | ||
|
||
err = os.WriteFile(outfileName, plaintext, 0644) | ||
if err != nil { | ||
return "", fmt.Errorf("❌ Error writing decrypted file: %w", err) | ||
} | ||
|
||
return "", nil | ||
} | ||
|
||
func GenPassphrase() { | ||
min := 24 | ||
max := 48 | ||
|
||
bigN, err := rand.Int(rand.Reader, big.NewInt(int64(max-min+1))) | ||
if err != nil { | ||
fmt.Println("❌ Unable to generate random integer" + err.Error()) | ||
} | ||
|
||
n := bigN.Int64() + int64(min) | ||
|
||
const charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_=+<>?" | ||
|
||
result := make([]byte, n) | ||
for i := range result { | ||
randomIndex, err := rand.Int(rand.Reader, big.NewInt(int64(len(charset)))) | ||
if err != nil { | ||
fmt.Println("❌ Unable to generate passphrase" + err.Error()) | ||
} | ||
result[i] = charset[randomIndex.Int64()] | ||
} | ||
fmt.Println("Passphrase: " + string(result)) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters