/
crypto.go
90 lines (72 loc) · 2.5 KB
/
crypto.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
package libs
// courtesy of https://www.melvinvivas.com/how-to-encrypt-and-decrypt-data-using-aes
import (
"context"
"crypto/aes"
"crypto/cipher"
"crypto/rand"
"encoding/hex"
"fmt"
"io"
"go.opentelemetry.io/otel"
)
var tracerCrypto = otel.Tracer("crypto")
// Encrypt encrypts a string using AES-GCM algorithm with a given key. The key
// should be provided as a hexadecimal string. It returns the encrypted string
// in hexadecimal format.
func Encrypt(ctx context.Context, stringToEncrypt string, keyString string) (encryptedString string) {
_, span := tracerCrypto.Start(ctx, "Encrypt")
defer span.End()
//Since the key is in string, we need to convert decode it to bytes
key, _ := hex.DecodeString(keyString)
plaintext := []byte(stringToEncrypt)
//Create a new Cipher Block from the key
block, err := aes.NewCipher(key)
if err != nil {
panic(err.Error())
}
//Create a new GCM - https://en.wikipedia.org/wiki/Galois/Counter_Mode
//https://golang.org/pkg/crypto/cipher/#NewGCM
aesGCM, err := cipher.NewGCM(block)
if err != nil {
panic(err.Error())
}
//Create a nonce. Nonce should be from GCM
nonce := make([]byte, aesGCM.NonceSize())
if _, err = io.ReadFull(rand.Reader, nonce); err != nil {
panic(err.Error())
}
//Encrypt the data using aesGCM.Seal
//Since we don't want to save the nonce somewhere else in this case, we add it as a prefix to the encrypted data. The first nonce argument in Seal is the prefix.
ciphertext := aesGCM.Seal(nonce, nonce, plaintext, nil)
return fmt.Sprintf("%x", ciphertext)
}
// Decrypt decrypts a previously encrypted string using the same key used to
// encrypt it. It takes in an encrypted string and a key string as parameters
// and returns the decrypted string. The key must be in hexadecimal format.
func Decrypt(ctx context.Context, encryptedString string, keyString string) (decryptedString string) {
_, span := tracerCrypto.Start(ctx, "Decrypt")
defer span.End()
key, _ := hex.DecodeString(keyString)
enc, _ := hex.DecodeString(encryptedString)
//Create a new Cipher Block from the key
block, err := aes.NewCipher(key)
if err != nil {
panic(err.Error())
}
//Create a new GCM
aesGCM, err := cipher.NewGCM(block)
if err != nil {
panic(err.Error())
}
//Get the nonce size
nonceSize := aesGCM.NonceSize()
//Extract the nonce from the encrypted data
nonce, ciphertext := enc[:nonceSize], enc[nonceSize:]
//Decrypt the data
plaintext, err := aesGCM.Open(nil, nonce, ciphertext, nil)
if err != nil {
panic(err.Error())
}
return string(plaintext)
}