Skip to content
/ crypto Public

Go (golang) library for converting []byte to base64-encoded string and back again.

License

BSD-2-Clause license
4 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ShawnMilo/crypto

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
crypto.go
crypto.go
 
 

Repository files navigation

crypto

A simple library for converting a []byte to a base64-encoded string and back.

The intended use is for web applications, so data can be stored in the user's HTML form instead of in the application itself. This is reduces exposure to resource-hogging DOS attacks, and reduces the need for cache expiration.

For example, the state of the user's session in any form, such as JSON, gob, or a []byte from marshalling a struct, can be converted to a base64-encoded string and returned to the user as a <input type="hidden"> field, to be returned with the subsequent POST request.

Security

The obvious concern when accepting a value from the user is that it may have been tampered with. crypto uses HMAC to ensure that the message is returned exactly as it was provided.

The AES encryption used ensures that the user can not access any of the data, so information such as session keys can be stored.

Usage

package main

import (
    "fmt"
    "log"

    "github.com/shawnmilo/crypto"
)

func main() {
    password := "Nobody will guess this!"
    plainText := "The secret meeting is in the treehouse after school."

    fmt.Printf("original: %q\n", plainText)
    encrypted, err := crypto.Encrypt(password, []byte(plainText))
    if err != nil {
        log.Fatal(err)
    }

    fmt.Printf("encrypted: %q\n", encrypted)
    decrypted, err := crypto.Decrypt(password, encrypted)
    if err != nil {
        log.Fatal(err)
    }
    fmt.Printf("decrypted: %q\n", string(decrypted))
}

Output:

original: "The secret meeting is in the treehouse after school."
encrypted: "sSvYMQQgLYsf2QmMxrN093YBZNiCU7rYNIQEWRAi+3i1Mmw7FDxc9+d6GNaNjEad4XIKwRtX+IpLE+ZrU1PLhPVMuA1upK4VxX0XxtIlqOBGzMrFYh3t2535fJxgav5j1lH/Cg=="
decrypted: "The secret meeting is in the treehouse after school."

Note that the encrypted output will be different each time, even for the same input. This is due to AES's use of an initialization vector.

License

BSD license.

Credits

I was greatly helped by this Stackoverflow response, as well as the documentation from the Go standard library:

This technique is not original to me, and has probably been independently created my many others. I learned it from Steve Gibson, founder of Gibson Research Corporation and creator of SpinRite.

Steve Gibson also explained the reasons using HMAC authentication is important, as well as why the authentication should be done after encryption, not before, on the Security Now podcast.

Specifically, this was explained while discussing InstantCryptor on episodes 497 and 499. See the Security Now link for access to audio and text from those episodes.

About

Go (golang) library for converting []byte to base64-encoded string and back again.

Resources

Readme

License

BSD-2-Clause license
Activity

Stars

4 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages