aead

package

v0.0.0-...-5613f3b Latest Latest Go to latest Published: Nov 5, 2020 License: Apache-2.0 Imports: 4 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/appscode/go

Links

Open Source Insights

README ¶

Used Method:

AESGCM

AES 256 for encryption
SHA 256 for HMAC/authentication

Process:

Encryption
- encrypt the data using aes.
- compute hash
- append the hash value with the encrypted data.

Decryption
- authenticate the data with the hash
- if data is not authentic return
- decrypt the data.

Reading materials

Language Specific Implementations are described in the {lang}-impl/README.md

Key Generation

Currently the key generation process is simple. we need 32bytes (256bits) of key to encrypt the data. so if the key length is smaller then 32 we are appending the key in an circular approach until the key is 32bytes. So a key of ABCD will become ABCDABCDABCDABCDABCDABCDABCDABCD.

Proposed Approach of key generation To Secure the key we can add some extra layer to the key generation process. This Could

find hash of the provided key. possibly - sha256
append a salt, salt could be a constant
find the hash. possible - md5
resize the key to 32 bytes as we are doing now.

##Nonce Generation Currently we are using the provided key as the nonce.

What is nonce?

Ans: A nonce is a number used once: a nonce should never be reused in a set of messages encrypted with the same key. keys are secrets that do not change often So, you have this vulnerability that if the keys leak, all the secrets leak so, they augment the secret with a dynamically added secret part that is supposed to be used only one for extra bit of protection.

NONCE

Proposed Approach of nonce generation

To Secure the nonce we can add some extra layer to the nonce generation process. This Could

generate a random nonce.
add this nonce to the encrypted text.
while decrypting find the nonce first from the data.
use this nonce to the generate decrypted text.

Notes/Development Guide

Encrypted bytes are converted to Base64 String before return.
Before Decrypting use Base64 decoder to decode the string to Bytes.
Use the test_data data to test the implementation against.

Documentation ¶

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Cryptor ¶

type Cryptor interface {
	EncryptString(plainText string, key string) (string, error)
	Encrypt(plainText []byte, key string) ([]byte, error)
	DecryptString(cipherText string, key string) (string, error)
	Decrypt(cipherText []byte, key string) ([]byte, error)
}

For background and implementation: See here: https://appscode.appscode.io/diffusion/100/

type PassThroughCryptor ¶

type PassThroughCryptor struct{}

func (PassThroughCryptor) Decrypt ¶

func (PassThroughCryptor) Decrypt(cipherText []byte, key string) ([]byte, error)

func (PassThroughCryptor) DecryptString ¶

func (PassThroughCryptor) DecryptString(cipherText string, key string) (string, error)

func (PassThroughCryptor) Encrypt ¶

func (PassThroughCryptor) Encrypt(plainText []byte, key string) ([]byte, error)

func (PassThroughCryptor) EncryptString ¶

func (PassThroughCryptor) EncryptString(plainText string, key string) (string, error)

type RealCryptor ¶

type RealCryptor struct{}

func (RealCryptor) Decrypt ¶

func (c RealCryptor) Decrypt(cipherText []byte, key string) ([]byte, error)

func (RealCryptor) DecryptString ¶

func (c RealCryptor) DecryptString(cipherText string, key string) (string, error)

func (RealCryptor) Encrypt ¶

func (c RealCryptor) Encrypt(plainText []byte, key string) ([]byte, error)

func (RealCryptor) EncryptString ¶

func (c RealCryptor) EncryptString(plainText string, key string) (string, error)

Source Files ¶

View all Source files

gcm.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL