ff3

Documentation

Index

• Variables
• type Cipher
  • func NewCipher(radix int, key []byte, tweak []byte) (*Cipher, error)
  • func (c *Cipher) Decrypt(X string) (string, error)
  • func (c *Cipher) DecryptWithTweak(X string, tweak []byte) (string, error)
  • func (c *Cipher) Encrypt(X string) (string, error)
  • func (c *Cipher) EncryptWithTweak(X string, tweak []byte) (string, error)

Examples

• Cipher.Decrypt
• Cipher.Encrypt

Variables

var (
	// ErrStringNotInRadix is returned if input or intermediate strings cannot be parsed in the given radix
	ErrStringNotInRadix = errors.New("cryptobin/fpe: string is not within base/radix")

	// ErrTweakLengthInvalid is returned if the tweak length is not 8 bytes
	ErrTweakLengthInvalid = errors.New("cryptobin/fpe: tweak must be 8 bytes, or 64 bits")
)

Types

type Cipher

type Cipher struct {
	// contains filtered or unexported fields
}

A Cipher is an instance of the FF3 mode of format preserving encryption using a particular key, radix, and tweak

func NewCipher

func NewCipher(radix int, key []byte, tweak []byte) (*Cipher, error)

NewCipher initializes a new FF3 Cipher for encryption or decryption use based on the radix, key and tweak parameters.

func (*Cipher) Decrypt

func (c *Cipher) Decrypt(X string) (string, error)

Decrypt decrypts the string X over the current FF3 parameters and returns the plaintext of the same length and format

Example

Note: panic(err) is just used for example purposes.

// Key and tweak should be byte arrays. Put your key and tweak here.
// To make it easier for demo purposes, decode from a hex string here.
key, err := hex.DecodeString("EF4359D8D580AA4F7F036D6F04FC6A94")
if err != nil {
	panic(err)
}
tweak, err := hex.DecodeString("D8E7920AFA330A73")
if err != nil {
	panic(err)
}

// Create a new FF3 cipher "object"
// 10 is the radix/base
FF3, err := NewCipher(10, key, tweak)
if err != nil {
	panic(err)
}

ciphertext := "750918814058654607"

plaintext, err := FF3.Decrypt(ciphertext)
if err != nil {
	panic(err)
}

fmt.Println(plaintext)

Output:

890121234567890000

func (*Cipher) DecryptWithTweak

func (c *Cipher) DecryptWithTweak(X string, tweak []byte) (string, error)

DecryptWithTweak is the same as Decrypt except it uses the tweak from the parameter rather than the current Cipher's tweak This allows you to re-use a single Cipher (for a given key) and simply override the tweak for each unique data input, which is a practical use-case of FPE for things like credit card numbers.

func (*Cipher) Encrypt

func (c *Cipher) Encrypt(X string) (string, error)

Encrypt encrypts the string X over the current FF3 parameters and returns the ciphertext of the same length and format

Example

Note: panic(err) is just used for example purposes.

// Key and tweak should be byte arrays. Put your key and tweak here.
// To make it easier for demo purposes, decode from a hex string here.
key, err := hex.DecodeString("EF4359D8D580AA4F7F036D6F04FC6A94")
if err != nil {
	panic(err)
}
tweak, err := hex.DecodeString("D8E7920AFA330A73")
if err != nil {
	panic(err)
}

// Create a new FF3 cipher "object"
// 10 is the radix/base
FF3, err := NewCipher(10, key, tweak)
if err != nil {
	panic(err)
}

original := "890121234567890000"

// Call the encryption function on an example test vector
ciphertext, err := FF3.Encrypt(original)
if err != nil {
	panic(err)
}

fmt.Println(ciphertext)

Output:

750918814058654607

func (*Cipher) EncryptWithTweak

func (c *Cipher) EncryptWithTweak(X string, tweak []byte) (string, error)

EncryptWithTweak is the same as Encrypt except it uses the tweak from the parameter rather than the current Cipher's tweak This allows you to re-use a single Cipher (for a given key) and simply override the tweak for each unique data input, which is a practical use-case of FPE for things like credit card numbers.