aes

Documentation

Overview

Package crypto/aes is a symmetric encryption library built from secure, industry-standard components.

Encryption is performed using 256-bit AES in CBC mode. Message padding is handled transparently using the PKCS #7 padding scheme. Message authentication is handled transparently using the HMAC-SHA-256 algorithm.

Encryption requires a 32-byte key.

Note that this package acts as a wrapper around Go's native cryptographic libraries. It does not reimplement the cryptographic primitives it uses.

The output of the Encrypt() function is structured as follows:

|-- IV --|-- Payload --|-- HMAC --|
    16         16n          32

IV: initialization vector
Payload: encrypted plaintext
HMAC: authentication code

Lengths are given in bytes. The length of the payload will be a multiple of the AES block size (16 bytes).

Note that the padding algorithm appends a null block to the plaintext when the length of the plaintext is a multiple of the block size. This padding is automatically removed during decryption.

Index

• Constants
• Variables
• func Decrypt(ciphertext, key []byte) ([]byte, error)
• func Encrypt(plaintext, key []byte) ([]byte, error)

Constants

const (
	KeySize  = 32 // Size in bytes of the encryption key.
	HMACSize = 32 // Size in bytes of the authentication code.
)

Variables

var (
	ErrInvalidPadding      = errors.New("invalid padding length")
	ErrInvalidKeySize      = errors.New("invalid key size")
	ErrInvalidIV           = errors.New("error generating initialization vector")
	ErrInvalidCipherLength = errors.New("invalid ciphertext length")
	ErrInvalidHMAC         = errors.New("authentication failed")
)

Functions

func Decrypt

func Decrypt(ciphertext, key []byte) ([]byte, error)

Decrypt decrypts ciphertext using a 32-byte key.

func Encrypt

func Encrypt(plaintext, key []byte) ([]byte, error)

Encrypt encrypts plaintext using a 32-byte key.