openssl

package module
v3.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 29, 2019 License: Apache-2.0 Imports: 11 Imported by: 6

README

Go Report Card

Luzifer / go-openssl

go-openssl is a small library wrapping the crypto/aes functions in a way the output is compatible to OpenSSL / CryptoJS. For all encryption / decryption processes AES256 is used so this library will not be able to decrypt messages generated with other than openssl aes-256-cbc. If you're using CryptoJS to process the data you also need to use AES256 on that side.

Version support

For this library only the latest major version is supported. All prior major versions should no longer be used.

The versioning is following SemVer which means upgrading to a newer major version will break your code!

OpenSSL compatibility

1.1.0c

Starting with v2.0.0 go-openssl generates the encryption keys using sha256sum algorithm. This is the default introduced in OpenSSL 1.1.0c. When encrypting data you can choose which digest method to use and therefore also continue to use md5sum. When decrypting OpenSSL encrypted data md5sum, sha1sum and sha256sum are supported.

1.1.1

The PBKDF2 key derivation is not yet supported.

Installation

# Get the latest version
go get github.com/Luzifer/go-openssl

# OR get a specific version
go get gopkg.in/Luzifer/go-openssl.v3

Usage example

The usage is quite simple as you don't need any special knowledge about OpenSSL and/or AES256:

Encrypt
import (
  "fmt"
  openssl "gopkg.in/Luzifer/go-openssl.v3"
)

func main() {
  plaintext := "Hello World!"
  passphrase := "z4yH36a6zerhfE5427ZV"

  o := openssl.New()

  enc, err := o.EncryptBytes(passphrase, []byte(plaintext), DigestSHA256Sum)
  if err != nil {
    fmt.Printf("An error occurred: %s\n", err)
  }

  fmt.Printf("Encrypted text: %s\n", string(enc))
}
Decrypt
import (
  "fmt"
  openssl "gopkg.in/Luzifer/go-openssl.v3"
)

func main() {
  opensslEncrypted := "U2FsdGVkX19ZM5qQJGe/d5A/4pccgH+arBGTp+QnWPU="
  passphrase := "z4yH36a6zerhfE5427ZV"

  o := openssl.New()

  dec, err := o.DecryptBytes(passphrase, []byte(opensslEncrypted), DigestMD5Sum)
  if err != nil {
    fmt.Printf("An error occurred: %s\n", err)
  }

  fmt.Printf("Decrypted text: %s\n", string(dec))
}

Testing

To execute the tests for this library you need to be on a system having /bin/bash and openssl available as the compatibility of the output is tested directly against the openssl binary. The library itself should be usable on all operating systems supported by Go and crypto/aes.

Documentation

Index

Examples

Constants

This section is empty.

Variables

View Source 
var CurrentOpenSSLDigestFunc = DigestSHA256Sum

CurrentOpenSSLDigestFunc is an alias to the key derivation function used in OpenSSL

View Source 
var ErrInvalidSalt = errors.New("Salt needs to have exactly 8 byte")

ErrInvalidSalt is returned when a salt with a length of != 8 byte is passed

Functions

func DigestMD5Sum 

func DigestMD5Sum(data []byte) []byte

DigestMD5Sum uses the (deprecated) pre-OpenSSL 1.1.0c MD5 digest to create the key

func DigestSHA1Sum 

func DigestSHA1Sum(data []byte) []byte

DigestSHA1Sum uses SHA1 digest to create the key

func DigestSHA256Sum 

func DigestSHA256Sum(data []byte) []byte

DigestSHA256Sum uses SHA256 digest to create the key which is the default behaviour since OpenSSL 1.1.0c

Types

type DigestFunc 

type DigestFunc func([]byte) []byte

DigestFunc are functions to create a key from the passphrase

type OpenSSL 

type OpenSSL struct {
	// contains filtered or unexported fields
}

OpenSSL is a helper to generate OpenSSL compatible encryption with autmatic IV derivation and storage. As long as the key is known all data can also get decrypted using OpenSSL CLI. Code from http://dequeue.blogspot.de/2014/11/decrypting-something-encrypted-with.html

func New 

func New() *OpenSSL

New instanciates and initializes a new OpenSSL encrypter

func (OpenSSL) DecryptBinaryBytes added in v3.1.0 

func (o OpenSSL) DecryptBinaryBytes(passphrase string, encryptedData []byte, kdf DigestFunc) ([]byte, error)

DecryptBinaryBytes takes a slice of binary bytes, encrypted data to decrypt and a key-derivation function. The key-derivation function must match the function used to encrypt the data. (In OpenSSL the value of the `-md` parameter.)

You should not just try to loop the digest functions as this will cause a race condition and you will not be able to decrypt your data properly.

func (OpenSSL) DecryptBytes 

func (o OpenSSL) DecryptBytes(passphrase string, encryptedBase64Data []byte, kdf DigestFunc) ([]byte, error)

DecryptBytes takes a slice of bytes with base64 encoded, encrypted data to decrypt and a key-derivation function. The key-derivation function must match the function used to encrypt the data. (In OpenSSL the value of the `-md` parameter.)

You should not just try to loop the digest functions as this will cause a race condition and you will not be able to decrypt your data properly.

Example 
opensslEncrypted := "U2FsdGVkX19ZM5qQJGe/d5A/4pccgH+arBGTp+QnWPU="
passphrase := "z4yH36a6zerhfE5427ZV"

o := New()

dec, err := o.DecryptBytes(passphrase, []byte(opensslEncrypted), DigestMD5Sum)
if err != nil {
	fmt.Printf("An error occurred: %s\n", err)
}

fmt.Printf("Decrypted text: %s\n", string(dec))

Output:

Decrypted text: hallowelt

func (OpenSSL) EncryptBinaryBytes added in v3.1.0 

func (o OpenSSL) EncryptBinaryBytes(passphrase string, plainData []byte, kdf DigestFunc) ([]byte, error)

EncryptBinaryBytes encrypts a slice of bytes in a manner compatible to OpenSSL encryption functions using AES-256-CBC as encryption algorithm. This function generates a random salt on every execution.

func (OpenSSL) EncryptBinaryBytesWithSaltAndDigestFunc added in v3.1.0 

func (o OpenSSL) EncryptBinaryBytesWithSaltAndDigestFunc(passphrase string, salt, plainData []byte, hashFunc DigestFunc) ([]byte, error)

EncryptBinaryBytesWithSaltAndDigestFunc encrypts a slice of bytes in a manner compatible to OpenSSL encryption functions using AES-256-CBC as encryption algorithm. The salt needs to be passed in here which ensures the same result on every execution on cost of a much weaker encryption as with EncryptString.

The salt passed into this function needs to have exactly 8 byte.

The hash function corresponds to the `-md` parameter of OpenSSL. For OpenSSL pre-1.1.0c DigestMD5Sum was the default, since then it is DigestSHA256Sum.

If you don't have a good reason to use this, please don't! For more information see this: https://en.wikipedia.org/wiki/Salt_(cryptography)#Common_mistakes

func (OpenSSL) EncryptBytes 

func (o OpenSSL) EncryptBytes(passphrase string, plainData []byte, kdf DigestFunc) ([]byte, error)

EncryptBytes encrypts a slice of bytes that are base64 encoded in a manner compatible to OpenSSL encryption functions using AES-256-CBC as encryption algorithm. This function generates a random salt on every execution.

Example 
plaintext := "Hello World!"
passphrase := "z4yH36a6zerhfE5427ZV"

o := New()

enc, err := o.EncryptBytes(passphrase, []byte(plaintext), DigestSHA256Sum)
if err != nil {
	fmt.Printf("An error occurred: %s\n", err)
}

fmt.Printf("Encrypted text: %s\n", string(enc))

Output:

func (OpenSSL) EncryptBytesWithSaltAndDigestFunc 

func (o OpenSSL) EncryptBytesWithSaltAndDigestFunc(passphrase string, salt, plainData []byte, hashFunc DigestFunc) ([]byte, error)

EncryptBytesWithSaltAndDigestFunc encrypts a slice of bytes that are base64 encoded in a manner compatible to OpenSSL encryption functions using AES-256-CBC as encryption algorithm. The salt needs to be passed in here which ensures the same result on every execution on cost of a much weaker encryption as with EncryptString.

The salt passed into this function needs to have exactly 8 byte.

The hash function corresponds to the `-md` parameter of OpenSSL. For OpenSSL pre-1.1.0c DigestMD5Sum was the default, since then it is DigestSHA256Sum.

If you don't have a good reason to use this, please don't! For more information see this: https://en.wikipedia.org/wiki/Salt_(cryptography)#Common_mistakes

func (OpenSSL) GenerateSalt 

func (o OpenSSL) GenerateSalt() ([]byte, error)

GenerateSalt generates a random 8 byte salt

func (OpenSSL) MustGenerateSalt 

func (o OpenSSL) MustGenerateSalt() []byte

MustGenerateSalt is a wrapper around GenerateSalt which will panic on an error. This allows you to use this function as a parameter to EncryptBytesWithSaltAndDigestFunc

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.