Build Web Application with Golang
  • Introduction
  • Go Environment Configuration
    • Installation
    • $GOPATH and workspace
    • Go commands
    • Go development tools
    • Summary
  • Go basic knowledge
    • Hello, Go
    • Go foundation
    • Control statements and functions
    • struct
    • Object-oriented
    • interface
    • Concurrency
    • Summary
  • Web foundation
    • Web working principles
    • Build a simple web server
    • How Go works with web
    • Get into http package
    • Summary
  • HTTP Form
    • Process form inputs
    • Validation of inputs
    • Cross site scripting
    • Duplicate submissions
    • File upload
    • Summary
  • Database
    • database/sql interface
    • How to use MySQL
    • How to use SQLite
    • How to use PostgreSQL
    • How to use beedb ORM
    • NOSQL
    • Summary
  • Data storage and session
    • Session and cookies
    • How to use session in Go
    • Session storage
    • Prevent hijack of session
    • Summary
  • Text files
    • XML
    • JSON
    • Regexp
    • Templates
    • Files
    • Strings
    • Summary
  • Web services
    • Sockets
    • WebSocket
    • REST
    • RPC
    • Summary
  • Security and encryption
    • CSRF attacks
    • Filter inputs
    • XSS attacks
    • SQL injection
    • Password storage
    • Encrypt and decrypt data
    • Summary
  • Internationalization and localization
    • Setting the default region
    • Localized resources
    • International sites
    • Summary
  • Error handling, debugging and testing
    • Error handling
    • Debugging by using GDB
    • Write test cases
    • Summary
  • Deployment and maintenance
    • Logs
    • Errors and crashes
    • Deployment
    • Backup and recovery
    • Summary
  • Build a web framework
    • Project planning
    • Customized routers
    • Design controllers
    • Logs and configurations
    • Add, delete and update blogs
    • Summary
  • Develop web framework
    • Static files
    • Session
    • Form
    • User validation
    • Multi-language support
    • pprof
    • Summary
  • References
  • preface
Powered by GitBook
On this page
  • Advanced encryption and decryption
  • Summary
  • Links

Was this helpful?

  1. Security and encryption

Encrypt and decrypt data

PreviousPassword storageNextSummary

Last updated 5 years ago

Was this helpful?

The previous section describes how to securely store passwords, but sometimes it might be neccessary to modify some sensitive encrypted data that has already been stored into our database. When data decryption is required, we should use a symmetric encryption algorithm instead of the one-way hashing techniques we've previously covered.

Advanced encryption and decryption

The Go language supports symmetric encryption algorithms in its crypto package. Do not use anything except AES in if you don't know what you're doing!

  • crypto/aes package: AES (Advanced Encryption Standard), also known as Rijndael encryption method, is used by the U.S. federal government as a block encryption standard.

In the following example we demonstrate how to encrypt data using AES in GCM mode:

package main

import (
    "crypto/aes"
    "crypto/cipher"
    "crypto/rand"
    "errors"
    "fmt"
    "io"
    "log"
)

func main() {
    text := []byte("My name is Astaxie")
    key := []byte("the-key-has-to-be-32-bytes-long!")

    ciphertext, err := encrypt(text, key)
    if err != nil {
        // TODO: Properly handle error
        log.Fatal(err)
    }
    fmt.Printf("%s => %x\n", text, ciphertext)

    plaintext, err := decrypt(ciphertext, key)
    if err != nil {
        // TODO: Properly handle error
        log.Fatal(err)
    }
    fmt.Printf("%x => %s\n", ciphertext, plaintext)
}

func encrypt(plaintext []byte, key []byte) ([]byte, error) {
    c, err := aes.NewCipher(key)
    if err != nil {
        return nil, err
    }

    gcm, err := cipher.NewGCM(c)
    if err != nil {
        return nil, err
    }

    nonce := make([]byte, gcm.NonceSize())
    if _, err = io.ReadFull(rand.Reader, nonce); err != nil {
        return nil, err
    }

    return gcm.Seal(nonce, nonce, plaintext, nil), nil
}

func decrypt(ciphertext []byte, key []byte) ([]byte, error) {
    c, err := aes.NewCipher(key)
    if err != nil {
        return nil, err
    }

    gcm, err := cipher.NewGCM(c)
    if err != nil {
        return nil, err
    }

    nonceSize := gcm.NonceSize()
    if len(ciphertext) < nonceSize {
        return nil, errors.New("ciphertext too short")
    }

    nonce, ciphertext := ciphertext[:nonceSize], ciphertext[nonceSize:]
    return gcm.Open(nil, nonce, ciphertext, nil)
}

Calling the above function aes.NewCipher (whose []byte key parameter must be 16, 24 or 32, corresponding to the AES-128, AES-192 or AES-256 algorithms, respectively), returns a cipher.Block Interface that implements three functions:

type Block interface {
    // BlockSize returns the cipher's block size.
    BlockSize() int

    // Encrypt encrypts the first block in src into dst.
    // Dst and src may point at the same memory.
    Encrypt(dst, src []byte)

    // Decrypt decrypts the first block in src into dst.
    // Dst and src may point at the same memory.
    Decrypt(dst, src []byte)
}

These three functions implement encryption and decryption operations; see the Go documentation for a more detailed explanation.

Summary

This section describes encryption algorithms which can be used in different ways according to your web application's encryption and decryption needs. For applications with even basic security requirements it is recommended to use AES in GCM mode.

Links

Previous:

Next:

GCM mode
Directory
store passwords
Summary