Golang simple encrypt example?
3,233 views
Skip to first unread message
Nguyên Nguyễn Văn Cao
Aug 13, 2012, 7:07:23 AM8/13/12
to golan...@googlegroups.com
I was successful with the example about AES. As I can see if the lenght of message which you want to encrypt > BlockSize (16 for AES pkg) I must split the message, is it right?
For a secure web cookies, what pkg should I use?
Patrick Mylund Nielsen
Aug 13, 2012, 7:13:40 AM8/13/12
to Nguyên Nguyễn Văn Cao, golan...@googlegroups.com
I would recommend http://go.pkgdoc.org/code.google.com/p/gorilla/sessions
You would need to encrypt several blocks, and ensure that the last one is padded, but there is so much that could go wrong. I recommend reading http://chargen.matasano.com/chargen/2009/7/22/if-youre-typing-the-letters-a-e-s-into-your-code-youre-doing.html. Not to imply that you should never use crypto primitives yourself; just that there is almost always a better, much more well-tested way of doing what you want, and that just about any area of crypto is hellishly hard to get right. No matter how good something looks on paper, a small implementation error in one part might break the entire system, and when you implement your own, you usually have nobody but yourself to verify that that isn't the case.
Rodrigo Moraes
Aug 13, 2012, 8:13:48 AM8/13/12
to golang-nuts
On Aug 13, 8:07 am, Nguyên Nguyễn Văn Cao wrote:
> I was successful with the example about AES<http://raycompstuff.blogspot.com/2009/12/golang-cryptoaes.html>.
See the functions encrypt/decrypt here, which also does a trick to
include a random initialization vector to the resulting encrypted
message:
http://goo.gl/5zfWH
> For a secure web cookies, what pkg should I use?
I'm biased, but I think you should check gorilla/securecookie (which
only performs serialization/(optional)encryption/hashing/encoding for
a secure cookie value), or gorilla/sessions, which uses gorilla/
securecookie to set convenient sessions.
http://gorilla-web.appspot.com/pkg/securecookie
http://gorilla-web.appspot.com/pkg/sessions
-- rodrigo
> I was successful with the example about AES<http://raycompstuff.blogspot.com/2009/12/golang-cryptoaes.html>.
> As I can see if the lenght of message which you want to encrypt > BlockSize
> (16 for AES pkg) I must split the message, is it right?
No. Block size defines the length of the key used for encryption.
> (16 for AES pkg) I must split the message, is it right?
See the functions encrypt/decrypt here, which also does a trick to
include a random initialization vector to the resulting encrypted
message:
http://goo.gl/5zfWH
> For a secure web cookies, what pkg should I use?
only performs serialization/(optional)encryption/hashing/encoding for
a secure cookie value), or gorilla/sessions, which uses gorilla/
securecookie to set convenient sessions.
http://gorilla-web.appspot.com/pkg/securecookie
http://gorilla-web.appspot.com/pkg/sessions
-- rodrigo
Patrick Mylund Nielsen
Aug 13, 2012, 8:25:48 AM8/13/12
to Rodrigo Moraes, golang-nuts
> No. Block size defines the length of the key used for encryption.
AES' block size is 128 bits (16 bytes), but its key may be 128, 192 or 256 bits.
Patrick Mylund Nielsen
Aug 13, 2012, 8:29:55 AM8/13/12
to Rodrigo Moraes, golang-nuts
Sorry I'm thinking of the standard. Didn't look at your link.
Patrick Mylund Nielsen
Aug 13, 2012, 8:32:20 AM8/13/12
to Rodrigo Moraes, golang-nuts
Ah, nevermind my apology. You ARE using crypto/aes :) The block size is always 16 bytes with AES, but not necessarily with Rijndael.
Rodrigo Moraes
Aug 13, 2012, 8:35:52 AM8/13/12
to golang-nuts
On Aug 13, 9:25 am, Patrick Mylund Nielsen wrote:
> AES' block size is 128 bits (16 bytes), but its key may be 128, 192 or 256
> bits.
Aw, indeed. That example from <http://raycompstuff.blogspot.com/
> AES' block size is 128 bits (16 bytes), but its key may be 128, 192 or 256
> bits.
2009/12/golang-cryptoaes.html> would be cleaner using a stream.
-- rodrigo
Damian Gryski
Aug 13, 2012, 8:49:57 AM8/13/12
to golan...@googlegroups.com
If you're just trying to encrypt cookies, I second the recommendation for Gorilla's securecookie package: http://gorilla-web.appspot.com/pkg/securecookie
However, if you're just trying to encrypt some data general use (not tied to cookies), you could use my Keyczar package ( https://github.com/dgryski/dkeyczar ) that handles all of the tricky details for you.
Damian
Reply all
Reply to author
Forward
0 new messages