How does go use symmetric encryption?

Hello everyone , I am a frank.

01

Introduce

In project development , We often encounter scenarios that require symmetric key encryption , For example, when the client calls the interface , The parameter contains the mobile number 、 ID number or bank card number, etc .

Symmetric key encryption is an encryption method , There is only one key for encrypting and decrypting data . Entities communicating through symmetric encryption must share this key , So that it can be used during decryption . This encryption method is different from asymmetric encryption , Asymmetric encryption uses a pair of keys （ A public key and a private key ） To encrypt and decrypt data .

02

AES Algorithm

Common symmetric key encryption algorithms are AES (Advanced Encryption Standard),DES (Data Encryption Standard) etc. , They all belong to block cipher .

Because based on the processing power of the current computer , Can be quickly cracked DES Algorithm , therefore DES It is rarely used nowadays .

AES Is the most commonly used symmetric key encryption algorithm , Originally known as Rijndael.AES The size of each password packet is 128 bits, But it has three key lengths , Namely AES-128、AES-192 and AES-256. It should be noted that , stay Golang The interface provided by the standard library , Support only AES-128（16 byte）, actually AES-128 The encryption strength of is secure enough .

In this paper, we mainly introduce Golang How to use AES Symmetric key encryption algorithm .

03

practice

AES The grouping mode of the algorithm includes ECB、CBC、CFB、OFB and CTR, among ECB and CBC Use more , although ECB Than CBC Simple , Efficient , But its ciphertext is regular , Easy to crack , therefore , It is recommended that you use CBC, In this article, we mainly introduce the most used CBC Group mode .

It should be noted that ,ECB and CBC The last grouping in the grouping mode , Need to fill up 16 byte, About fill mode , Limited to space , This article does not introduce , But it will provide code for populating data and de populating data .

Golang Realization AES Symmetric encryption algorithm is mainly divided into the following steps ：

Encryption steps ：

1. Create a new encrypted block .
2. Get the size of the encrypted block .
3. Fill in the data .
4. Initialization vector .
5. Specifies the grouping mode of the encrypted block .
6. Encrypts multiple blocks .

Sample code ：

func AESCbcEncrypt(secretKey, src string) string {
 key := []byte(secretKey)
 if len(key) > 16 {
  key = key[:16]
 }
 plaintext := []byte(src)
 block, err := aes.NewCipher(key)
 if err != nil {
  panic(err)
 }
 blockSize := block.BlockSize()
 plaintext = Padding(plaintext, blockSize)
 if len(plaintext)%aes.BlockSize != 0 {
  panic("plaintext is not a multiple of the block size")
 }
 ciphertext := make([]byte, aes.BlockSize+len(plaintext))
 iv := ciphertext[:aes.BlockSize]
 if _, err := io.ReadFull(rand.Reader, iv); err != nil {
  panic(err)
 }
 mode := cipher.NewCBCEncrypter(block, iv)
 mode.CryptBlocks(ciphertext[aes.BlockSize:], plaintext)
 return base64.StdEncoding.EncodeToString(ciphertext)
}

Decryption steps ：

1. Create a new encrypted block .
2. Initialization vector .
3. Specifies the grouping mode of the decrypted block .
4. Decrypt multiple blocks .
5. Unpin data .

Sample code ：

func AESCbcDecrypt(secretKey, src string) string {
 key := []byte(secretKey)
 ciphertext, _ := base64.StdEncoding.DecodeString(src)
 block, err := aes.NewCipher(key)
 if err != nil {
  panic(err)
 }
 if len(ciphertext) < aes.BlockSize {
  panic("ciphertext too short")
 }
 iv := ciphertext[:aes.BlockSize]
 ciphertext = ciphertext[aes.BlockSize:]
 if len(ciphertext)%aes.BlockSize != 0 {
  panic("ciphertext is not a multiple of the block size")
 }
 mode := cipher.NewCBCDecrypter(block, iv)
 mode.CryptBlocks(ciphertext, ciphertext)
 ciphertext = UnPadding(ciphertext)
 return string(ciphertext)
}

Fill in the sample code ：

func Padding(plainText []byte, blockSize int) []byte {
 padding := blockSize - len(plainText)%blockSize
 char := []byte{byte(padding)}
 newPlain := bytes.Repeat(char, padding)
 return append(plainText, newPlain...)
}

Unfill sample code ：

func UnPadding(plainText []byte) []byte {
 length := len(plainText)
 lastChar := plainText[length-1]
 padding := int(lastChar)
 return plainText[:length-padding]
}

It should be noted that , Initialization vector （IV） Is random , Careful readers may have found , Use random IV , The same document , The ciphertext obtained by each encryption is also different . however , Used for encryption and decryption IV It has to be the same .

04

summary

In this paper, we introduce the concept of symmetric key encryption , And briefly introduced AES Algorithm , Finally, we also provided Golang How do you use it? AES Algorithm CBC Group mode to achieve symmetric key encryption example code , Interested readers and friends , You can write your own code for other grouping modes .

This article focuses on how to use Go Language to achieve symmetric key encryption , The code takes up a lot of space , About AES The grouping mode and filling mode of the algorithm are introduced in detail , Interested readers can read the link address given in the reference .

Reference material ：

1. https://en.wikipedia.org/wiki/Symmetric-key_algorithm
2. https://pkg.go.dev/crypto/[email protected]#NewCipher
3. https://pkg.go.dev/crypto/cipher#NewCBCEncrypter
4. https://pkg.go.dev/crypto/cipher#NewCBCDecrypter
5. https://datatracker.ietf.org/doc/html/rfc5246#section-6.2.3.2
6. https://en.wikipedia.org/wiki/Padding_(cryptography)
7. https://www.cryptomathic.com/news-events/blog/the-use-of-encryption-modes-with-symmetric-block-ciphers