go-openssl: github.com/Luzifer/go-openssl Index | Examples | Files

package openssl

import "github.com/Luzifer/go-openssl"



Package Files



var CurrentOpenSSLDigestFunc = DigestSHA256Sum

CurrentOpenSSLDigestFunc is an alias to the key derivation function used in OpenSSL

var ErrInvalidSalt = errors.New("Salt needs to have exactly 8 byte")

ErrInvalidSalt is returned when a salt with a length of != 8 byte is passed

func DigestMD5Sum Uses

func DigestMD5Sum(data []byte) []byte

DigestMD5Sum uses the (deprecated) pre-OpenSSL 1.1.0c MD5 digest to create the key

func DigestSHA1Sum Uses

func DigestSHA1Sum(data []byte) []byte

DigestSHA1Sum uses SHA1 digest to create the key

func DigestSHA256Sum Uses

func DigestSHA256Sum(data []byte) []byte

DigestSHA256Sum uses SHA256 digest to create the key which is the default behaviour since OpenSSL 1.1.0c

type DigestFunc Uses

type DigestFunc func([]byte) []byte

DigestFunc are functions to create a key from the passphrase

type OpenSSL Uses

type OpenSSL struct {
    // contains filtered or unexported fields

OpenSSL is a helper to generate OpenSSL compatible encryption with autmatic IV derivation and storage. As long as the key is known all data can also get decrypted using OpenSSL CLI. Code from http://dequeue.blogspot.de/2014/11/decrypting-something-encrypted-with.html

func New Uses

func New() *OpenSSL

New instanciates and initializes a new OpenSSL encrypter

func (OpenSSL) DecryptBytes Uses

func (o OpenSSL) DecryptBytes(passphrase string, encryptedBase64Data []byte, kdf DigestFunc) ([]byte, error)

DecryptBytes takes a slice of bytes with base64 encoded, encrypted data to decrypt and a key-derivation function. The key-derivation function must match the function used to encrypt the data. (In OpenSSL the value of the `-md` parameter.)

You should not just try to loop the digest functions as this will cause a race condition and you will not be able to decrypt your data properly.


opensslEncrypted := "U2FsdGVkX19ZM5qQJGe/d5A/4pccgH+arBGTp+QnWPU="
passphrase := "z4yH36a6zerhfE5427ZV"

o := New()

dec, err := o.DecryptBytes(passphrase, []byte(opensslEncrypted), DigestMD5Sum)
if err != nil {
    fmt.Printf("An error occurred: %s\n", err)

fmt.Printf("Decrypted text: %s\n", string(dec))


Decrypted text: hallowelt

func (OpenSSL) EncryptBytes Uses

func (o OpenSSL) EncryptBytes(passphrase string, plainData []byte, kdf DigestFunc) ([]byte, error)

EncryptBytes encrypts a slice of bytes in a manner compatible to OpenSSL encryption functions using AES-256-CBC as encryption algorithm. This function generates a random salt on every execution.


plaintext := "Hello World!"
passphrase := "z4yH36a6zerhfE5427ZV"

o := New()

enc, err := o.EncryptBytes(passphrase, []byte(plaintext), DigestSHA256Sum)
if err != nil {
    fmt.Printf("An error occurred: %s\n", err)

fmt.Printf("Encrypted text: %s\n", string(enc))

func (OpenSSL) EncryptBytesWithSaltAndDigestFunc Uses

func (o OpenSSL) EncryptBytesWithSaltAndDigestFunc(passphrase string, salt, plainData []byte, hashFunc DigestFunc) ([]byte, error)

EncryptBytesWithSaltAndDigestFunc encrypts a slice of bytes in a manner compatible to OpenSSL encryption functions using AES-256-CBC as encryption algorithm. The salt needs to be passed in here which ensures the same result on every execution on cost of a much weaker encryption as with EncryptString.

The salt passed into this function needs to have exactly 8 byte.

The hash function corresponds to the `-md` parameter of OpenSSL. For OpenSSL pre-1.1.0c DigestMD5Sum was the default, since then it is DigestSHA256Sum.

If you don't have a good reason to use this, please don't! For more information see this: https://en.wikipedia.org/wiki/Salt_(cryptography)#Common_mistakes

func (OpenSSL) GenerateSalt Uses

func (o OpenSSL) GenerateSalt() ([]byte, error)

GenerateSalt generates a random 8 byte salt

func (OpenSSL) MustGenerateSalt Uses

func (o OpenSSL) MustGenerateSalt() []byte

MustGenerateSalt is a wrapper around GenerateSalt which will panic on an error. This allows you to use this function as a parameter to EncryptBytesWithSaltAndDigestFunc

Package openssl imports 11 packages (graph) and is imported by 5 packages. Updated 2019-02-05. Refresh now. Tools for package owners.