The highest tagged major version is v4.

openssl

package module

v2.0.0+incompatible Latest Latest Go to latest Published: Sep 11, 2018 License: Apache-2.0 Imports: 11 Imported by: 22

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/Luzifer/go-openssl

Links

Open Source Insights

README ¶

Luzifer / go-openssl

go-openssl is a small library wrapping the crypto/aes functions in a way the output is compatible to OpenSSL / CryptoJS. For all encryption / decryption processes AES256 is used so this library will not be able to decrypt messages generated with other than openssl aes-256-cbc. If you're using CryptoJS to process the data you also need to use AES256 on that side.

OpenSSL 1.1.0c compatibility

Starting with v2.0.0 go-openssl generates the encryption keys using sha256sum algorithm. This is the default introduced in OpenSSL 1.1.0c. When encrypting data you can choose which digest method to use and therefore also continue to use md5sum. When decrypting OpenSSL encrypted data md5sum, sha1sum and sha256sum are supported.

Installation

go get github.com/Luzifer/go-openssl

Usage example

The usage is quite simple as you don't need any special knowledge about OpenSSL and/or AES256:

Encrypt

import (
  "fmt"
  "github.com/Luzifer/go-openssl"
)

func main() {
  plaintext := "Hello World!"
  passphrase := "z4yH36a6zerhfE5427ZV"

  o := openssl.New()

  enc, err := o.EncryptString(passphrase, plaintext)
  if err != nil {
    fmt.Printf("An error occurred: %s\n", err)
  }

  fmt.Printf("Encrypted text: %s\n", string(enc))
}

Decrypt

import (
  "fmt"
  "github.com/Luzifer/go-openssl"
)

func main() {
  opensslEncrypted := "U2FsdGVkX19ZM5qQJGe/d5A/4pccgH+arBGTp+QnWPU="
  passphrase := "z4yH36a6zerhfE5427ZV"

  o := openssl.New()

  dec, err := o.DecryptString(passphrase, opensslEncrypted)
  if err != nil {
    fmt.Printf("An error occurred: %s\n", err)
  }

  fmt.Printf("Decrypted text: %s\n", string(dec))
}

Testing

To execute the tests for this library you need to be on a system having /bin/bash and openssl available as the compatibility of the output is tested directly against the openssl binary. The library itself should be usable on all operating systems supported by Go and crypto/aes.

Documentation ¶

Examples ¶

OpenSSL.DecryptString
OpenSSL.EncryptString

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrInvalidSalt = errors.New("Salt needs to have exactly 8 byte")

Functions ¶

func DigestMD5Sum ¶

func DigestMD5Sum(data []byte) []byte

DigestMD5Sum uses the (deprecated) pre-OpenSSL 1.1.0c MD5 digest to create the key

func DigestSHA1Sum ¶

func DigestSHA1Sum(data []byte) []byte

DigestSHA1Sum uses SHA1 digest to create the key

func DigestSHA256Sum ¶

func DigestSHA256Sum(data []byte) []byte

DigestSHA256Sum uses SHA256 digest to create the key which is the default behaviour since OpenSSL 1.1.0c

Types ¶

type DigestFunc ¶

type DigestFunc func([]byte) []byte

DigestFunc are functions to create a key from the passphrase

type OpenSSL ¶

type OpenSSL struct {
	// contains filtered or unexported fields
}

OpenSSL is a helper to generate OpenSSL compatible encryption with autmatic IV derivation and storage. As long as the key is known all data can also get decrypted using OpenSSL CLI. Code from http://dequeue.blogspot.de/2014/11/decrypting-something-encrypted-with.html

func New ¶

func New() *OpenSSL

New instanciates and initializes a new OpenSSL encrypter

func (OpenSSL) DecryptBytes ¶

func (o OpenSSL) DecryptBytes(passphrase string, encryptedBase64Data []byte) ([]byte, error)

DecryptBytes takes a slice of bytes with base64 encoded, encrypted data to decrypt

func (OpenSSL) DecryptString ¶

func (o OpenSSL) DecryptString(passphrase, encryptedBase64String string) ([]byte, error)

DecryptString decrypts a string that was encrypted using OpenSSL and AES-256-CBC

Example ¶

opensslEncrypted := "U2FsdGVkX19ZM5qQJGe/d5A/4pccgH+arBGTp+QnWPU="
passphrase := "z4yH36a6zerhfE5427ZV"

o := New()

dec, err := o.DecryptString(passphrase, opensslEncrypted)
if err != nil {
	fmt.Printf("An error occurred: %s\n", err)
}

fmt.Printf("Decrypted text: %s\n", string(dec))

Output:

Decrypted text: hallowelt

func (OpenSSL) EncryptBytes ¶

func (o OpenSSL) EncryptBytes(passphrase string, plainData []byte) ([]byte, error)

EncryptString encrypts a slice of bytes in a manner compatible to OpenSSL encryption functions using AES-256-CBC as encryption algorithm. This function generates a random salt on every execution.

func (OpenSSL) EncryptBytesWithSalt deprecated

func (o OpenSSL) EncryptBytesWithSalt(passphrase string, salt, plainData []byte) ([]byte, error)

EncryptBytesWithSalt encrypts a slice of bytes in a manner compatible to OpenSSL encryption functions using AES-256-CBC as encryption algorithm. The salt needs to be passed in here which ensures the same result on every execution on cost of a much weaker encryption as with EncryptString.

The salt passed into this function needs to have exactly 8 byte.

If you don't have a good reason to use this, please don't! For more information see this: https://en.wikipedia.org/wiki/Salt_(cryptography)#Common_mistakes

Deprecated: Use EncryptBytesWithSaltAndDigestFunc instead.

func (OpenSSL) EncryptBytesWithSaltAndDigestFunc ¶

func (o OpenSSL) EncryptBytesWithSaltAndDigestFunc(passphrase string, salt, plainData []byte, hashFunc DigestFunc) ([]byte, error)

EncryptBytesWithSaltAndDigestFunc encrypts a slice of bytes in a manner compatible to OpenSSL encryption functions using AES-256-CBC as encryption algorithm. The salt needs to be passed in here which ensures the same result on every execution on cost of a much weaker encryption as with EncryptString.

The salt passed into this function needs to have exactly 8 byte.

The hash function corresponds to the `-md` parameter of OpenSSL. For OpenSSL pre-1.1.0c DigestMD5Sum was the default, since then it is DigestSHA256Sum.

If you don't have a good reason to use this, please don't! For more information see this: https://en.wikipedia.org/wiki/Salt_(cryptography)#Common_mistakes

func (OpenSSL) EncryptString ¶

func (o OpenSSL) EncryptString(passphrase, plaintextString string) ([]byte, error)

EncryptString encrypts a string in a manner compatible to OpenSSL encryption functions using AES-256-CBC as encryption algorithm. This function generates a random salt on every execution.

Example ¶

plaintext := "Hello World!"
passphrase := "z4yH36a6zerhfE5427ZV"

o := New()

enc, err := o.EncryptString(passphrase, plaintext)
if err != nil {
	fmt.Printf("An error occurred: %s\n", err)
}

fmt.Printf("Encrypted text: %s\n", string(enc))

Output:

func (OpenSSL) EncryptStringWithSalt deprecated

func (o OpenSSL) EncryptStringWithSalt(passphrase string, salt []byte, plaintextString string) ([]byte, error)

EncryptStringWithSalt encrypts a string in a manner compatible to OpenSSL encryption functions using AES-256-CBC as encryption algorithm. The salt needs to be passed in here which ensures the same result on every execution on cost of a much weaker encryption as with EncryptString.

The salt passed into this function needs to have exactly 8 byte.

If you don't have a good reason to use this, please don't! For more information see this: https://en.wikipedia.org/wiki/Salt_(cryptography)#Common_mistakes

Deprecated: Use EncryptBytesWithSaltAndDigestFunc instead.

func (OpenSSL) GenerateSalt ¶

func (o OpenSSL) GenerateSalt() ([]byte, error)

GenerateSalt generates a random 8 byte salt

Source Files ¶

View all Source files

openssl.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL