example

command

v0.0.0-...-b7fcb3c Latest Latest Go to latest Published: Nov 14, 2016 License: BSD-3-Clause Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/OpenWhiteBox/AES

Links

Open Source Insights

README ¶

Example

For instructions on how to install Golang, start here.

White-box cryptography tries to find implementations of keyed block ciphers, such that the key is hard to extract. Algorithms for generating instances of a white-box construction have a public output and a private output. The public output is this special implementation of the block cipher, and the private output is key and possibly some auxiliary information to help decode the instance's output. To generate an instance, run:

$ # (Replace 000...000 with any hex-encoded 128-bit key.)
$ go run generate_key.go -key 0123456789abcdeffedcba9876543210
$

This script generates a white-box instance and writes the public output to constr.txt and the private output to constr.key. This particular construction necessarily puts random affine transformations on the input and output of the block cipher in constr.txt. These transformations are saved in constr.key.

To encrypt a block of data with the cipher, run:

$ # (Again, any 128-bit hex-encoded string.)
$ go run encrypt.go -block 000000000000000000000000deadbeef
dfc967b77a809c926075441565cbc3e3
$

and to decrypt it,

$ go run decrypt.go -block dfc967b77a809c926075441565cbc3e3
000000000000000000000000deadbeef
$

The script encrypt.go only accesses constr.txt and applies the white-box instance to its input. However, decrypt.go only accesses constr.key, and undoes the affine transformations from encrypt.go in addition to standard AES decryption of the input block.

Note that both scripts are deterministic, whereas generate_key.go is not, and that different white-box instances may give different encryptions of the same data even though they're built with the same key.

$ go run generate_key.go -key 0123456789abcdeffedcba9876543210
$ go run encrypt.go -block 000000000000000000000000deadbeef
33cb7aeb14db2329ffebfd003d3fd076
$ go run decrypt.go -block 33cb7aeb14db2329ffebfd003d3fd076
000000000000000000000000deadbeef

$ go run generate_key.go -key 0123456789abcdeffedcba9876543210
$ go run encrypt.go -block 000000000000000000000000deadbeef
5d088966051465354ac0de72c33849f6
$ go run decrypt.go -block 5d088966051465354ac0de72c33849f6
000000000000000000000000deadbeef
$

Documentation ¶

Overview ¶

Command decrypt reads a block from the command line, loads the white-box private key from disk, and decrypts the block. The decrypted block is output.

Command encrypt reads a block from the command line, loads the serialized white-box from disk, and encrypts the block with it. The encrypted block is output.

Command generate_key reads a key from the command line and generates a random white-box construction for this key. The public white-box is written to constr.txt, and the private masks are written to constr.key.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL