crypto-go
Introduction
This module provides a simple and straightforward API for encryption and decryption operations. Developers can integrate SATUSEHAT Cryptographic functions into their Go projects by importing the module and utilizing the Encrypt and Decrypt functions. The Encrypt function takes the sender's private key, the receiver's public key, and plaintext data as input and returns the encrypted data. Similarly, the Decrypt function requires the receiver's private key, sender's public key, and encrypted data as input and returns the decrypted data.
It aims to simplify the process of incorporating ECC encryption and decryption capabilities into applications.
Workflow
The standard based on ECIES (Elliptic Curve Integrated Encryption Scheme) which is a hybrid encryption scheme that combines symmetric encryption, asymmetric encryption, and cryptographic hashing to provide secure communication using Elliptic Curve Cryptography (ECC). The generation of an ECIES message involves several steps:
- Key Generation:
- The sender generates a random ephemeral private key, denoted as $kEph$.
- The sender derives the corresponding ephemeral public key, denoted as $KEph$, and where $KEph$ is the base point on the P-256 elliptic curve.
- The sender also obtains the recipient's public key, denoted as $KRcp$, through a pre-established key exchange mechanism.
- The sender computes a shared secret, denoted as $Z$, by performing $ECDH$ function (scalar multiplication) of the recipient's public key $KRcp$ with the sender's ephemeral private key $kEph$. $$Z=ECDH(KRcp,kEph)$$
- The sender derives a symmetric encryption key, denoted as $kSym$, for the symmetric encryption algorithm (e.g., AES-GCM) using HKDF (HMAC Based Key Derivation Function). $$kSym = HKDF(Z,KEph)$$
- Encryption:
- The sender generate nonce, denoted as $N$
- The sender encrypts the plaintext message, denoted as $M$, using the symmetric encryption algorithm (AES-GCM) with the key $kSym$ and nonce $N$, resulting in the ciphertext, denoted as $C$. $$C=AES_{kSym}(N,M)$$
- Signature Creation:
- The sender calculate hash value from ciphertext $C$, denoted as $h$. $$h=H(C)$$
- The sender generate signature using sender's private key $kSnd$. $$Sig=S(h,kSnd)$$
- Composition: The final ECIES message, denoted as $P$, consists of the following components (ordered):
$$P=(KEph || N || Sig || C)$$
- The sender's ephemeral public key $KEph$.
- The Nonce used for symmetric encryption $N$
- The ciphertext signature $Sig$
- The ciphertext $C$
Installation
To use this module in your Go project, you need to have Go installed. Once you have Go set up, you can install this module using the following command:
go get github.com/satusehat-dto/crypto-go
Usage
Import the module in your Go code:
import (
ssCrypto "github.com/satusehat-dto/crypto-go"
)
Encrypt
To encrypt data, use the Encrypt function:
message := "Hello World!"
encrypted, err := ssCrypto.Encrypt([]byte(message), senderPrivateKey, receiverPublicKey)
if err != nil {
// handle error
}
Decrypt
To decrypt the encrypted data, use the Decrypt function:
plaintext, err := ssCrypto.Decrypt(encrypted, receiverPrivateKey, senderPublicKey)
if err != nil {
// handle error
}
Generate Key Pairs
To generate ECC Key Pairs using openssl:
openssl ecparam -name prime256v1 -genkey -noout -out private-key.pem
openssl ec -in private-key.pem -pubout -out public-key.pem