diff options
| author | Kevin Kirsche <kev.kirsche@gmail.com> | 2016-01-22 11:04:07 -0500 |
|---|---|---|
| committer | Brad Fitzpatrick <bradfitz@golang.org> | 2016-01-26 15:58:42 +0000 |
| commit | 980364b7a2425657a5c66dcad4e52f6cd3723a77 (patch) | |
| tree | 931a4342cbdc50acbd92f3a9685820f7ea04a11c /src | |
| parent | 830143fa3dd344a72d5c00643983ab62abb88a72 (diff) | |
| download | go-980364b7a2425657a5c66dcad4e52f6cd3723a77.tar.xz | |
crypto/cipher: Add AES-GCM encryption and decryption example
Add example of how to use the aes package to
implement AES encryption and decryption
within an application.
Per feedback, use more secure AES-GCM implementation as an
example in crypto/cipher instead of AES directly.
Change-Id: I84453ebb18e0bc79344a24171a031ec0d7ccec2e
Reviewed-on: https://go-review.googlesource.com/18803
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
Diffstat (limited to 'src')
| -rw-r--r-- | src/crypto/cipher/example_test.go | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/src/crypto/cipher/example_test.go b/src/crypto/cipher/example_test.go index 1cfa982df4..f6cc386506 100644 --- a/src/crypto/cipher/example_test.go +++ b/src/crypto/cipher/example_test.go @@ -14,6 +14,58 @@ import ( "os" ) +func ExampleNewGCMEncrypter() { + // The key argument should be the AES key, either 16 or 32 bytes + // to select AES-128 or AES-256. + key := []byte("AES256Key-32Characters1234567890") + plaintext := []byte("exampleplaintext") + + block, err := aes.NewCipher(key) + if err != nil { + panic(err.Error()) + } + + // Never use more than 2^32 random nonces with a given key because of the risk of a repeat. + nonce := make([]byte, 12) + if _, err := io.ReadFull(rand.Reader, nonce); err != nil { + panic(err.Error()) + } + + aesgcm, err := cipher.NewGCM(block) + if err != nil { + panic(err.Error()) + } + + ciphertext := aesgcm.Seal(nil, nonce, plaintext, nil) + fmt.Printf("%x\n", ciphertext) +} + +func ExampleNewGCMDecrypter() { + // The key argument should be the AES key, either 16 or 32 bytes + // to select AES-128 or AES-256. + key := []byte("AES256Key-32Characters1234567890") + ciphertext, _ := hex.DecodeString("f90fbef747e7212ad7410d0eee2d965de7e890471695cddd2a5bc0ef5da1d04ad8147b62141ad6e4914aee8c512f64fba9037603d41de0d50b718bd665f019cdcd") + + nonce, _ := hex.DecodeString("bb8ef84243d2ee95a41c6c57") + + block, err := aes.NewCipher(key) + if err != nil { + panic(err.Error()) + } + + aesgcm, err := cipher.NewGCM(block) + if err != nil { + panic(err.Error()) + } + + plaintext, err := aesgcm.Open(nil, nonce, ciphertext, nil) + if err != nil { + panic(err.Error()) + } + + fmt.Printf("%s\n", string(plaintext)) +} + func ExampleNewCBCDecrypter() { key := []byte("example key 1234") ciphertext, _ := hex.DecodeString("f363f3ccdcb12bb883abf484ba77d9cd7d32b5baecb3d4b1b3e0e4beffdb3ded") |