Categorygithub.com/Luzifer/go-openssl/v4
modulepackage
4.2.4
Repository: https://github.com/luzifer/go-openssl.git
Documentation: pkg.go.dev
Overview
Versions
3
Dependencies
15
Dependents
11
Files
486 SLOC

# README

Go Report Card

Luzifer / go-openssl

go-openssl is a small library wrapping the crypto/aes functions in a way the output is compatible to OpenSSL / CryptoJS. For all encryption / decryption processes AES256 is used so this library will not be able to decrypt messages generated with other than openssl aes-256-cbc. If you're using CryptoJS to process the data you also need to use AES256 on that side.

Version support

For this library only the latest major version is supported. All prior major versions should no longer be used.

The versioning is following SemVer which means upgrading to a newer major version will break your code!

OpenSSL compatibility

1.1.0c

Starting with v2.0.0 go-openssl generates the encryption keys using sha256sum algorithm. This is the default introduced in OpenSSL 1.1.0c. When encrypting data you can choose which digest method to use and therefore also continue to use md5sum. When decrypting OpenSSL encrypted data md5sum, sha1sum and sha256sum are supported.

1.1.1

Starting with v4.0.0 go-openssl is capable of using the PBKDF2 key derivation method for encryption. You can choose to use it by passing the corresponding CredsGenerator.

Installation

# Get the latest version
go get github.com/Luzifer/go-openssl/v4

Usage example

The usage is quite simple as you don't need any special knowledge about OpenSSL and/or AES256:

Encrypt

import (
  "fmt"
  openssl "github.com/Luzifer/go-openssl/v4"
)

func main() {
  plaintext := "Hello World!"
  passphrase := "z4yH36a6zerhfE5427ZV"

  o := openssl.New()

  enc, err := o.EncryptBytes(passphrase, []byte(plaintext), PBKDF2SHA256)
  if err != nil {
    fmt.Printf("An error occurred: %s\n", err)
  }

  fmt.Printf("Encrypted text: %s\n", string(enc))
}

Decrypt

import (
  "fmt"
  openssl "github.com/Luzifer/go-openssl/v4"
)

func main() {
  opensslEncrypted := "U2FsdGVkX19ZM5qQJGe/d5A/4pccgH+arBGTp+QnWPU="
  passphrase := "z4yH36a6zerhfE5427ZV"

  o := openssl.New()

  dec, err := o.DecryptBytes(passphrase, []byte(opensslEncrypted), BytesToKeyMD5)
  if err != nil {
    fmt.Printf("An error occurred: %s\n", err)
  }

  fmt.Printf("Decrypted text: %s\n", string(dec))
}

Testing

To execute the tests for this library you need to be on a system having /bin/bash and openssl available as the compatibility of the output is tested directly against the openssl binary. The library itself should be usable on all operating systems supported by Go and crypto/aes.

# Functions

New instanciates and initializes a new OpenSSL encrypter.
NewBytesToKeyGenerator implements the openSSLEvpBytesToKey key derivation functions described in the OpenSSL code as follows: openSSLEvpBytesToKey follows the OpenSSL (undocumented?) convention for extracting the key and IV from passphrase.
NewPBKDF2Generator implements a credential generator compatible with the OpenSSL `-pbkdf2` parameter.
NewReader creates a new OpenSSL stream reader with underlying reader, passphrase and CredsGenerator.
NewWriter create new openssl stream writer with underlying writer, passphrase and CredsGenerator.

# Constants

DefaultPBKDF2Iterations specifies the number of iterations to use in PBKDF2 key generation.

# Variables

BytesToKeyMD5 utilizes MD5 key-derivation (`-md md5`).
BytesToKeySHA1 utilizes SHA1 key-derivation (`-md sha1`).
BytesToKeySHA256 utilizes SHA256 key-derivation (`-md sha256`).
BytesToKeySHA384 utilizes SHA384 key-derivation (`-md sha384`).
BytesToKeySHA512 utilizes SHA512 key-derivation (`-md sha512`).
ErrInvalidSalt is returned when a salt with a length of != 8 byte is passed.
PBKDF2MD5 utilizes PBKDF2 key derivation with MD5 hashing (`-pbkdf2 -md md5`).
PBKDF2SHA1 utilizes PBKDF2 key derivation with SHA1 hashing (`-pbkdf2 -md sha1`).
PBKDF2SHA256 utilizes PBKDF2 key derivation with SHA256 hashing (`-pbkdf2 -md sha256`).
PBKDF2SHA384 utilizes PBKDF2 key derivation with SHA384 hashing (`-pbkdf2 -md sha384`).
PBKDF2SHA512 utilizes PBKDF2 key derivation with SHA512 hashing (`-pbkdf2 -md sha512`).

# Structs

Creds holds a key and an IV for encryption methods.
DecryptReader represents an io.Reader for OpenSSL encrypted data.
EncryptWriter represents an io.WriteCloser info OpenSSL encrypted data.
OpenSSL is a helper to generate OpenSSL compatible encryption with autmatic IV derivation and storage.

# Type aliases

CredsGenerator are functions to derive a key and iv from a password and a salt.