dongzhihong3940 2013-09-15 20:45
浏览 473
已采纳

Golang,使用AES和Base64加密字符串

I'm trying to encrypt some text inside a database to be loaded and decrypted during program startup.

I have tried a few methods, including a third party library https://github.com/richard-lyman/lithcrypt to no avail. Using the following method encrypts/decrypts 8/10 items, but it seems that some padding residue is left behind at some point in the encrypt/decrypt. As it stands my code is like this:

package client                                                                                                                                                                                              
import (                                                                                                                                                                                                    
    "encoding/base64"                                                                                                                                                                                       
    "crypto/aes"                                                                                                                                                                                            
    "crypto/cipher"                                                                                                                                                                                         
    "fmt"                                                                                                                                                                                                   
) 

var iv = []byte{34, 35, 35, 57, 68, 4, 35, 36, 7, 8, 35, 23, 35, 86, 35, 23}

func encodeBase64(b []byte) string {                                                                                                                                                                        
    return base64.StdEncoding.EncodeToString(b)                                                                                                                                                             
}                                                                                                                                                                                                           

func decodeBase64(s string) []byte {                                                                                                                                                                        
    data, err := base64.StdEncoding.DecodeString(s)                                                                                                                                                         
    if err != nil { panic(err) }                                                                                                                                                                            
    return data                                                                                                                                                                                             
}                                                                                                                                                                                                           

func Encrypt(key, text string) string {                                                                                                                                                                     
    block, err := aes.NewCipher([]byte(key))                                                                                                                                                                
    if err != nil { panic(err) }                                                                                                                                                                            
    plaintext := []byte(text)                                                                                                                                                                               
    cfb := cipher.NewCFBEncrypter(block, iv)                                                                                                                                                                
    ciphertext := make([]byte, len(plaintext))                                                                                                                                                              
    cfb.XORKeyStream(ciphertext, plaintext)                                                                                                                                                                 
    return encodeBase64(ciphertext)                                                                                                                                                                         
}                                                                                                                                                                                                           

func Decrypt(key, text string) string {                                                                                                                                                                     
    block, err := aes.NewCipher([]byte(key))                                                                                                                                                                
    if err != nil { panic(err) }                                                                                                                                                                            
    ciphertext := decodeBase64(text)                                                                                                                                                                        
    cfb := cipher.NewCFBEncrypter(block, iv)                                                                                                                                                                
    plaintext := make([]byte, len(ciphertext))                                                                                                                                                              
    cfb.XORKeyStream(plaintext, ciphertext)                                                                                                                                                                 
}                          

It was mentioned to me that I might need to pad the string, but it seems strange that I would have to pad a stream cipher.

Below is an example of this error: http://play.golang.org/p/4FQBAeHgRs

  • 写回答

5条回答 默认 最新

  • doudeng3008 2013-09-16 00:52
    关注

    This is based on the NewCFBEncrypter / NewCFBDecrypter examples and seems to do what you require:

    EDIT: Based on Kluyg's comment regarding IV creation I've modified the example code to use the recommended method of creating the IV from the ciphertext same method as the linked example to create the IV from the ciphertext. (In production code the IV should be generated seperately each time. Thanks to RoundSparrow hilltx for pointing this out.)

    I think the problem you're encountering is due to an invalid key length, but I'm not 100% sure.

    package main
    
    import (
        "crypto/aes"
        "crypto/cipher"
        "crypto/rand"
        "encoding/base64"
        "errors"
        "fmt"
        "io"
        "log"
    )
    
    func main() {
        key := []byte("a very very very very secret key") // 32 bytes
        plaintext := []byte("some really really really long plaintext")
        fmt.Printf("%s
    ", plaintext)
        ciphertext, err := encrypt(key, plaintext)
        if err != nil {
            log.Fatal(err)
        }
        fmt.Printf("%0x
    ", ciphertext)
        result, err := decrypt(key, ciphertext)
        if err != nil {
            log.Fatal(err)
        }
        fmt.Printf("%s
    ", result)
    }
    
    // See alternate IV creation from ciphertext below
    //var iv = []byte{35, 46, 57, 24, 85, 35, 24, 74, 87, 35, 88, 98, 66, 32, 14, 05}
    
    func encrypt(key, text []byte) ([]byte, error) {
        block, err := aes.NewCipher(key)
        if err != nil {
            return nil, err
        }
        b := base64.StdEncoding.EncodeToString(text)
        ciphertext := make([]byte, aes.BlockSize+len(b))
        iv := ciphertext[:aes.BlockSize]
        if _, err := io.ReadFull(rand.Reader, iv); err != nil {
            return nil, err
        }
        cfb := cipher.NewCFBEncrypter(block, iv)
        cfb.XORKeyStream(ciphertext[aes.BlockSize:], []byte(b))
        return ciphertext, nil
    }
    
    func decrypt(key, text []byte) ([]byte, error) {
        block, err := aes.NewCipher(key)
        if err != nil {
            return nil, err
        }
        if len(text) < aes.BlockSize {
            return nil, errors.New("ciphertext too short")
        }
        iv := text[:aes.BlockSize]
        text = text[aes.BlockSize:]
        cfb := cipher.NewCFBDecrypter(block, iv)
        cfb.XORKeyStream(text, text)
        data, err := base64.StdEncoding.DecodeString(string(text))
        if err != nil {
            return nil, err
        }
        return data, nil
    }
    

    Produces:

    some really really really long plaintext
    54618bd6bb10612a7b590c53192df214501e01b685540b012581a0ed9ff3ddaa1f4177cc6186b501fb8cce0c2eb764daff475aab724d4d33e614d7d89cf556d8512fd920018c090f
    some really really really long plaintext

    Playground

    Hope that helps to pin point the problem.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(4条)

报告相同问题?

悬赏问题

  • ¥15 求一个图片中的成交量选股公式
  • ¥30 关于#python#的问题:我想要的是这79个大特征对于房屋售价的最大的影响前十名(相关搜索:随机森林)
  • ¥15 使用matlab计算自定义特殊函数的二重积分,改变积分顺序所得的结果不同的问题?
  • ¥15 mysql做碎片化处理老是报错怎么办
  • ¥15 如何正确在vs2010中初始化map对象
  • ¥30 mmdet3d模型部署问题
  • ¥15 comsol仿真反射率、吸收率时峰值位置和深度不对!
  • ¥30 Visual Studio找不到sdk,如何解决?
  • ¥15 labview与机器之间网口通信发送指令
  • ¥15 迪杰斯特拉算法,考虑时延,带宽