使用 AES 和 Base64 加密字符串 [英] Encrypting a string with AES and Base64
问题描述
我正在尝试加密要在程序启动期间加载和解密的数据库中的一些文本.
I'm trying to encrypt some text inside a database to be loaded and decrypted during program startup.
我尝试了几种方法,包括第三方库https://github.com/richard-lyman/lithcrypt 无济于事.使用以下方法加密/解密 8/10 个项目,但似乎在加密/解密的某个时刻留下了一些填充残留物.目前我的代码是这样的:
I have tried a few methods, including a third party library https://github.com/richard-lyman/lithcrypt to no avail. Using the following method encrypts/decrypts 8/10 items, but it seems that some padding residue is left behind at some point in the encrypt/decrypt. As it stands my code is like this:
package client
import (
"encoding/base64"
"crypto/aes"
"crypto/cipher"
"fmt"
)
var iv = []byte{34, 35, 35, 57, 68, 4, 35, 36, 7, 8, 35, 23, 35, 86, 35, 23}
func encodeBase64(b []byte) string {
return base64.StdEncoding.EncodeToString(b)
}
func decodeBase64(s string) []byte {
data, err := base64.StdEncoding.DecodeString(s)
if err != nil { panic(err) }
return data
}
func Encrypt(key, text string) string {
block, err := aes.NewCipher([]byte(key))
if err != nil { panic(err) }
plaintext := []byte(text)
cfb := cipher.NewCFBEncrypter(block, iv)
ciphertext := make([]byte, len(plaintext))
cfb.XORKeyStream(ciphertext, plaintext)
return encodeBase64(ciphertext)
}
func Decrypt(key, text string) string {
block, err := aes.NewCipher([]byte(key))
if err != nil { panic(err) }
ciphertext := decodeBase64(text)
cfb := cipher.NewCFBEncrypter(block, iv)
plaintext := make([]byte, len(ciphertext))
cfb.XORKeyStream(plaintext, ciphertext)
}
有人向我提到我可能需要填充字符串,但我必须填充流密码似乎很奇怪.
It was mentioned to me that I might need to pad the string, but it seems strange that I would have to pad a stream cipher.
以下是此错误的示例:http://play.golang.org/p/4FQBAeHgRs >
Below is an example of this error: http://play.golang.org/p/4FQBAeHgRs
推荐答案
这是基于 NewCFBEncrypter/NewCFBDecrypter 示例,似乎可以满足您的要求:
This is based on the NewCFBEncrypter / NewCFBDecrypter examples and seems to do what you require:
基于 Kluyg 对 IV 创建的评论,我修改了示例代码以使用 推荐的从密文创建 IV 的方法 与 linked 示例以从密文创建 IV.(在生产代码中,IV 应该每次都单独生成.感谢 RoundSparrow hilltx 指出这一点.)
Based on Kluyg's comment regarding IV creation I've modified the example code to use the recommended method of creating the IV from the ciphertext same method as the linked example to create the IV from the ciphertext. (In production code the IV should be generated seperately each time. Thanks to RoundSparrow hilltx for pointing this out.)
我认为您遇到的问题是由于密钥长度无效,但我不能 100% 确定.
I think the problem you're encountering is due to an invalid key length, but I'm not 100% sure.
package main
import (
"crypto/aes"
"crypto/cipher"
"crypto/rand"
"encoding/base64"
"errors"
"fmt"
"io"
"log"
)
func main() {
key := []byte("a very very very very secret key") // 32 bytes
plaintext := []byte("some really really really long plaintext")
fmt.Printf("%s\n", plaintext)
ciphertext, err := encrypt(key, plaintext)
if err != nil {
log.Fatal(err)
}
fmt.Printf("%0x\n", ciphertext)
result, err := decrypt(key, ciphertext)
if err != nil {
log.Fatal(err)
}
fmt.Printf("%s\n", result)
}
// See alternate IV creation from ciphertext below
//var iv = []byte{35, 46, 57, 24, 85, 35, 24, 74, 87, 35, 88, 98, 66, 32, 14, 05}
func encrypt(key, text []byte) ([]byte, error) {
block, err := aes.NewCipher(key)
if err != nil {
return nil, err
}
b := base64.StdEncoding.EncodeToString(text)
ciphertext := make([]byte, aes.BlockSize+len(b))
iv := ciphertext[:aes.BlockSize]
if _, err := io.ReadFull(rand.Reader, iv); err != nil {
return nil, err
}
cfb := cipher.NewCFBEncrypter(block, iv)
cfb.XORKeyStream(ciphertext[aes.BlockSize:], []byte(b))
return ciphertext, nil
}
func decrypt(key, text []byte) ([]byte, error) {
block, err := aes.NewCipher(key)
if err != nil {
return nil, err
}
if len(text) < aes.BlockSize {
return nil, errors.New("ciphertext too short")
}
iv := text[:aes.BlockSize]
text = text[aes.BlockSize:]
cfb := cipher.NewCFBDecrypter(block, iv)
cfb.XORKeyStream(text, text)
data, err := base64.StdEncoding.DecodeString(string(text))
if err != nil {
return nil, err
}
return data, nil
}
产生:
一些非常非常非常长的明文
54618bd6bb10612a7b590c53192df214501e01b685540b012581a0ed9ff3ddaa1f4177cc6186b501fb8cce0c2eb764daff475aab37d50c8fc8c50c8fc50c8fc8d12f50c8d12f50c8d1256d9一些非常非常长的纯文本
some really really really long plaintext
54618bd6bb10612a7b590c53192df214501e01b685540b012581a0ed9ff3ddaa1f4177cc6186b501fb8cce0c2eb764daff475aab724d4d33e614d7d89cf556d8512fd920018c090f
some really really really long plaintext
希望有助于查明问题.
这篇关于使用 AES 和 Base64 加密字符串的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
