我试图在存储敏感数据之前对其进行加密。首先,我生成一个用于加密过程的密钥:import ( "crypto/aes" CR "crypto/rand" "encoding/hex" "errors" "log" "os")// []byte key used to encrypt tokens before saving to local file systemvar key = make([]byte, 32)func createKey(key *[]byte) { _, err = CR.Read(*key) if err != nil { log.Println("Error creating key from crypto/rand package:", err) }}接下来我创建分别加密和解密字符串的函数:func encryptToken(t token) string { original := t.ID // ID is string member of token cipher, err := aes.NewCipher(key) if err != nil { log.Println("Error creating cipher during encrypt:", err) } out := make([]byte, len(original)) cipher.Encrypt(out, []byte(original)) return hex.EncodeToString(out) // this will be written to a csv file // appears in file as: cec35df876e1b77diefg9023366c5f2f000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000}func decryptToken(s string) string { ciphertext, err := hex.DecodeString(s) // s is read from csv file if err != nil { log.Println("Error decoding string from hex:", err) } cipher, err := aes.NewCipher(key) if err != nil { log.Println("Error creating cipher during decrypt:", err) } original := make([]byte, len(ciphertext)) cipher.Decrypt(original, ciphertext) originalAsString := string(original[:]) return originalAsString // returns: 6f928e728f485403 // original token was: 6f928e728f485403e254049f684ea5ec853adcfa9553cdfc956fr45671447c57}考虑到encryptToken()返回一个包含这么多零的十六进制字符串,我确定这就是我的问题所在。我试过调整 的长度key,但使用 32 以外的值var key = make([]byte, 32)将导致涉及无效内存地址或 nil 指针取消引用的恐慌。为什么是这样?
3 回答
白板的微信
TA贡献1883条经验 获得超3个赞
最短的答案可能是:正如@GradyPlayer 所建议的,您使用密码的方式有误。您必须将其交给加密器,而不是将其应用于所有字节。模式看起来像这样:
ciphertext = make([]byte, len(plaintext))
cbc := cipher.NewCBCEncrypter(cipher, iv)
cbc.CryptBlocks(ciphertext, plaintext)
也就是说,在这里您仍然需要将初始化向量放在密文前面(至少这是通常放置它的地方,解密器可能希望它位于此处),您仍然需要考虑填充(如果你像我一样使用 CBC)。
因此,虽然它没有直接解决问题,但我认为它会帮助您获得更多代码以更好地理解。这是我刚刚创建的要点。免责声明:我主要是从其他地方组装代码片段。所以我只是把你在这里看到的碎片放在一起,并在路上获得了一些理解。
至尊宝的传说
TA贡献1789条经验 获得超10个赞
根据以下评论进行编辑(以便正确使用随机数):
接受的答案,尤其是来自 Topaco 的评论,帮助我找到了这个解决方案,我在这里发布给可能遇到这个问题的任何人:
var key = make([]byte, 32)
func encryptToken(t token) string {
original := t.ID // ID is string member of token
var nonce = make([]byte, 12)
// read random bytes into nonce
_, err := rand.Read(nonce)
if err != nil {
log.Println("Error reading random bytes into nonce:", err)
}
block, err := aes.NewCipher(key)
if err != nil {
log.Println("Error creating cipher during encrypt:", err)
}
aesgcm, err := cipher.NewGCM(block)
if err != nil {
log.Println("Error creating GCM during encrypt:", err)
}
ciphertext := aesgcm.Seal(nil, nonce, []byte(original), nil)
// prepend the ciphertext with the nonce
out := append(nonce, ciphertext...)
return hex.EncodeToString(out)
}
func decryptToken(s string) string {
// read hex string describing nonce and ciphertext
enc, err := hex.DecodeString(s)
if err != nil {
log.Println("Error decoding string from hex:", err)
}
// separate ciphertext from nonce
nonce := enc[0:12]
ciphertext := enc[12:]
block, err := aes.NewCipher(key)
if err != nil {
log.Println("Error creating cipher during decrypt:", err)
}
aesgcm, err := cipher.NewGCM(block)
if err != nil {
log.Println("Error creating GCM during decrypt:", err)
}
original, err := aesgcm.Open(nil, nonce, ciphertext, nil)
if err != nil {
log.Println("Error decrypting to string:", err)
}
originalAsString := string(original)
return originalAsString
}
参考: https: //pkg.go.dev/crypto/cipher#example-NewGCM-Encrypt
- 3 回答
- 0 关注
- 162 浏览
添加回答
举报
0/150
提交
取消