Base64 + AES decryption using ENCRYPTION_SECRET in .env as key
(encryptionSecret, encryptedText string)
| 47 | |
| 48 | // Base64 + AES decryption using ENCRYPTION_SECRET in .env as key |
| 49 | func Decrypt(encryptionSecret, encryptedText string) (string, errors.Error) { |
| 50 | // when encryption key is not set |
| 51 | if encryptionSecret == "" { |
| 52 | // return error message |
| 53 | return encryptedText, errors.Default.New("encryptionSecret is required") |
| 54 | } |
| 55 | |
| 56 | // Decode Base64 |
| 57 | decodingFromBase64, err1 := base64.StdEncoding.DecodeString(encryptedText) |
| 58 | if err1 != nil { |
| 59 | return encryptedText, errors.Convert(err1) |
| 60 | } |
| 61 | // perform AES decryption |
| 62 | output, err2 := AesDecrypt(decodingFromBase64, []byte(encryptionSecret)) |
| 63 | if err2 != nil { |
| 64 | return encryptedText, err2 |
| 65 | } |
| 66 | |
| 67 | // Verify and remove suffix |
| 68 | oSize := len(output) |
| 69 | if oSize >= 7 { |
| 70 | check := output[oSize-7 : oSize] |
| 71 | backEnd := []byte{123, 110, 100, 100, 116, 102, 125} |
| 72 | if string(check) == string(backEnd) { |
| 73 | output = output[0 : oSize-7] |
| 74 | // return result |
| 75 | return string(output), nil |
| 76 | } |
| 77 | } |
| 78 | return "", errors.Default.New("invalid encryptionSecret") |
| 79 | } |
| 80 | |
| 81 | // PKCS7Padding PKCS7 padding |
| 82 | func PKCS7Padding(ciphertext []byte, blockSize int) []byte { |