Bytes encrypts the provided data using AES-256-GCM with a randomly generated key and nonce. The nonce is prepended to the returned ciphertext.
(bytes []byte)
| 31 | // Bytes encrypts the provided data using AES-256-GCM with a randomly generated |
| 32 | // key and nonce. The nonce is prepended to the returned ciphertext. |
| 33 | func Bytes(bytes []byte) (EncryptedBytes, error) { |
| 34 | if len(bytes) == 0 { |
| 35 | return EncryptedBytes{}, fmt.Errorf("input bytes cannot be empty") |
| 36 | } |
| 37 | |
| 38 | // Key should be 16 bytes (AES-128), 24 bytes (AES-192) or 32 bytes (AES-256) |
| 39 | key := make([]byte, 32) |
| 40 | _, err := rand.Read(key) |
| 41 | if err != nil { |
| 42 | return EncryptedBytes{}, err |
| 43 | } |
| 44 | |
| 45 | // Generate a new aes cipher using the key above |
| 46 | block, err := aes.NewCipher(key) |
| 47 | if err != nil { |
| 48 | return EncryptedBytes{}, err |
| 49 | } |
| 50 | |
| 51 | // gcm or Galois/Counter Mode, is a mode of operation |
| 52 | // for symmetric key cryptographic block ciphers |
| 53 | // - https://en.wikipedia.org/wiki/Galois/Counter_Mode |
| 54 | aesGCM, err := cipher.NewGCM(block) |
| 55 | if err != nil { |
| 56 | return EncryptedBytes{}, err |
| 57 | } |
| 58 | |
| 59 | // Create a new byte array the size of the nonce, |
| 60 | // populate with a cryptographically secure random sequence |
| 61 | nonce := make([]byte, aesGCM.NonceSize()) |
| 62 | _, err = rand.Read(nonce) |
| 63 | if err != nil { |
| 64 | return EncryptedBytes{}, err |
| 65 | } |
| 66 | |
| 67 | // Encrypt and authenticate plaintext |
| 68 | // Note: Seal() prepends the nonce to the ciphertext |
| 69 | ciphertext := aesGCM.Seal(nonce, nonce, bytes, nil) |
| 70 | |
| 71 | return EncryptedBytes{ciphertext, key, nonce}, nil |
| 72 | } |
| 73 | |
| 74 | // ExtractNonce returns the nonce from the ciphertext where it was prepended |
| 75 | func (e EncryptedBytes) ExtractNonce() []byte { |