introduce
In project development, we often encounter scenarios where symmetric key encryption is required, such as when the client calls the interface, the parameters include mobile phone number, ID number or bank card number.
Symmetric key encryption is a way of encryption where only one key is used to encrypt and decrypt data. The entity communicating through symmetric encryption must share the key so that it can be used during the decryption process. This encryption method is different from asymmetric encryption, which uses a pair of keys (a public and a private key) to encrypt and decrypt data.
AES Algorithm
Common symmetric key encryption algorithms include AES (Advanced Encryption Standard), DES (Data Encryption Standard), etc., which are all packet passwords.
Because DES algorithms can be quickly cracked based on the current computer's processing capabilities, DES is rarely used at present.
AES is the most commonly used symmetric key encryption algorithm at present, originally called Rijndael. The AES password has 128 bits per packet size, but it has three key lengths, namely AES-128, AES-192, and AES-256. It should be noted that in the interface provided by the Golang standard library, only AES-128 (16 byte) is supported. In fact, the encryption strength of AES-128 is already secure enough.
In this article, we mainly introduce how to use the symmetric key encryption of the AES algorithm in Golang.
practice
The grouping modes of the AES algorithm include ECB, CBC, CFB, OFB and CTR. Among them, ECB and CBC are used more frequently. Although ECB is simpler and more efficient than CBC, its ciphertext is regular and easier to crack. Therefore, it is recommended that you use CBC. In this article, we mainly introduce the most used CBC grouping mode.
It should be noted that the last grouping of the ECB and CBC grouping modes needs to be filled with 16 bytes. Regarding the fill mode, due to space, this article will not introduce it in detail, but will provide codes for filling data and canceling the fill data.
Golang implements AES symmetric encryption algorithm mainly divided into the following steps:
Encryption steps:
- Create a new encryption block.
- Gets the size of the encryption block.
- Populate data.
- Initialize the vector.
- Specifies the grouping mode of the encrypted block.
- Encrypt multiple blocks.
Sample code:
func AESCbcEncrypt(secretKey, src string) string {
key := []byte(secretKey)
if len(key) > 16 {
key = key[:16]
}
plaintext := []byte(src)
block, err := (key)
if err != nil {
panic(err)
}
blockSize := ()
plaintext = Padding(plaintext, blockSize)
if len(plaintext)% != 0 {
panic("plaintext is not a multiple of the block size")
}
ciphertext := make([]byte, +len(plaintext))
iv := ciphertext[:]
if _, err := (, iv); err != nil {
panic(err)
}
mode := (block, iv)
(ciphertext[:], plaintext)
return (ciphertext)
}
Decryption steps:
- Create a new encryption block.
- Initialize the vector.
- Specifies the grouping mode of the decrypted block.
- Decrypt multiple blocks.
- Cancel populate data.
Sample code:
func AESCbcDecrypt(secretKey, src string) string {
key := []byte(secretKey)
ciphertext, _ := (src)
block, err := (key)
if err != nil {
panic(err)
}
if len(ciphertext) < {
panic("ciphertext too short")
}
iv := ciphertext[:]
ciphertext = ciphertext[:]
if len(ciphertext)% != 0 {
panic("ciphertext is not a multiple of the block size")
}
mode := (block, iv)
(ciphertext, ciphertext)
ciphertext = UnPadding(ciphertext)
return string(ciphertext)
}
Fill in the sample code:
func Padding(plainText []byte, blockSize int) []byte {
padding := blockSize - len(plainText)%blockSize
char := []byte{byte(padding)}
newPlain := (char, padding)
return append(plainText, newPlain...)
}
Unfilling the sample code:
func UnPadding(plainText []byte) []byte {
length := len(plainText)
lastChar := plainText[length-1]
padding := int(lastChar)
return plainText[:length-padding]
}
It should be noted that the initialization vector (IV) is random. Careful readers may have found that the ciphertext obtained by using random IV, the same plaintext is also different every time. However, the IV used for encryption and decryption must be the same.
Summarize
We introduced the concept of symmetric key encryption and briefly introduced the AES algorithm. Finally, we also provided example code for Golang how to use the CBC packet mode of the AES algorithm to implement symmetric key encryption. Interested readers can write code for other packet modes by themselves.
This is the end of this article about the detailed explanation of the examples of Go using symmetric encryption. For more relevant Go symmetric encryption content, please search for my previous articles or continue browsing the related articles below. I hope everyone will support me in the future!