-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathgocryptor.go
143 lines (119 loc) · 3.63 KB
/
gocryptor.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
package main
import (
"crypto/aes"
"crypto/cipher"
b64 "encoding/base64"
"flag"
"fmt"
"io/ioutil"
"log"
)
func main() {
var filePath string
var decrypt bool
var encrypt bool
var keyPath string
var ivString string
var tagString string
var aadString string
flag.StringVar(&filePath, "f", "", "The path to the file you want to encrypt/decrypt")
flag.BoolVar(&decrypt, "d", false, "Used to tell the Command-line that you want to decrypt the file")
flag.BoolVar(&encrypt, "e", false, "Used to tell the Command-line that you want to encrypt the file")
flag.StringVar(&keyPath, "p", "", "The key file used to encrypt/decrypt the file (16/24/32 bytes) - Base64 encoded expected")
flag.StringVar(&ivString, "i", "", "The identification vector (should change for every encryption) - Base64 Expected")
flag.StringVar(&tagString, "t", "", "The tag - Base64 Expected")
flag.StringVar(&aadString, "a", "", "The additional authentication data string")
flag.Parse()
if decrypt {
DecryptFile(filePath, keyPath, ivString, tagString, aadString)
} else if encrypt {
EncryptFile(filePath, keyPath, ivString, tagString, aadString)
}
}
type encryptionInfo struct {
file []byte
key []byte
iv []byte
tag []byte
aad []byte
}
func EncryptFile(filePath string, keyPath string, ivString string, tagString string, aadString string) {
ei, err := transformAndPrepare(filePath, keyPath, ivString, tagString, aadString)
if err != nil {
log.Fatal(err)
}
// Create a new AES cipher
block, err := aes.NewCipher(ei.key)
nonceSize := len(ei.iv)
gcm, err := cipher.NewGCMWithNonceSize(block, nonceSize)
if err != nil {
log.Fatal(err)
}
encryptedFileWithTag := gcm.Seal(nil, ei.iv, ei.file, ei.aad)
tagFile := encryptedFileWithTag[len(encryptedFileWithTag)-gcm.Overhead():]
fmt.Println("******TAG BELOW******")
fmt.Println(b64.StdEncoding.EncodeToString(tagFile))
fmt.Println("******TAG ABOVE******")
encryptedFilePath := filePath + ".encrypted"
// Now, we write the encryption to the file
ioutil.WriteFile(encryptedFilePath, encryptedFileWithTag, 0777)
}
func DecryptFile(filePath string, keyPath string, ivString string, tagString string, aadString string) {
ei, err := transformAndPrepare(filePath, keyPath, ivString, tagString, aadString)
if err != nil {
log.Fatal(err)
}
block, err := aes.NewCipher(ei.key)
if err != nil {
log.Fatal(err)
}
nonceSize := len(ei.iv)
gcm, err := cipher.NewGCMWithNonceSize(block, nonceSize)
if err != nil {
log.Panic(err)
}
encryptedFileWithTag := append(ei.file, ei.tag...)
decryptedFile, err := gcm.Open(nil, ei.iv, encryptedFileWithTag, ei.aad)
if err != nil {
log.Panic(err)
}
decryptedFilePath := filePath + ".decrypted"
err = ioutil.WriteFile(decryptedFilePath, decryptedFile, 0777)
if err != nil {
log.Panic(err)
}
}
func transformAndPrepare(filePath string, keyPath string, ivString string, tagString string, aadString string) (encryptionInfo, error) {
encryptedFile, err := ioutil.ReadFile(filePath)
if err != nil {
return encryptionInfo{}, err
}
keyFile, err := ioutil.ReadFile(keyPath)
if err != nil {
return encryptionInfo{}, err
}
key, err := b64.StdEncoding.DecodeString(string(keyFile))
if err != nil {
return encryptionInfo{}, err
}
nonce, err := b64.StdEncoding.DecodeString(ivString)
if err != nil {
return encryptionInfo{}, err
}
var authTag []byte
if tagString != "" { // not needed in encryption mode
authTag, err = b64.StdEncoding.DecodeString(tagString)
if err != nil {
return encryptionInfo{}, err
}
}
aad := []byte(aadString)
ei := encryptionInfo{
file: encryptedFile,
key: key,
iv: nonce,
tag: authTag,
aad: aad,
}
return ei, nil
}