DEV Community

Cover image for Some notes on symmetric encryption in golang
nigel447
nigel447

Posted on

1 1

Some notes on symmetric encryption in golang

Working today on passing around secure parameters I came across the post
Instead of LibSodium, you should use the nacl/box library that is part of golang.org/x/crypto. [1]

here is a simple example using the suggested libraries

the encrypt import suggested [1]

"golang.org/x/crypto/nacl/secretbox"
Enter fullscreen mode Exit fullscreen mode
func getRandomNonce() ([]byte, [24]byte) {
    iv := make([]byte, 24)
    if _, err := io.ReadFull(rand.Reader, iv); err != nil {
        panic(err)
    }
    return iv, [24]byte(iv)
}

func encryptSecret(plainText []byte) ([]byte, [24]byte) {
    nonce, np := getRandomNonce()
    symKey := [32]byte(secretKeyBytes)
    encrypted := secretbox.Seal(nonce, plainText, &np, &symKey)
    hex.EncodeToString(encrypted)
    return encrypted, np
}

func decryptSecret(cypherText []byte, decryptNonce [24]byte) []byte {
    symKey := [32]byte(secretKeyBytes)
    decrypted, ok := secretbox.Open(nil, cypherText[24:], &decryptNonce, &symKey)
    if !ok {
        panic("decryption error")
    }
    return decrypted
}

Enter fullscreen mode Exit fullscreen mode

and here is a test

func TestSymmEncrypt(t *testing.T) {
    plainText := "this is pop"
    cypherText, decryptNonce := encryptSecret([]byte(plainText))
    hopePlainText := decryptSecret(cypherText, decryptNonce)
    fmt.Println(string(hopePlainText))
}
Enter fullscreen mode Exit fullscreen mode

notes

  • [1] is a good example of why we cant just cut and paste crypto code and hope for the best, its humbling to see even good cryptographers make mistakes
  • its amazing how often the crypto random source and its use is a basic repeated error in so much code
  • golangs rand.Reader uses getrandom(2)[2], its worth it to read the man page to see its limitations from [2] "entropy pool has been initialized and the request size is large (buflen > 256), the call either succeeds, returning a partially filled buffer" oops!

philosophical notes

  • is the universe deterministic if yes then we should be able to get a truly random source, however for the believers of science there has always been an argument for a non deterministic universe
  • struggling with crypto? => Zen proverb "Hell, also, is a place to live in."

Do your career a big favor. Join DEV. (The website you're on right now)

It takes one minute, it's free, and is worth it for your career.

Get started

Community matters

Top comments (1)

Collapse
 
vidyarathna profile image
Vidyarathna Bhat โ€ข โ€ข Edited

This post offers a clear and insightful exploration of symmetric encryption in Go, blending technical guidance with philosophical reflections seamlessly. Great work!

Heroku

Build apps, not infrastructure.

Dealing with servers, hardware, and infrastructure can take up your valuable time. Discover the benefits of Heroku, the PaaS of choice for developers since 2007.

Visit Site

๐Ÿ‘‹ Kindness is contagious

Dive into an ocean of knowledge with this thought-provoking post, revered deeply within the supportive DEV Community. Developers of all levels are welcome to join and enhance our collective intelligence.

Saying a simple "thank you" can brighten someone's day. Share your gratitude in the comments below!

On DEV, sharing ideas eases our path and fortifies our community connections. Found this helpful? Sending a quick thanks to the author can be profoundly valued.

Okay