DEV Community

Cover image for Some notes on symmetric encryption in golang
nigel447
nigel447

Posted on

1 1

Some notes on symmetric encryption in golang

Working today on passing around secure parameters I came across the post
Instead of LibSodium, you should use the nacl/box library that is part of golang.org/x/crypto. [1]

here is a simple example using the suggested libraries

the encrypt import suggested [1]

"golang.org/x/crypto/nacl/secretbox"
Enter fullscreen mode Exit fullscreen mode
func getRandomNonce() ([]byte, [24]byte) {
    iv := make([]byte, 24)
    if _, err := io.ReadFull(rand.Reader, iv); err != nil {
        panic(err)
    }
    return iv, [24]byte(iv)
}

func encryptSecret(plainText []byte) ([]byte, [24]byte) {
    nonce, np := getRandomNonce()
    symKey := [32]byte(secretKeyBytes)
    encrypted := secretbox.Seal(nonce, plainText, &np, &symKey)
    hex.EncodeToString(encrypted)
    return encrypted, np
}

func decryptSecret(cypherText []byte, decryptNonce [24]byte) []byte {
    symKey := [32]byte(secretKeyBytes)
    decrypted, ok := secretbox.Open(nil, cypherText[24:], &decryptNonce, &symKey)
    if !ok {
        panic("decryption error")
    }
    return decrypted
}

Enter fullscreen mode Exit fullscreen mode

and here is a test

func TestSymmEncrypt(t *testing.T) {
    plainText := "this is pop"
    cypherText, decryptNonce := encryptSecret([]byte(plainText))
    hopePlainText := decryptSecret(cypherText, decryptNonce)
    fmt.Println(string(hopePlainText))
}
Enter fullscreen mode Exit fullscreen mode

notes

  • [1] is a good example of why we cant just cut and paste crypto code and hope for the best, its humbling to see even good cryptographers make mistakes
  • its amazing how often the crypto random source and its use is a basic repeated error in so much code
  • golangs rand.Reader uses getrandom(2)[2], its worth it to read the man page to see its limitations from [2] "entropy pool has been initialized and the request size is large (buflen > 256), the call either succeeds, returning a partially filled buffer" oops!

philosophical notes

  • is the universe deterministic if yes then we should be able to get a truly random source, however for the believers of science there has always been an argument for a non deterministic universe
  • struggling with crypto? => Zen proverb "Hell, also, is a place to live in."

Sentry image

Hands-on debugging session: instrument, monitor, and fix

Join Lazar for a hands-on session where you’ll build it, break it, debug it, and fix it. You’ll set up Sentry, track errors, use Session Replay and Tracing, and leverage some good ol’ AI to find and fix issues fast.

RSVP here →

Top comments (1)

Collapse
 
vidyarathna profile image
Vidyarathna Bhat • Edited

This post offers a clear and insightful exploration of symmetric encryption in Go, blending technical guidance with philosophical reflections seamlessly. Great work!

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay