golang 在golang中使用AES256 GCM加密文本

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了golang 在golang中使用AES256 GCM加密文本相关的知识,希望对你有一定的参考价值。

import (
	"crypto/aes"
	"crypto/cipher"
	"crypto/rand"
	"encoding/hex"
	"os"
)

// Encrypt will encrypt a raw string to
// an encrypted value
// an encrypted value has an IV (nonce) + actual encrypted value
// when we decrypt, we only decrypt the latter part
func Encrypt(key []byte) ([]byte, error) {
	secretKey := getSecret()

	block, err := aes.NewCipher(secretKey)
	if err != nil {
		return nil, err
	}

	aesgcm, err := cipher.NewGCM(block)
	if err != nil {
		return nil, err
	}

	iv := make([]byte, aesgcm.NonceSize())
	if _, err := rand.Read(iv); err != nil {
		return nil, err
	}

	ciphertext := aesgcm.Seal(iv, iv, key, nil)

	return ciphertext, nil
}

func getSecret() []byte {
	secret := os.Getenv("SECRET")
	if secret == "" {
		panic("Error: Must provide a secret key under env variable SECRET")
	}

	secretbite, err := hex.DecodeString(secret)

	if err != nil {
		// probably malform secret, panic out
		panic(err)
	}

	return secretbite
}

AES/ECB/PKCS5Padding-128在JAVA,PHP,JavaScript, Python,Golang五种语言中的相互加解密

 java版本AES/ECB/PKCS5Padding-128:

package test;


import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Base64;


public class DigestUtil 

    //用于构建十六进制输出
    private static final char[] DIGITS_LOWER = '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f';

    /**
     * AES解密 128 AES/ECB/PKCS5Padding
     *
     * @param source      需要解密的字符串
     * @param key         需要解密的秘钥
     * @param hexOrBase64 true:hex,false:base64
     * @return 返回解密结果
     */
    public static String decryptAES(String source, String key, boolean hexOrBase64) 
        try 
            SecretKey secretKey = new SecretKeySpec(key.getBytes(), "AES");
            Cipher cipher = Cipher.getInstance("AES");
            cipher.init(Cipher.DECRYPT_MODE, secretKey);
            if (hexOrBase64) 
                return new String(cipher.doFinal(DigestUtil.hex2bytes(source)));
             else 
                return new String(cipher.doFinal(DigestUtil.decodeBase64(source)));
            
         catch (Exception e) 
            System.out.println(e.getMessage());
            throw new RuntimeException("出错啦!", e);
        
    


    public static byte[] hex2bytes(String hexStr) 
        byte[] result = new byte[hexStr.length() / 2];
        for (int i = 0; i < hexStr.length() / 2; i++) 
            int high = Integer.parseInt(hexStr.substring(i * 2, i * 2 + 1), 16);
            int low = Integer.parseInt(hexStr.substring(i * 2 + 1, i * 2 + 2), 16);
            result[i] = (byte) (high * 16 + low);
        
        return result;
    


    public static byte[] decodeBase64(String text) 
        return java.util.Base64.getDecoder().decode(text);
    


    public static char[] bytes2hex(final byte[] data) 
        final int l = data.length;
        final char[] out = new char[l << 1];
        // two characters form the hex value.
        for (int i = 0, j = 0; i < l; i++) 
            out[j++] = DIGITS_LOWER[(0xF0 & data[i]) >>> 4];
            out[j++] = DIGITS_LOWER[0x0F & data[i]];
        
        return out;
    


    public static String encodeBase64(byte[] data) 
        return Base64.getEncoder().encodeToString(data);
    

    /**
     * AES加密 128 AES/ECB/PKCS5Padding
     *
     * @param source      需要加密的字符串
     * @param key         需要加密的秘钥
     * @param hexOrBase64 true:hex,false:base64
     * @return 返回加密结果
     */
    public static String encryptAES(String source, String key, boolean hexOrBase64) 
        try 
            SecretKey secretKey = new SecretKeySpec(key.getBytes(), "AES");
            Cipher cipher = Cipher.getInstance("AES");
            cipher.init(Cipher.ENCRYPT_MODE, secretKey);
            if (hexOrBase64) 
                return new String(DigestUtil.bytes2hex(cipher.doFinal(source.getBytes())));
             else 
                return DigestUtil.encodeBase64(cipher.doFinal(source.getBytes()));
            
         catch (Exception e) 
            throw new RuntimeException("出错啦!", e);
        

    

    public static void main(String[] args) throws Exception 
        String value = "nwflag=1&empno=BEJY3293";
        //"HmtaYAN+n8dzKifi50/sA4Sv/dLKR5MnfZKcJVSzmST0D7ZkbmM8AebuNNkKBc4Z7DoXDnDwwwap2hg+6ztWQAZdQZOfAHR5bueqpApDN9il6gIuQadcdPcvrurRRiTifOQYsE9nRQKy6smol0jrz0wLEDxyPh3ZfBZG0e5KxrEq6Es6E3/05F4jIBYy+dUtvYBPSrVi3kzkblFex6qZOf/6jbtSlchWJVXMuEgA05LplUlUvNr5vwNC65KIy6beHcyhntIO2wJHx5uknjtidXUft3s87ZlxTzMEiKV6cXU9ejuCxdOz9n0c7UPeAOqHprxW2FvOhytVSMoSPP6No9pSochmKdXBPgOQd15rswBi0ejSZ+qWG4/MrBhVFD5OaQ8Cr7wy9hoWdnYrd0tcxPZv4EiwF3DDqctffYgQjy8=";
        //"openid=ouQdHv18KY5HPhW16cDk43Y5-yyk&nickname=%e6%9d%8e%e5%a8%81&headimg=http%3a%2f%2fthirdwx.qlogo.cn%2fmmopen%2fajNVdqHZLLB6qkUjQibrUJniaBhLf8hjS5L4roMR84T62m7NyHiaIAXKh1cl2vJwfdSfEzju8HicugEXbJQFHx1pZw%2f132&rytype=1&nwflag=1&empno=BEJY3293&stime=1603340863000";
        String key = "5678998765123322";

        //加密
        String s = encryptAES(value, key, false);
        System.out.println(s);
        //解密
        String k = decryptAES(s, key, false);
        System.out.println(k);

    

PHP版本:

class Aes


    /**
     * @param $input string 待加密字符串
     * @param $key string 秘钥
     * @param bool $hexOutput 默认true hex 输出, false base64输出
     * @return string 加密结果
     */
    public static function encrypt($input, $key, $hexOutput = true)
    
        $data = openssl_encrypt($input, 'AES-128-ECB', $key, OPENSSL_RAW_DATA);
        if ($hexOutput) 
            $data = bin2hex($data);
        else 
            $data = base64_encode($data);
        

        return $data;
    

    /**
     * @param $sStr 解密字符串
     * @param $sKey 解密秘钥
     * @param bool $hexInput 解密模式 默认true hex输入, false base64输入
     * @return string 解密结果
     */
    public static function decrypt($sStr, $sKey, $hexInput = true)
    
        if ($hexInput) 
            $sStr = hex2bin($sStr);
        else 
            $sStr = base64_decode($sStr);
        

        $decrypted = openssl_decrypt($sStr, 'AES-128-ECB', $sKey, OPENSSL_RAW_DATA);
        return $decrypted;
    

JavaScript 使用GitHub - ihsmarkitosi/CryptoJS-v3.1.2: CryptoJS v3.1.2, 下载后按html示例引入

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>

</head>
<script src="rollups/aes.js"></script>
<script src="components/mode-ecb.js"></script>
<script src="components/pad-nopadding.js"></script>
<script>

    /**
     *
     * @param data string 待加密字符串
     * @param key string 秘钥
     * @returns * 返回base64或hex格式的密文
     */
    function encodeAesString(data, key, hexInput=true) 
        var key = CryptoJS.enc.Utf8.parse(key);
        var encrypted = CryptoJS.AES.encrypt(data, key, 
            mode: CryptoJS.mode.ECB,
            padding: CryptoJS.pad.Pkcs7
        );
        if (hexInput) 
            return encrypted.ciphertext.toString();
         else 
            return encrypted;
        
    

    /**
     *
     * @param encrypted base64格式或hex格式的密文
     * @param key sting 秘钥
     * @returns string 解密后的字符串
     */
    function decodeAesString(data, key, hexInput=true) 
        var key = CryptoJS.enc.Utf8.parse(key);
        if (hexInput) 
            data = CryptoJS.enc.Hex.parse(data);
            data = CryptoJS.enc.Base64.stringify(data);
        
        var decrypted = CryptoJS.AES.decrypt(data, key, 
            mode: CryptoJS.mode.ECB,
            padding: CryptoJS.pad.Pkcs7
        );
        return decrypted.toString(CryptoJS.enc.Utf8);
    

    // 测试加、解密
    function testAES() 
        var key = "5678998765123321";
        var data = "openid=ouQdHv18KY5HPhW16cDk43Y5-yyk&nickname=%e6%9d%8e%e5%a8%81&headimg=http%3a%2f%2fthirdwx.qlogo.cn%2fmmopen%2fajNVdqHZLLB6qkUjQibrUJniaBhLf8hjS5L4roMR84T62m7NyHiaIAXKh1cl2vJwfdSfEzju8HicugEXbJQFHx1pZw%2f132&rytype=1&nwflag=1&empno=BEJY3293&stime=1603340863000";
        console.log("加密前:" + data);
        var encrypted = encodeAesString(data, key); // 密文
        console.log("加密后: " + encrypted);
        console.log(encrypted == "e016d67088b27cba729f264def4d0633da66e046cdcb7bc7cef6b3be1334c45d8e68ab5108845a0e58b364725c81503c416f161c6aa02b136e2f3e62ca12228bb2a590ff8089a84487a0e1a283a93293615b83056b8633f137df25fb10cda385d8838d9f8d1afa092047963d3fb682bfbd804f4ab562de4ce46e515ec7aa9939fffa8dbb5295c8562555ccb84800d392e9954954bcdaf9bf0342eb9288cba6de1dcca19ed20edb0247c79ba49e3b6275751fb77b3ced99714f330488a57a7175b45b61f10a8099464ab4eee2c083255f2824bd38d84e0e89731861a9dd4b58b60c594e2664a2d8497fd749d19162d62d2fbe7fc086e983aad528890cf76a6d6f01603d003f1b59e51b4fa5edc9476c20");
    //     console.log("加密后: " + encrypted == "4BbWcIiyfLpynyZN700GM9pm4EbNy3vHzvazvhM0xF2OaKtRCIRaDlizZHJcgVA8QW8WHGqgKxNuLz5iyhIii7KlkP+AiahEh6DhooOpMpNhW4MFa4Yz8TffJfsQzaOF2IONn40a+gkgR5Y9P7aCv72AT0q1Yt5M5G5RXseqmTn/+o27UpXIViVVzLhIANOS6ZVJVLza+b8DQuuSiMum3h3MoZ7SDtsCR8ebpJ47YnV1H7d7PO2ZcU8zBIilenF1tFth8QqAmUZKtO7iwIMlXygkvTjYTg6Jcxhhqd1LWLYMWU4mZKLYSX/XSdGRYtYtL75/wIbpg6rVKIkM92ptbwFgPQA/G1nlG0+l7clHbCA=");
    //     var s = "4BbWcIiyfLpynyZN700GM9pm4EbNy3vHzvazvhM0xF2OaKtRCIRaDlizZHJcgVA8QW8WHGqgKxNuLz5iyhIii7KlkP+AiahEh6DhooOpMpNhW4MFa4Yz8TffJfsQzaOF2IONn40a+gkgR5Y9P7aCv72AT0q1Yt5M5G5RXseqmTn/+o27UpXIViVVzLhIANOS6ZVJVLza+b8DQuuSiMum3h3MoZ7SDtsCR8ebpJ47YnV1H7d7PO2ZcU8zBIilenF1tFth8QqAmUZKtO7iwIMlXygkvTjYTg6Jcxhhqd1LWLYMWU4mZKLYSX/XSdGRYtYtL75/wIbpg6rVKIkM92ptbwFgPQA/G1nlG0+l7clHbCA=";
        var decryptedStr = decodeAesString(encrypted, key);
        console.log("解密后: " + decryptedStr);
    
    testAES();

    // t = decodeURIComponent(t);

</script>
<body>

</body>
</html>

python AES

import hashlib
import binascii
from Crypto.Cipher import AES
import base64

# padding算法
BLOCK_SIZE = 16
pad = lambda s: bytes(s + (BLOCK_SIZE - len(s) % BLOCK_SIZE) * chr(BLOCK_SIZE - len(s) % BLOCK_SIZE), encoding='utf8')
unpad = lambda s: s[0:-ord(s[-1:])]


class AES_ENCRYPT(object):
    def __init__(self, key, hex=True):
        self.key = key
        self.hex_mode = hex

    # 加密函数
    def encrypt(self, text):
        cryptor = AES.new(self.key, AES.MODE_ECB)
        ciphertext = cryptor.encrypt(pad(text))
        if self.hex_mode:
            return binascii.b2a_hex(ciphertext)
        else:
            return  base64.b64encode(ciphertext)


    # 解密函数
    def decrypt(self, text):
        if self.hex_mode:
            decode = binascii.a2b_hex(text)
        else:
            decode = base64.b64decode(text)
        cryptor = AES.new(self.key, AES.MODE_ECB)
        plain_text = cryptor.decrypt(decode)
        return unpad(plain_text)


if __name__ == '__main__':
    aes_encrypt = AES_ENCRYPT("5678998765123321", False)
    text = "openid=ouQdHv18KY5HPhW16cDk43Y5-yyk&nickname=%e6%9d%8e%e5%a8%81&headimg=http%3a%2f%2fthirdwx.qlogo.cn%2fmmopen%2fajNVdqHZLLB6qkUjQibrUJniaBhLf8hjS5L4roMR84T62m7NyHiaIAXKh1cl2vJwfdSfEzju8HicugEXbJQFHx1pZw%2f132&rytype=1&nwflag=1&empno=BEJY3293&stime=1603340863000"
    e = aes_encrypt.encrypt(text)
    print(e)
    d = aes_encrypt.decrypt(e)
    print(text)
    print(d)

Golang AES

package main

import (
	"encoding/base64"
	"encoding/base64"
	"encoding/hex"
	"fmt"
	"github.com/forgoer/openssl"

)



func main()  
	src := []byte("openid=ouQdHv18KY5HPhW16cDk43Y5-yyk&nickname=%e6%9d%8e%e5%a8%81&headimg=http%3a%2f%2fthirdwx.qlogo.cn%2fmmopen%2fajNVdqHZLLB6qkUjQibrUJniaBhLf8hjS5L4roMR84T62m7NyHiaIAXKh1cl2vJwfdSfEzju8HicugEXbJQFHx1pZw%2f132&rytype=1&nwflag=1&empno=BEJY3293&stime=1603340863000")
	key := []byte("5678998765123321")
	//加密
	dst , _ := openssl.AesECBEncrypt(src, key, openssl.PKCS7_PADDING)
	fmt.Printf(base64.StdEncoding.EncodeToString(dst))
	fmt.Printf(hex.EncodeToString(dst))
	//解密
	dst , _ = openssl.AesECBDecrypt(dst, key, openssl.PKCS7_PADDING)
	fmt.Println(string(dst)) //

以上是关于golang 在golang中使用AES256 GCM加密文本的主要内容,如果未能解决你的问题,请参考以下文章

golang实现aes-cbc-256加密解密过程记录

为啥带有 GCM 的 AES-256 会在密文大小上增加 16 个字节?

golang GoLang使用AES加密将字符串加密到base64,反之亦然。

golang GoLang使用AES加密将字符串加密到base64,反之亦然。

golang GoLang使用AES加密将字符串加密到base64,反之亦然。

golang:AES加密解密