Golang AES StreamReader加密 – 示例省略了对加密数据的任何身
最后,我在StackOverflow上发布了我的第一个问题.我现在使用这个网站多年了,我总能找到所有问题的答案:)
我正在实现一个基于official Golang cipher example的文件加密后台守护进程: func ExampleStreamReader() { key := []byte("example key 1234") inFile,err := os.Open("encrypted-file") if err != nil { panic(err) } defer inFile.Close() block,err := aes.NewCipher(key) if err != nil { panic(err) } // If the key is unique for each ciphertext,then it's ok to use a zero // IV. var iv [aes.BlockSize]byte stream := cipher.NewOFB(block,iv[:]) outFile,err := os.OpenFile("decrypted-file",os.O_WRONLY|os.O_CREATE|os.O_TRUNC,0600) if err != nil { panic(err) } defer outFile.Close() reader := &cipher.StreamReader{S: stream,R: inFile} // Copy the input file to the output file,decrypting as we go. if _,err := io.Copy(outFile,reader); err != nil { panic(err) } // Note that this example is simplistic in that it omits any // authentication of the encrypted data. If you were actually to use // StreamReader in this manner,an attacker could flip arbitrary bits in // the output. } func ExampleStreamWriter() { key := []byte("example key 1234") inFile,err := os.Open("plaintext-file") if err != nil { panic(err) } defer inFile.Close() block,err := os.OpenFile("encrypted-file",0600) if err != nil { panic(err) } defer outFile.Close() writer := &cipher.StreamWriter{S: stream,W: outFile} // Copy the input file to the output file,encrypting as we go. if _,err := io.Copy(writer,inFile); err != nil { panic(err) } // Note that this example is simplistic in that it omits any // authentication of the encrypted data. If you were actually to use // StreamReader in this manner,an attacker could flip arbitrary bits in // the decrypted result. } 以下引用是什么意思?关于我应该注意什么才能提供安全的加密和解密?
谢谢!
来自维基百科:
可以在这里找到一个很好的解释:https://security.stackexchange.com/a/33576. Go支持其他支持完整性和身份验证检查的模式.正如rossum所说,你可以使用GCM或CCM.你可以在godoc.org找到很多例子.例如HashiCorp的memberlist library. 另一个值得一试的图书馆是golang.org/x/crypto/nacl年的NaCL港口: func Open(out []byte,box []byte,nonce *[24]byte,key *[32]byte) ([]byte,bool) func Seal(out,message []byte,key *[32]byte) []byte 如果您正在使用小消息,则此API可能会更容易使用. (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |