Golang AES StreamReader加密 – 示例省略了对加密数据的任何身

发布时间：2020-12-16 19:04:25 所属栏目：大数据来源：网络整理

导读：最后,我在StackOverflow上发布了我的第一个问题.我现在使用这个网站多年了,我总能找到所有问题的答案:) 我正在实现一个基于official Golang cipher example的文件加密后台守护进程： func ExampleStreamReader() { key := []byte("example key 1234") inFile

最后,我在StackOverflow上发布了我的第一个问题.我现在使用这个网站多年了,我总能找到所有问题的答案:)

我正在实现一个基于official Golang cipher example的文件加密后台守护进程：

func ExampleStreamReader() {
    key := []byte("example key 1234")

    inFile,err := os.Open("encrypted-file")
    if err != nil {
        panic(err)
    }
    defer inFile.Close()

    block,err := aes.NewCipher(key)
    if err != nil {
        panic(err)
    }

    // If the key is unique for each ciphertext,then it's ok to use a zero
    // IV.
    var iv [aes.BlockSize]byte
    stream := cipher.NewOFB(block,iv[:])

    outFile,err := os.OpenFile("decrypted-file",os.O_WRONLY|os.O_CREATE|os.O_TRUNC,0600)
    if err != nil {
        panic(err)
    }
    defer outFile.Close()

    reader := &cipher.StreamReader{S: stream,R: inFile}
    // Copy the input file to the output file,decrypting as we go.
    if _,err := io.Copy(outFile,reader); err != nil {
        panic(err)
    }

    // Note that this example is simplistic in that it omits any
    // authentication of the encrypted data. If you were actually to use
    // StreamReader in this manner,an attacker could flip arbitrary bits in
    // the output.
}

func ExampleStreamWriter() {
    key := []byte("example key 1234")

    inFile,err := os.Open("plaintext-file")
    if err != nil {
        panic(err)
    }
    defer inFile.Close()

    block,err := os.OpenFile("encrypted-file",0600)
    if err != nil {
        panic(err)
    }
    defer outFile.Close()

    writer := &cipher.StreamWriter{S: stream,W: outFile}
    // Copy the input file to the output file,encrypting as we go.
    if _,err := io.Copy(writer,inFile); err != nil {
        panic(err)
    }

    // Note that this example is simplistic in that it omits any
    // authentication of the encrypted data. If you were actually to use
    // StreamReader in this manner,an attacker could flip arbitrary bits in
    // the decrypted result.
}

以下引用是什么意思？关于我应该注意什么才能提供安全的加密和解密？

Note that this example is simplistic in that it
omits any authentication of the encrypted data. If you were actually
to use StreamReader in this manner,an attacker could flip arbitrary
bits in the output.

谢谢！

来自维基百科：

The block cipher modes ECB,CBC,OFB,CFB,CTR,and XTS provide confidentiality,but they do not protect against accidental modification or malicious tampering.

可以在这里找到一个很好的解释：https://security.stackexchange.com/a/33576.

Go支持其他支持完整性和身份验证检查的模式.正如rossum所说,你可以使用GCM或CCM.你可以在godoc.org找到很多例子.例如HashiCorp的memberlist library.

另一个值得一试的图书馆是golang.org/x/crypto/nacl年的NaCL港口：

func Open(out []byte,box []byte,nonce *[24]byte,key *[32]byte) ([]byte,bool)
func Seal(out,message []byte,key *[32]byte) []byte

如果您正在使用小消息,则此API可能会更容易使用.

（编辑：李大同）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!