Can golang code be encrypted?

Golang code encryption method:

DES encryption and decryption

The standard library in golang is in crypto/des There is an implementation of DES, but the description of the golang library is relatively simple. If you are not familiar with the encryption rules of DES, it is not easy to write the corresponding code. It is also easy to get confused when performing encryption and decryption between different languages ​​with a third party. ,An error occurred.

When different platforms and languages ​​are connected for DES encryption and decryption, you need to know what encryption mode and filling method the other party uses:

Windows default is CBC mode, CryptSetKeyParam function, openssl The function name directly indicates

In Java, if Cipher.getInstance() is not filled in, the default is DES/ECB/PKCS5Padding

The default in C# is CBC mode, PKCS7Padding(PKCS5Padding)

Golang provides CBC mode by default, so for ECB mode, you need to write your own code

PKCS5Padding and PKCS5Unpadding

    func PKCS5Padding(ciphertext []byte, blockSize int) []byte {
        padding := blockSize - len(ciphertext)%blockSize
        padtext := bytes.Repeat([]byte{byte(padding)}, padding)
        return append(ciphertext, padtext...)
    }
 
    func PKCS5Unpadding(origData []byte) []byte {
        length := len(origData)
        unpadding := int(origData[length-1])
        return origData[:(length - unpadding)]
    }

ECB encryption mode

 
        block, err := des.NewCipher(key)
        if err != nil {
            ...
        }
        bs := block.BlockSize()
        src = PKCS5Padding(src, bs)
        if len(src)%bs != 0 {
            ....
        }
        out := make([]byte, len(src))
        dst := out
        for len(src) > 0 {
            block.Encrypt(dst, src[:bs])
            src = src[bs:]
            dst = dst[bs:]
        }
        ...
    }

RSA Encryption and decryption

Different from other languages ​​that have higher-level encapsulation by default, golang needs to be combined and encapsulated based on different concepts

PEM: usually ends with .pem Files are commonly used in key storage and X.509 certificate systems. The following is the PEM format under an X509 certificate:

-----BEGIN CERTIFICATE-----
    base64
-----END CERTIFICATE-----

PKCS: This is a huge system, and different keys use different pkcs file format. For example, the private key uses pkcs8.

X.509: This is a public key infrastructure (pki), which usually corresponds to PKIX in the IETF.

Note:

The pem file generated using openssl (such as openssl genrsa -out rsa_private_key.pem 1024) conforms to the PEM format, with -----BEGIN RSA PRIVATE KEY-- ---Beginning, -----END RSA PRIVATE KEY-----End.

It can also be converted to pkcs8:

openssl pkcs8 -topk8 -inform PEM -in rsa_private_key.pem -outform PEM -nocrypt

After clarifying the above concepts and formats, it is relatively easy to write the public key and private key encryption and decryption methods corresponding to golang. The first is to Decode the pem file, then decode the corresponding password into a structure supported by golang, and then perform corresponding processing.

For private keys, you can perform the following operations to sign:

    block, _ := pem.Decode([]byte(key))
    if block == nil {       // 失败情况
        ....
    }
 
    private, err := x509.ParsePKCS8PrivateKey(block.Bytes)
    if err != nil {
        ...
    }
 
    h := crypto.Hash.New(crypto.SHA1)
    h.Write(data)
    hashed := h.Sum(nil)
 
    // 进行rsa加密签名
    signedData, err := rsa.SignPKCS1v15(rand.Reader, private.(*rsa.PrivateKey), crypto.SHA1, hashed)
    ...

For more golang knowledge, please pay attention to the

golang tutorial column.

The above is the detailed content of Can golang code be encrypted?. For more information, please follow other related articles on the PHP Chinese website!