-
Sub-task
-
Resolution: Won't Do
-
Normal
-
None
-
None
-
None
-
False
-
None
-
False
-
SECFLOWOTL-30 - s2i Security Review
-
-
Never try to develop a homemade cryptographic algorithm or write a new implementation of a known algorithm. Only use tested implementations for encryption, digital signature generation and verification, and other cryptographic algorithms.
Cryptanalysis is the study of breaking cryptographic algorithms. Cryptanalysts are usually mathematicians who try to break the underlying mathematics or look for implementation faults. As a result, application security must always rely on known and secure algorithms. Real-world implementations often suffer from subtle errors, such as attackers being able to determine the size of a key based on how long the encryption process takes.
Imported from SD Elements: https://redhat.sdelements.com/bunits/psse-secure-development/group-2-extended-functionality-offerings/openshift-source-to-image-s2i-builder-image/tasks/phase/requirements/106-T59/
How Tos:
Go: AES Encryption
Description
The following code shows a sample implementation of AES encryption and decryption using crypto/aes, crypto/cipher, and crypto/rand packages.
Code
func main() { secretKey := []byte(<a 32-char key>) data := []byte("SECRET DATA") // Initializing the cipher block block, err := aes.NewCipher(secretKey) if err != nil { panic(err.Error()) } // Initializing the nounce nonce := make([]byte, 12) if _, err := rand.Read(nonce); err != nil { panic(err.Error()) } // Initializing the Galois Counter Mode (GCM) cipher aesgcm, err := cipher.NewGCM(block) if err != nil { panic(err.Error()) } encryptionResult := aesgcm.Seal(nil, nonce, data, nil) fmt.Printf("Encryption Result: %x\n", encryptionResult) decryptionResult, err := aesgcm.Open(nil, nonce, encryptionResult, nil) if err != nil { panic(err.Error()) } fmt.Printf("Decryption Result: %s\n", decryptionResult) }
References
Go: Triple DES Encryption
Triple DES uses the DES algorithm three times on each data block to encrypt the data. In GoLang, Package des implements the Data Encryption Standard (DES) and the Triple Data Encryption Algorithm (TDEA).
The main functions used are:
- func NewCipher(key []byte) (cipher.Block, error)
- func NewTripleDESCipher(key []byte) (cipher.Block, error)
Below is an example of Triple DES and its use in GoLang.
Code
func main() { key := "mysecretPasswordkeySiz24" plainText := "Secret12" cipherText := EncryptTripleDES([]byte(key), plainText) decryptedText := DecryptTripleDES([]byte(key), cipherText) }
func EncryptTripleDES(key []byte, plaintext string) string { cipher, _ := des.NewTripleDESCipher(key) out := make([]byte, len(plaintext)) cipher.Encrypt(out, []byte(plaintext)) return hex.EncodeToString(out) }
func DecryptTripleDES(key []byte, ct string) string { cipherText, _ := hex.DecodeString(ct) cipher, _ := des.NewTripleDESCipher([]byte(key)) plainText := make([]byte, len(cipherText)) cipher.Decrypt(plainText, cipherText) output := string(plainText[:]) return output }
Note: DES by itself is a cryptographically broken encryption algorithm, and for this reason is not advised for use in your projects.