• Icon: Sub-task Sub-task
    • Resolution: Won't Do
    • Icon: Normal Normal
    • None
    • None
    • None
    • False
    • None
    • False
    • SECFLOWOTL-30 - s2i Security Review

      Never try to develop a homemade cryptographic algorithm or write a new implementation of a known algorithm. Only use tested implementations for encryption, digital signature generation and verification, and other cryptographic algorithms.

      Cryptanalysis is the study of breaking cryptographic algorithms. Cryptanalysts are usually mathematicians who try to break the underlying mathematics or look for implementation faults. As a result, application security must always rely on known and secure algorithms. Real-world implementations often suffer from subtle errors, such as attackers being able to determine the size of a key based on how long the encryption process takes.

      Imported from SD Elements: https://redhat.sdelements.com/bunits/psse-secure-development/group-2-extended-functionality-offerings/openshift-source-to-image-s2i-builder-image/tasks/phase/requirements/106-T59/

      How Tos:

      Go: AES Encryption

      Description

      The following code shows a sample implementation of AES encryption and decryption using crypto/aes, crypto/cipher, and crypto/rand packages.

      Code

      func main() {
          secretKey := []byte(<a 32-char key>)
          data := []byte("SECRET DATA")
          
          // Initializing the cipher block
          block, err := aes.NewCipher(secretKey)
          if err != nil {
                  panic(err.Error())
          }
          
          // Initializing the nounce
          nonce := make([]byte, 12)
          if _, err := rand.Read(nonce); err != nil {
                  panic(err.Error())
          }
          
          // Initializing the Galois Counter Mode (GCM) cipher
          aesgcm, err := cipher.NewGCM(block)
          if err != nil {
                  panic(err.Error())
          }
          
          encryptionResult := aesgcm.Seal(nil, nonce, data, nil)
          fmt.Printf("Encryption Result: %x\n", encryptionResult)
          
          decryptionResult, err := aesgcm.Open(nil, nonce, encryptionResult, nil)
          if err != nil {
                  panic(err.Error())
          }
          
          fmt.Printf("Decryption Result: %s\n", decryptionResult)
      }
      

      References

      Go: Triple DES Encryption

      Triple DES uses the DES algorithm three times on each data block to encrypt the data. In GoLang, Package des implements the Data Encryption Standard (DES) and the Triple Data Encryption Algorithm (TDEA).

      The main functions used are:

      • func NewCipher(key []byte) (cipher.Block, error)
      • func NewTripleDESCipher(key []byte) (cipher.Block, error)

      Below is an example of Triple DES and its use in GoLang.

      Code

      func main() {  
            key := "mysecretPasswordkeySiz24"  
            plainText := "Secret12" 
            cipherText := EncryptTripleDES([]byte(key), plainText)  
            decryptedText := DecryptTripleDES([]byte(key), cipherText)       
      }  
      
      func EncryptTripleDES(key []byte, plaintext string) string {  
          cipher, _ := des.NewTripleDESCipher(key)
          out := make([]byte, len(plaintext))  
          cipher.Encrypt(out, []byte(plaintext)) 
          return hex.EncodeToString(out) 
      }  
      
      func DecryptTripleDES(key []byte, ct string) string {  
             cipherText, _ := hex.DecodeString(ct)  
             cipher, _ := des.NewTripleDESCipher([]byte(key))
             plainText := make([]byte, len(cipherText))  
             cipher.Decrypt(plainText, cipherText)  
             output := string(plainText[:])  
          return output
      }
      

      Note: DES by itself is a cryptographically broken encryption algorithm, and for this reason is not advised for use in your projects.

              gkamathe@redhat.com Gaurav Kamathe
              sdelements Jira-SD-Elements-Integration Bot
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: