go-openssl/README.md

[![](https://badges.fyi/static/godoc/reference/5272B4)](https://pkg.go.dev/github.com/Luzifer/go-openssl/v4)
[![Go Report Card](https://goreportcard.com/badge/github.com/Luzifer/go-openssl)](https://goreportcard.com/report/github.com/Luzifer/go-openssl)
![](https://badges.fyi/github/license/Luzifer/go-openssl)
![](https://badges.fyi/github/latest-tag/Luzifer/go-openssl)
[![](https://travis-ci.org/Luzifer/go-openssl.svg?branch=master)](https://travis-ci.org/Luzifer/go-openssl)

# Luzifer / go-openssl

`go-openssl` is a small library wrapping the `crypto/aes` functions in a way the output is compatible to OpenSSL / CryptoJS. For all encryption / decryption processes AES256 is used so this library will not be able to decrypt messages generated with other than `openssl aes-256-cbc`. If you're using CryptoJS to process the data you also need to use AES256 on that side.

## Version support

For this library only the latest major version is supported. All prior major versions should no longer be used.

The versioning is following [SemVer](https://semver.org/) which means upgrading to a newer major version will break your code!

## OpenSSL compatibility

### 1.1.0c

Starting with `v2.0.0` `go-openssl` generates the encryption keys using `sha256sum` algorithm. This is the default introduced in OpenSSL 1.1.0c. When encrypting data you can choose which digest method to use and therefore also continue to use `md5sum`. When decrypting OpenSSL encrypted data `md5sum`, `sha1sum` and `sha256sum` are supported.

### 1.1.1

Starting with `v4.0.0` `go-openssl` is capable of using the PBKDF2 key derivation method for encryption. You can choose to use it by passing the corresponding `CredsGenerator`.

## Installation

```bash
# Get the latest version
go get github.com/Luzifer/go-openssl/v4
```

## Usage example

The usage is quite simple as you don't need any special knowledge about OpenSSL and/or AES256:

### Encrypt

```go
import (
  "fmt"
  openssl "github.com/Luzifer/go-openssl/v4"
)

func main() {
  plaintext := "Hello World!"
  passphrase := "z4yH36a6zerhfE5427ZV"

  o := openssl.New()

  enc, err := o.EncryptBytes(passphrase, []byte(plaintext), PBKDF2SHA256)
  if err != nil {
    fmt.Printf("An error occurred: %s\n", err)
  }

  fmt.Printf("Encrypted text: %s\n", string(enc))
}
```

### Decrypt

```go
import (
  "fmt"
  openssl "github.com/Luzifer/go-openssl/v4"
)

func main() {
  opensslEncrypted := "U2FsdGVkX19ZM5qQJGe/d5A/4pccgH+arBGTp+QnWPU="
  passphrase := "z4yH36a6zerhfE5427ZV"

  o := openssl.New()

  dec, err := o.DecryptBytes(passphrase, []byte(opensslEncrypted), BytesToKeyMD5)
  if err != nil {
    fmt.Printf("An error occurred: %s\n", err)
  }

  fmt.Printf("Decrypted text: %s\n", string(dec))
}
```

## Testing

To execute the tests for this library you need to be on a system having `/bin/bash` and `openssl` available as the compatibility of the output is tested directly against the `openssl` binary. The library itself should be usable on all operating systems supported by Go and `crypto/aes`.
Update link for pkg docs Signed-off-by: Knut Ahlers <knut@ahlers.me> 2020-06-13 13:40:43 +00:00			`[![](https://badges.fyi/static/godoc/reference/5272B4)](https://pkg.go.dev/github.com/Luzifer/go-openssl/v4)`
Adjust README Signed-off-by: Knut Ahlers <knut@ahlers.me> 2018-09-11 09:39:05 +00:00			`[![Go Report Card](https://goreportcard.com/badge/github.com/Luzifer/go-openssl)](https://goreportcard.com/report/github.com/Luzifer/go-openssl)`
			`![](https://badges.fyi/github/license/Luzifer/go-openssl)`
			`![](https://badges.fyi/github/latest-tag/Luzifer/go-openssl)`
			`[![](https://travis-ci.org/Luzifer/go-openssl.svg?branch=master)](https://travis-ci.org/Luzifer/go-openssl)`

Initial version of go-openssl 2015-07-17 21:49:39 +00:00			`# Luzifer / go-openssl`

Added hint about compatibility to CryptoJS closes #1 2015-12-01 13:43:22 +00:00			`go-openssl` is a small library wrapping the `crypto/aes` functions in a way the output is compatible to OpenSSL / CryptoJS. For all encryption / decryption processes AES256 is used so this library will not be able to decrypt messages generated with other than `openssl aes-256-cbc`. If you're using CryptoJS to process the data you also need to use AES256 on that side.
Initial version of go-openssl 2015-07-17 21:49:39 +00:00
Breaking: Fix race condition with guessing messagedigest - This removes messagedigest guessing as it might lead to race conditions during decryption when an md5 digest works as a valid key for the sha256 encrypted data - This removes deprecated functions (the previous point introduces a breaking change so this does not introduce another one) fixes #10 Signed-off-by: Knut Ahlers <knut@ahlers.me> 2018-11-02 11:37:30 +00:00			`## Version support`

			`For this library only the latest major version is supported. All prior major versions should no longer be used.`

			`The versioning is following [SemVer](https://semver.org/) which means upgrading to a newer major version will break your code!`

			`## OpenSSL compatibility`

			`### 1.1.0c`
Document hashing algorithms Signed-off-by: Knut Ahlers <knut@ahlers.me> 2018-03-21 10:49:58 +00:00
Adjust README Signed-off-by: Knut Ahlers <knut@ahlers.me> 2018-09-11 09:39:05 +00:00			Starting with `v2.0.0` `go-openssl` generates the encryption keys using `sha256sum` algorithm. This is the default introduced in OpenSSL 1.1.0c. When encrypting data you can choose which digest method to use and therefore also continue to use `md5sum`. When decrypting OpenSSL encrypted data `md5sum`, `sha1sum` and `sha256sum` are supported.
Document hashing algorithms Signed-off-by: Knut Ahlers <knut@ahlers.me> 2018-03-21 10:49:58 +00:00
Breaking: Fix race condition with guessing messagedigest - This removes messagedigest guessing as it might lead to race conditions during decryption when an md5 digest works as a valid key for the sha256 encrypted data - This removes deprecated functions (the previous point introduces a breaking change so this does not introduce another one) fixes #10 Signed-off-by: Knut Ahlers <knut@ahlers.me> 2018-11-02 11:37:30 +00:00			`### 1.1.1`

Breaking: Implement PBKFD2 key derivation (#18) 2020-06-13 13:29:46 +00:00			Starting with `v4.0.0` `go-openssl` is capable of using the PBKDF2 key derivation method for encryption. You can choose to use it by passing the corresponding `CredsGenerator`.
Breaking: Fix race condition with guessing messagedigest - This removes messagedigest guessing as it might lead to race conditions during decryption when an md5 digest works as a valid key for the sha256 encrypted data - This removes deprecated functions (the previous point introduces a breaking change so this does not introduce another one) fixes #10 Signed-off-by: Knut Ahlers <knut@ahlers.me> 2018-11-02 11:37:30 +00:00
Initial version of go-openssl 2015-07-17 21:49:39 +00:00			`## Installation`

Breaking: Fix race condition with guessing messagedigest - This removes messagedigest guessing as it might lead to race conditions during decryption when an md5 digest works as a valid key for the sha256 encrypted data - This removes deprecated functions (the previous point introduces a breaking change so this does not introduce another one) fixes #10 Signed-off-by: Knut Ahlers <knut@ahlers.me> 2018-11-02 11:37:30 +00:00			```bash
			`# Get the latest version`
Update documentation to use modules format Signed-off-by: Knut Ahlers <knut@ahlers.me> 2020-06-13 16:50:55 +00:00			`go get github.com/Luzifer/go-openssl/v4`
Initial version of go-openssl 2015-07-17 21:49:39 +00:00			```

			`## Usage example`

			`The usage is quite simple as you don't need any special knowledge about OpenSSL and/or AES256:`

			`### Encrypt`

			```go
			`import (`
			`"fmt"`
Update documentation to use modules format Signed-off-by: Knut Ahlers <knut@ahlers.me> 2020-06-13 16:50:55 +00:00			`openssl "github.com/Luzifer/go-openssl/v4"`
Initial version of go-openssl 2015-07-17 21:49:39 +00:00			`)`

			`func main() {`
			`plaintext := "Hello World!"`
			`passphrase := "z4yH36a6zerhfE5427ZV"`

			`o := openssl.New()`

Breaking: Implement PBKFD2 key derivation (#18) 2020-06-13 13:29:46 +00:00			`enc, err := o.EncryptBytes(passphrase, []byte(plaintext), PBKDF2SHA256)`
Initial version of go-openssl 2015-07-17 21:49:39 +00:00			`if err != nil {`
			`fmt.Printf("An error occurred: %s\n", err)`
			`}`

			`fmt.Printf("Encrypted text: %s\n", string(enc))`
			`}`
			```

			`### Decrypt`

			```go
			`import (`
			`"fmt"`
Update documentation to use modules format Signed-off-by: Knut Ahlers <knut@ahlers.me> 2020-06-13 16:50:55 +00:00			`openssl "github.com/Luzifer/go-openssl/v4"`
Initial version of go-openssl 2015-07-17 21:49:39 +00:00			`)`

			`func main() {`
			`opensslEncrypted := "U2FsdGVkX19ZM5qQJGe/d5A/4pccgH+arBGTp+QnWPU="`
Adjust README Signed-off-by: Knut Ahlers <knut@ahlers.me> 2018-09-11 09:39:05 +00:00			`passphrase := "z4yH36a6zerhfE5427ZV"`
Initial version of go-openssl 2015-07-17 21:49:39 +00:00
Adjust README Signed-off-by: Knut Ahlers <knut@ahlers.me> 2018-09-11 09:39:05 +00:00			`o := openssl.New()`
Initial version of go-openssl 2015-07-17 21:49:39 +00:00
Breaking: Implement PBKFD2 key derivation (#18) 2020-06-13 13:29:46 +00:00			`dec, err := o.DecryptBytes(passphrase, []byte(opensslEncrypted), BytesToKeyMD5)`
Adjust README Signed-off-by: Knut Ahlers <knut@ahlers.me> 2018-09-11 09:39:05 +00:00			`if err != nil {`
			`fmt.Printf("An error occurred: %s\n", err)`
			`}`
Initial version of go-openssl 2015-07-17 21:49:39 +00:00
			`fmt.Printf("Decrypted text: %s\n", string(dec))`
			`}`
			```

			`## Testing`

			To execute the tests for this library you need to be on a system having `/bin/bash` and `openssl` available as the compatibility of the output is tested directly against the `openssl` binary. The library itself should be usable on all operating systems supported by Go and `crypto/aes`.