crypto

package
v0.5.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 13, 2025 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// Common.
	ErrAtLeastOneKeyRequired        = errors.New("at least one of privateKey or publicKey must be provided")
	ErrPublicKeyRequiredForEncrypt  = errors.New("public key is required for encryption")
	ErrPrivateKeyRequiredForDecrypt = errors.New("private key is required for decryption")
	ErrFailedDecodePEMBlock         = errors.New("failed to decode PEM block")
	ErrUnsupportedPEMType           = errors.New("unsupported PEM type")

	// AES.
	ErrInvalidAESKeySize            = errors.New("invalid AES key size")
	ErrInvalidIVSizeCBC             = errors.New("invalid IV size for CBC mode")
	ErrCiphertextNotMultipleOfBlock = errors.New("ciphertext is not a multiple of the block size")
	ErrCiphertextTooShort           = errors.New("ciphertext too short")
	ErrDataEmpty                    = errors.New("data is empty")
	ErrInvalidPadding               = errors.New("invalid padding")

	// RSA.
	ErrNotRSAPrivateKey = errors.New("not an RSA private key")
	ErrNotRSAPublicKey  = errors.New("not an RSA public key")

	// SM4.
	ErrInvalidSM4KeySize = errors.New("invalid SM4 key size")
)

Functions

This section is empty.

Types

type AESCipher 

type AESCipher struct {
	// contains filtered or unexported fields
}

AESCipher implements Cipher interface using AES encryption.

func (*AESCipher) Decrypt 

func (a *AESCipher) Decrypt(ciphertext string) (string, error)

Decrypt decrypts the base64-encoded ciphertext using AES and returns plaintext.

func (*AESCipher) Encrypt 

func (a *AESCipher) Encrypt(plaintext string) (string, error)

Encrypt encrypts the plaintext using AES and returns base64-encoded ciphertext.

type AESMode 

type AESMode string

AESMode defines the AES encryption mode. 

const (
	// AESModeCBC uses AES-CBC mode with PKCS7 padding.
	AESModeCBC AESMode = "CBC"
	// AESModeGCM uses AES-GCM mode (authenticated encryption).
	AESModeGCM AESMode = "GCM"
)

type Cipher 

type Cipher interface {
	Encryptor
	Decryptor
}

Cipher defines the interface for both encryption and decryption operations.

func NewAES 

func NewAES(key, iv []byte, mode ...AESMode) (Cipher, error)

NewAES creates a new AES cipher with the given key, IV, and optional mode. For CBC mode: key must be 16, 24, or 32 bytes (AES-128, AES-192, AES-256), IV must be 16 bytes. For GCM mode: key must be 16, 24, or 32 bytes, IV is not used (GCM generates random nonce). If mode is not specified, defaults to AESModeGCM.

func NewAESFromBase64 

func NewAESFromBase64(keyBase64, ivBase64 string, mode ...AESMode) (Cipher, error)

NewAESFromBase64 creates a new AES cipher from base64-encoded key and IV strings. If mode is not specified, defaults to AESModeGCM.

func NewAESFromHex 

func NewAESFromHex(keyHex, ivHex string, mode ...AESMode) (Cipher, error)

NewAESFromHex creates a new AES cipher from hex-encoded key and IV strings. If mode is not specified, defaults to AESModeGCM.

func NewRSA 

func NewRSA(privateKey *rsa.PrivateKey, publicKey *rsa.PublicKey, mode ...RSAMode) (Cipher, error)

NewRSA creates a new RSA cipher with the given private and public keys and optional mode. For encryption-only operations, privateKey can be nil. For decryption-only operations, publicKey can be nil. If mode is not specified, defaults to RSAModeOAEP (recommended).

func NewRSAFromBase64 

func NewRSAFromBase64(privateKeyBase64, publicKeyBase64 string, mode ...RSAMode) (Cipher, error)

NewRSAFromBase64 creates a new RSA cipher from base64-encoded DER keys. Either privateKeyBase64 or publicKeyBase64 can be empty, but not both. If mode is not specified, defaults to RSAModeOAEP (recommended).

func NewRSAFromHex 

func NewRSAFromHex(privateKeyHex, publicKeyHex string, mode ...RSAMode) (Cipher, error)

NewRSAFromHex creates a new RSA cipher from hex-encoded DER keys. Either privateKeyHex or publicKeyHex can be empty, but not both. If mode is not specified, defaults to RSAModeOAEP (recommended).

func NewRSAFromPEM 

func NewRSAFromPEM(privatePEM, publicPEM []byte, mode ...RSAMode) (Cipher, error)

NewRSAFromPEM creates a new RSA cipher from PEM-encoded keys. Either privatePEM or publicPEM can be nil, but not both. If mode is not specified, defaults to RSAModeOAEP (recommended).

func NewSM2 

func NewSM2(privateKey *sm2.PrivateKey, publicKey *sm2.PublicKey) (Cipher, error)

NewSM2 creates a new SM2 cipher with the given private and public keys. For encryption-only operations, privateKey can be nil. For decryption-only operations, publicKey can be nil.

func NewSM2FromBase64 

func NewSM2FromBase64(privateKeyBase64, publicKeyBase64 string) (Cipher, error)

NewSM2FromBase64 creates a new SM2 cipher from base64-encoded keys. Either privateKeyBase64 or publicKeyBase64 can be empty, but not both.

func NewSM2FromHex 

func NewSM2FromHex(privateKeyHex, publicKeyHex string) (Cipher, error)

NewSM2FromHex creates a new SM2 cipher from hex-encoded keys. Either privateKeyHex or publicKeyHex can be empty, but not both.

func NewSM2FromPEM 

func NewSM2FromPEM(privatePEM, publicPEM []byte) (Cipher, error)

NewSM2FromPEM creates a new SM2 cipher from PEM-encoded keys. Either privatePEM or publicPEM can be nil, but not both.

func NewSM4 

func NewSM4(key, iv []byte, mode ...SM4Mode) (Cipher, error)

NewSM4 creates a new SM4 cipher with the given key, IV, and optional mode. Key must be 16 bytes (128 bits). For CBC mode: IV must be 16 bytes. For ECB mode: IV is not used. If mode is not specified, defaults to SM4ModeCBC.

func NewSM4FromBase64 

func NewSM4FromBase64(keyBase64, ivBase64 string, mode ...SM4Mode) (Cipher, error)

NewSM4FromBase64 creates a new SM4 cipher from base64-encoded key and IV strings. If mode is not specified, defaults to SM4ModeCBC.

func NewSM4FromHex 

func NewSM4FromHex(keyHex, ivHex string, mode ...SM4Mode) (Cipher, error)

NewSM4FromHex creates a new SM4 cipher from hex-encoded key and IV strings. If mode is not specified, defaults to SM4ModeCBC.

type Decryptor 

type Decryptor interface {
	// Decrypt decrypts the encrypted string and returns the plaintext string.
	// The encrypted string is typically base64-encoded or hex-encoded.
	// Returns an error if decryption fails (e.g., invalid format, wrong key, corrupted data).
	Decrypt(ciphertext string) (string, error)
}

Decryptor defines the interface for decrypting ciphertext data.

type Encryptor 

type Encryptor interface {
	// Encrypt encrypts the plaintext string and returns the encrypted string.
	// The returned string is typically base64-encoded or hex-encoded.
	// Returns an error if encryption fails.
	Encrypt(plaintext string) (string, error)
}

Encryptor defines the interface for encrypting plaintext data.

type RSACipher 

type RSACipher struct {
	// contains filtered or unexported fields
}

RSACipher implements Cipher interface using RSA encryption.

func (*RSACipher) Decrypt 

func (r *RSACipher) Decrypt(ciphertext string) (string, error)

Decrypt decrypts the base64-encoded ciphertext using RSA private key and returns plaintext.

func (*RSACipher) Encrypt 

func (r *RSACipher) Encrypt(plaintext string) (string, error)

Encrypt encrypts the plaintext using RSA public key and returns base64-encoded ciphertext.

type RSAMode 

type RSAMode string

RSAMode defines the RSA encryption mode. 

const (
	// RSAModeOAEP uses RSA-OAEP mode with SHA-256 (recommended).
	RSAModeOAEP RSAMode = "OAEP"
	// RSAModePKCS1v15 uses RSA-PKCS1v15 mode (legacy, less secure).
	RSAModePKCS1v15 RSAMode = "PKCS1v15"
)

type SM2Cipher 

type SM2Cipher struct {
	// contains filtered or unexported fields
}

SM2Cipher implements Cipher interface using SM2 encryption (国密算法).

func (*SM2Cipher) Decrypt 

func (s *SM2Cipher) Decrypt(ciphertext string) (string, error)

Decrypt decrypts the base64-encoded ciphertext using SM2 private key and returns plaintext.

func (*SM2Cipher) Encrypt 

func (s *SM2Cipher) Encrypt(plaintext string) (string, error)

Encrypt encrypts the plaintext using SM2 public key and returns base64-encoded ciphertext.

type SM4Cipher 

type SM4Cipher struct {
	// contains filtered or unexported fields
}

SM4Cipher implements Cipher interface using SM4 encryption (国密算法).

func (*SM4Cipher) Decrypt 

func (s *SM4Cipher) Decrypt(ciphertext string) (string, error)

Decrypt decrypts the base64-encoded ciphertext using SM4 and returns plaintext.

func (*SM4Cipher) Encrypt 

func (s *SM4Cipher) Encrypt(plaintext string) (string, error)

Encrypt encrypts the plaintext using SM4 and returns base64-encoded ciphertext.

type SM4Mode 

type SM4Mode string

SM4Mode defines the SM4 encryption mode. 

const (
	// SM4ModeCBC uses SM4-CBC mode with PKCS7 padding.
	SM4ModeCBC SM4Mode = "CBC"
	// SM4ModeECB uses SM4-ECB mode with PKCS7 padding.
	SM4ModeECB SM4Mode = "ECB"
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.