· 6 years ago · Apr 10, 2019, 07:56 AM
1import (
2 "crypto/aes"
3 "crypto/cipher"
4 "crypto/rand"
5 "encoding/hex"
6 "os"
7)
8
9// Encrypt will encrypt a raw string to
10// an encrypted value
11// an encrypted value has an IV (nonce) + actual encrypted value
12// when we decrypt, we only decrypt the latter part
13func Encrypt(key []byte) ([]byte, error) {
14 secretKey := getSecret()
15
16 block, err := aes.NewCipher(secretKey)
17 if err != nil {
18 return nil, err
19 }
20
21 aesgcm, err := cipher.NewGCM(block)
22 if err != nil {
23 return nil, err
24 }
25
26 iv := make([]byte, aesgcm.NonceSize())
27 if _, err := rand.Read(iv); err != nil {
28 return nil, err
29 }
30
31 ciphertext := aesgcm.Seal(iv, iv, key, nil)
32
33 return ciphertext, nil
34}
35
36func getSecret() []byte {
37 secret := os.Getenv("SECRET")
38 if secret == "" {
39 panic("Error: Must provide a secret key under env variable SECRET")
40 }
41
42 secretbite, err := hex.DecodeString(secret)
43
44 if err != nil {
45 // probably malform secret, panic out
46 panic(err)
47 }
48
49 return secretbite
50}