· 6 years ago · Apr 10, 2019, 07:52 AM
1import (
2 "crypto/aes"
3 "crypto/cipher"
4 "crypto/rand"
5 "encoding/hex"
6 "os"
7)
8
9// Decrypt will return the original value of the encrypted string
10func Decrypt(encryptedKey []byte) ([]byte, error) {
11 secretKey := getSecret()
12
13 block, err := aes.NewCipher(secretKey)
14
15 if err != nil {
16 return nil, err
17 }
18
19 aesgcm, err := cipher.NewGCM(block)
20 if err != nil {
21 return nil, err
22 }
23
24 if len(encryptedKey) < aesgcm.NonceSize() {
25 // worth panicking when encrypted key is bad
26 panic("Malformed encrypted key")
27 }
28
29 return aesgcm.Open(
30 nil,
31 encryptedKey[:aesgcm.NonceSize()],
32 encryptedKey[aesgcm.NonceSize():],
33 nil,
34 )
35}
36
37func getSecret() []byte {
38 secret := os.Getenv("SECRET")
39 if secret == "" {
40 panic("Error: Must provide a secret key under env variable SECRET")
41 }
42
43 secretbite, err := hex.DecodeString(secret)
44
45 if err != nil {
46 // probably malform secret, panic out
47 panic(err)
48 }
49
50 return secretbite
51}