pocketbase/tools/security/encrypt.go

package security

import (
	"crypto/aes"
	"crypto/cipher"
	crand "crypto/rand"
	"encoding/base64"
	"io"
)

// Encrypt encrypts data with key (must be valid 32 char aes key).
func Encrypt(data []byte, key string) (string, error) {
	block, err := aes.NewCipher([]byte(key))
	if err != nil {
		return "", err
	}

	gcm, err := cipher.NewGCM(block)
	if err != nil {
		return "", err
	}

	nonce := make([]byte, gcm.NonceSize())

	// populates the nonce with a cryptographically secure random sequence
	if _, err := io.ReadFull(crand.Reader, nonce); err != nil {
		return "", err
	}

	cipherByte := gcm.Seal(nonce, nonce, data, nil)

	result := base64.StdEncoding.EncodeToString(cipherByte)

	return result, nil
}

// Decrypt decrypts encrypted text with key (must be valid 32 chars aes key).
func Decrypt(cipherText string, key string) ([]byte, error) {
	block, err := aes.NewCipher([]byte(key))
	if err != nil {
		return nil, err
	}

	gcm, err := cipher.NewGCM(block)
	if err != nil {
		return nil, err
	}

	nonceSize := gcm.NonceSize()

	cipherByte, err := base64.StdEncoding.DecodeString(cipherText)
	if err != nil {
		return nil, err
	}

	nonce, cipherByteClean := cipherByte[:nonceSize], cipherByte[nonceSize:]
	return gcm.Open(nil, nonce, cipherByteClean, nil)
}
initial public commit 2022-07-07 05:19:05 +08:00			`package security`

			`import (`
			`"crypto/aes"`
			`"crypto/cipher"`
			`crand "crypto/rand"`
			`"encoding/base64"`
			`"io"`
			`)`

			`// Encrypt encrypts data with key (must be valid 32 char aes key).`
			`func Encrypt(data []byte, key string) (string, error) {`
			`block, err := aes.NewCipher([]byte(key))`
			`if err != nil {`
			`return "", err`
			`}`

			`gcm, err := cipher.NewGCM(block)`
			`if err != nil {`
			`return "", err`
			`}`

			`nonce := make([]byte, gcm.NonceSize())`

			`// populates the nonce with a cryptographically secure random sequence`
			`if _, err := io.ReadFull(crand.Reader, nonce); err != nil {`
			`return "", err`
			`}`

			`cipherByte := gcm.Seal(nonce, nonce, data, nil)`

			`result := base64.StdEncoding.EncodeToString(cipherByte)`

			`return result, nil`
			`}`

			`// Decrypt decrypts encrypted text with key (must be valid 32 chars aes key).`
			`func Decrypt(cipherText string, key string) ([]byte, error) {`
			`block, err := aes.NewCipher([]byte(key))`
			`if err != nil {`
			`return nil, err`
			`}`

			`gcm, err := cipher.NewGCM(block)`
			`if err != nil {`
			`return nil, err`
			`}`

			`nonceSize := gcm.NonceSize()`

			`cipherByte, err := base64.StdEncoding.DecodeString(cipherText)`
			`if err != nil {`
			`return nil, err`
			`}`

			`nonce, cipherByteClean := cipherByte[:nonceSize], cipherByte[nonceSize:]`
[#114] simplified some code by returning early and added cap for slices 2022-07-15 00:26:08 +08:00			`return gcm.Open(nil, nonce, cipherByteClean, nil)`
initial public commit 2022-07-07 05:19:05 +08:00			`}`