Golang AES StreamReader加密 – 示例省略了对加密数据的任何身份验证

概述最后,我在StackOverflow上发布了我的第一个问题.我现在使用这个网站多年了,我总能找到所有问题的答案:) 我正在实现一个基于official Golang cipher example的文件加密后台守护进程： func ExampleStreamReader() { key := []byte("example key 1234") inFile, err := os. 最后,我在StackOverflow上发布了我的第一个问题.我现在使用这个网站多年了,我总能找到所有问题的答案:)

我正在实现一个基于official Golang cipher example的文件加密后台守护进程：

func ExampleStreamReader() {    key := []byte("example key 1234")    infile,err := os.Open("encrypted-file")    if err != nil {        panic(err)    }    defer infile.Close()    block,err := aes.NewCipher(key)    if err != nil {        panic(err)    }    // If the key is unique for each ciphertext,then it's ok to use a zero    // IV.    var iv [aes.BlockSize]byte    stream := cipher.NewOFB(block,iv[:])    outfile,err := os.Openfile("decrypted-file",os.O_WRONLY|os.O_CREATE|os.O_Trunc,0600)    if err != nil {        panic(err)    }    defer outfile.Close()    reader := &cipher.StreamReader{S: stream,R: infile}    // copy the input file to the output file,decrypting as we go.    if _,err := io.copy(outfile,reader); err != nil {        panic(err)    }    // Note that this example is simpListic in that it omits any    // authentication of the encrypted data. If you were actually to use    // StreamReader in this manner,an attacker Could flip arbitrary bits in    // the output.}func ExampleStreamWriter() {    key := []byte("example key 1234")    infile,err := os.Open("plaintext-file")    if err != nil {        panic(err)    }    defer infile.Close()    block,err := os.Openfile("encrypted-file",0600)    if err != nil {        panic(err)    }    defer outfile.Close()    writer := &cipher.StreamWriter{S: stream,W: outfile}    // copy the input file to the output file,encrypting as we go.    if _,err := io.copy(writer,infile); err != nil {        panic(err)    }    // Note that this example is simpListic in that it omits any    // authentication of the encrypted data. If you were actually to use    // StreamReader in this manner,an attacker Could flip arbitrary bits in    // the decrypted result.}

以下引用是什么意思？关于我应该注意什么才能提供安全的加密和解密？

Note that this example is simpListic in that it
omits any authentication of the encrypted data. If you were actually
to use StreamReader in this manner,an attacker Could flip arbitrary
bits in the output.

谢谢！

来自维基百科：

The block cipher modes ECB,CBC,OFB,CFB,CTR,and XTS provIDe confIDentiality,but they do not protect against accIDental modification or malicIoUs tampering.

可以在这里找到一个很好的解释：https://security.stackexchange.com/a/33576.

Go支持其他支持完整性和身份验证检查的模式.正如rossum所说,你可以使用GCM或CCM.你可以在godoc.org找到很多例子.例如HashiCorp的memberlist library.

另一个值得一试的图书馆是golang.org/x/crypto/nacl年的NaCL港口：

func Open(out []byte,Box []byte,nonce *[24]byte,key *[32]byte) ([]byte,bool)func Seal(out,message []byte,key *[32]byte) []byte

如果您正在使用小消息,则此API可能会更容易使用.

总结

以上是内存溢出为你收集整理的Golang AES StreamReader加密 – 示例省略了对加密数据的任何身份验证全部内容，希望文章能够帮你解决Golang AES StreamReader加密 – 示例省略了对加密数据的任何身份验证所遇到的程序开发问题。

如果觉得内存溢出网站内容还不错，欢迎将内存溢出网站推荐给程序员好友。