TDvorak/Trackeep
1
0
Fork 0
mirror of https://github.com/Dvorinka/Trackeep.git synced 2026-06-03 20:12:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
main
Trackeep/backend/utils/encryption.go
T
Tomas Dvorak d27cf14110 first test
2026-02-08 14:14:55 +01:00

161 lines
3.5 KiB
Go
Raw Permalink Blame History

package utils
import (
"crypto/aes"
"crypto/cipher"
"crypto/rand"
"crypto/sha256"
"encoding/base64"
"fmt"
"io"
"os"
)
// GetEncryptionKey returns the encryption key from environment
func GetEncryptionKey() ([]byte, error) {
key := os.Getenv("ENCRYPTION_KEY")
if key == "" {
return nil, fmt.Errorf("ENCRYPTION_KEY environment variable not set")
}
// Hash the key to ensure it's exactly 32 bytes for AES-256
hash := sha256.Sum256([]byte(key))
return hash[:], nil
}
// Encrypt encrypts plaintext using AES-GCM
func Encrypt(plaintext string) (string, error) {
key, err := GetEncryptionKey()
if err != nil {
return "", err
}
block, err := aes.NewCipher(key)
if err != nil {
return "", err
}
gcm, err := cipher.NewGCM(block)
if err != nil {
return "", err
}
nonce := make([]byte, gcm.NonceSize())
if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
return "", err
}
ciphertext := gcm.Seal(nonce, nonce, []byte(plaintext), nil)
return base64.StdEncoding.EncodeToString(ciphertext), nil
}
// Decrypt decrypts ciphertext using AES-GCM
func Decrypt(ciphertext string) (string, error) {
key, err := GetEncryptionKey()
if err != nil {
return "", err
}
data, err := base64.StdEncoding.DecodeString(ciphertext)
if err != nil {
return "", err
}
block, err := aes.NewCipher(key)
if err != nil {
return "", err
}
gcm, err := cipher.NewGCM(block)
if err != nil {
return "", err
}
nonceSize := gcm.NonceSize()
if len(data) < nonceSize {
return "", fmt.Errorf("ciphertext too short")
}
nonce, ciphertext_bytes := data[:nonceSize], data[nonceSize:]
plaintext, err := gcm.Open(nil, nonce, ciphertext_bytes, nil)
if err != nil {
return "", err
}
return string(plaintext), nil
}
// EncryptFile encrypts file content and returns the encrypted data
func EncryptFile(content []byte) ([]byte, error) {
key, err := GetEncryptionKey()
if err != nil {
return nil, err
}
block, err := aes.NewCipher(key)
if err != nil {
return nil, err
}
gcm, err := cipher.NewGCM(block)
if err != nil {
return nil, err
}
nonce := make([]byte, gcm.NonceSize())
if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
return nil, err
}
// Prepend nonce to encrypted content
encrypted := gcm.Seal(nonce, nonce, content, nil)
return encrypted, nil
}
// DecryptFile decrypts file content
func DecryptFile(encryptedContent []byte) ([]byte, error) {
key, err := GetEncryptionKey()
if err != nil {
return nil, err
}
block, err := aes.NewCipher(key)
if err != nil {
return nil, err
}
gcm, err := cipher.NewGCM(block)
if err != nil {
return nil, err
}
nonceSize := gcm.NonceSize()
if len(encryptedContent) < nonceSize {
return nil, fmt.Errorf("encrypted content too short")
}
nonce, ciphertext := encryptedContent[:nonceSize], encryptedContent[nonceSize:]
plaintext, err := gcm.Open(nil, nonce, ciphertext, nil)
if err != nil {
return nil, err
}
return plaintext, nil
}
// IsEncrypted checks if content appears to be encrypted (base64 encoded)
func IsEncrypted(content string) bool {
// Simple check: try to base64 decode and see if it looks like encrypted content
_, err := base64.StdEncoding.DecodeString(content)
return err == nil && len(content) > 32 // Encrypted content should be longer than 32 chars
}
// GenerateEncryptionKey generates a new random encryption key
func GenerateEncryptionKey() (string, error) {
key := make([]byte, 32)
if _, err := rand.Read(key); err != nil {
return "", err
}
return base64.StdEncoding.EncodeToString(key), nil
}
Reference in New Issue View Git Blame Copy Permalink