crypto/cipher: Add AES-GCM encryption and decryption example

Add example of how to use the aes package to implement AES encryption and decryption within an application. Per feedback, use more secure AES-GCM implementation as an example in crypto/cipher instead of AES directly. Change-Id: I84453ebb18e0bc79344a24171a031ec0d7ccec2e Reviewed-on: https://go-review.googlesource.com/18803Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>

crypto/cipher: Add AES-GCM encryption and decryption example
Add example of how to use the aes package to implement AES encryption and decryption within an application. Per feedback, use more secure AES-GCM implementation as an example in crypto/cipher instead of AES directly. Change-Id: I84453ebb18e0bc79344a24171a031ec0d7ccec2e Reviewed-on: https://go-review.googlesource.com/18803Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
980364b7 · Kevin Kirsche · Brad Fitzpatrick · 830143fa · 980364b7
Commit 980364b7 authored Jan 22, 2016 by Kevin Kirsche Committed by Brad Fitzpatrick Jan 26, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 52 additions and 0 deletions

example_test.go src/crypto/cipher/example_test.go +52 -0

No files found.
--- a/src/crypto/cipher/example_test.go
+++ b/src/crypto/cipher/example_test.go
@@ -14,6 +14,58 @@ import (
 	"os"
 )

+func ExampleNewGCMEncrypter() {
+	// The key argument should be the AES key, either 16 or 32 bytes
+	// to select AES-128 or AES-256.
+	key := []byte("AES256Key-32Characters1234567890")
+	plaintext := []byte("exampleplaintext")
+
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		panic(err.Error())
+	}
+
+	// Never use more than 2^32 random nonces with a given key because of the risk of a repeat.
+	nonce := make([]byte, 12)
+	if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
+		panic(err.Error())
+	}
+
+	aesgcm, err := cipher.NewGCM(block)
+	if err != nil {
+		panic(err.Error())
+	}
+
+	ciphertext := aesgcm.Seal(nil, nonce, plaintext, nil)
+	fmt.Printf("%x\n", ciphertext)
+}
+
+func ExampleNewGCMDecrypter() {
+	// The key argument should be the AES key, either 16 or 32 bytes
+	// to select AES-128 or AES-256.
+	key := []byte("AES256Key-32Characters1234567890")
+	ciphertext, _ := hex.DecodeString("f90fbef747e7212ad7410d0eee2d965de7e890471695cddd2a5bc0ef5da1d04ad8147b62141ad6e4914aee8c512f64fba9037603d41de0d50b718bd665f019cdcd")
+
+	nonce, _ := hex.DecodeString("bb8ef84243d2ee95a41c6c57")
+
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		panic(err.Error())
+	}
+
+	aesgcm, err := cipher.NewGCM(block)
+	if err != nil {
+		panic(err.Error())
+	}
+
+	plaintext, err := aesgcm.Open(nil, nonce, ciphertext, nil)
+	if err != nil {
+		panic(err.Error())
+	}
+
+	fmt.Printf("%s\n", string(plaintext))
+}
+
 func ExampleNewCBCDecrypter() {
 	key := []byte("example key 1234")
 	ciphertext, _ := hex.DecodeString("f363f3ccdcb12bb883abf484ba77d9cd7d32b5baecb3d4b1b3e0e4beffdb3ded")