Some notes on symmetric encryption in golang

Working today on passing around secure parameters I came across the post
Instead of LibSodium, you should use the nacl/box library that is part of golang.org/x/crypto. [1]

here is a simple example using the suggested libraries

the encrypt import suggested [1]

"golang.org/x/crypto/nacl/secretbox"

func getRandomNonce() ([]byte, [24]byte) {
    iv := make([]byte, 24)
    if _, err := io.ReadFull(rand.Reader, iv); err != nil {
        panic(err)
    }
    return iv, [24]byte(iv)
}

func encryptSecret(plainText []byte) ([]byte, [24]byte) {
    nonce, np := getRandomNonce()
    symKey := [32]byte(secretKeyBytes)
    encrypted := secretbox.Seal(nonce, plainText, &np, &symKey)
    hex.EncodeToString(encrypted)
    return encrypted, np
}

func decryptSecret(cypherText []byte, decryptNonce [24]byte) []byte {
    symKey := [32]byte(secretKeyBytes)
    decrypted, ok := secretbox.Open(nil, cypherText[24:], &decryptNonce, &symKey)
    if !ok {
        panic("decryption error")
    }
    return decrypted
}

and here is a test

func TestSymmEncrypt(t *testing.T) {
    plainText := "this is pop"
    cypherText, decryptNonce := encryptSecret([]byte(plainText))
    hopePlainText := decryptSecret(cypherText, decryptNonce)
    fmt.Println(string(hopePlainText))
}

notes

• [1] is a good example of why we cant just cut and paste crypto code and hope for the best, its humbling to see even good cryptographers make mistakes
• its amazing how often the crypto random source and its use is a basic repeated error in so much code
• golangs rand.Reader uses getrandom(2)[2], its worth it to read the man page to see its limitations from [2] "entropy pool has been initialized and the request size is large (buflen > 256), the call either succeeds, returning a partially filled buffer" oops!

philosophical notes

• is the universe deterministic if yes then we should be able to get a truly random source, however for the believers of science there has always been an argument for a non deterministic universe
• struggling with crypto? => Zen proverb "Hell, also, is a place to live in."

Comments

[Vidyarathna Bhat]

This post offers a clear and insightful exploration of symmetric encryption in Go, blending technical guidance with philosophical reflections seamlessly. Great work!