Google Tink with Go with fixed IV and Password Salt (AES GCM)In this case, we will investigate generated AES using GCM mode. Overall GCM is a stream cipher mode, and where the same key, IV and plaintext will result in the same cipher text. With GCM, we have a stream cipher, and which is faster than the block modes we have with ECB and CBC. What we should see is that the same plaintext will result in the same ciphertext, for the same encryption key and IV value. |
Coding
The following is the Golang code:
package main import ( "crypto/aes" "crypto/cipher" "crypto/sha256" "fmt" "os" "golang.org/x/crypto/pbkdf2" ) func main() { passwd := "qwerty" nonce := []byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} salt := []byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} pt := "" argCount := len(os.Args[1:]) if argCount > 0 { pt = (os.Args[1]) } key := pbkdf2.Key([]byte(passwd), salt, 10000, 32, sha256.New) block, err := aes.NewCipher(key) if err != nil { panic(err.Error()) } plaintext := []byte(pt) aesgcm, err := cipher.NewGCM(block) if err != nil { panic(err.Error()) } ciphertext := aesgcm.Seal(nil, nonce, plaintext, nil) fmt.Printf("Message:\t%s\n", pt) fmt.Printf("Cipher:\t\t%x\n", ciphertext) fmt.Printf("Key:\t\t%x\n", key) fmt.Printf("Nonce:\t\t%x\n", nonce) plain, _ := aesgcm.Open(nil, nonce, ciphertext, nil) if err != nil { panic(err.Error()) } fmt.Printf("Decrypted:\t%s\n", plain) }
If we try "Testing 123" and a password of "qwerty123":
Message: Testing 123 Cipher: 80f8087e75d6875d56198a082820fb3dc6c0ba7e4bac4f697094e2 Key: 2f7ffec39904ee5b61a73d881f6d2f36c27d2a60a42d828b52b6409dc13d1318 Nonce: 000000000000000000000000 Decrypted: Testing 123
If we use the same encryption key and IV, and encrypt "Testing 1234", we get:
Message: Testing 1234 Cipher: 80f8087e75d6875d56198acf54928581167bca942c9baa407511d4f6 Key: 2f7ffec39904ee5b61a73d881f6d2f36c27d2a60a42d828b52b6409dc13d1318 Nonce: 000000000000000000000000 Decrypted: Testing 1234
If we use the same encryption key and IV, and encrypt "Testing 12354", we get:
Message: Testing 12345 Cipher: 80f8087e75d6875d56198acfa267d902af38c544c7cfb088b51b8b7442 Key: 2f7ffec39904ee5b61a73d881f6d2f36c27d2a60a42d828b52b6409dc13d1318 Nonce: 000000000000000000000000 Decrypted: Testing 12345