blob: a048eb0490a6ae23c1b2f3ece1a969362282eb76 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
# goaes
`goaes` is a very simple tool for encrypting files with AES-256 GCM.
## about
I wanted to write some Go and encryption fascinates me, so I wrote `goaes`.
### what it is
- it's fun
- it's fast
- it's simple
### what it isn't
- it's not meant for production
- it's not meant for sensitive data
- it's not secure
## how it works
- it uses [Argon2id](https://en.wikipedia.org/wiki/Argon2)
- time: `3`
- memory: `256mb`
- threads: `4`
- key length: `32`
- it uses [key wrapping](https://en.wikipedia.org/wiki/Key_wrap)
## getting started
1. Generate a new passphrase.
```bash
goaes generate
```
Don't use this one. This one is mine.
```
XGfpiNUvKJy8k7KeUEyhev4jkTIajb1s9CMJP9xH/7A=
```
2. Set `GOAES_PASSPHRASE` to the passphrase.
3. Run the `goaes encrypt` command.
```bash
export GOAES_PASSPHRASE=XGfpiNUvKJy8k7KeUEyhev4jkTIajb1s9CMJP9xH/7A=
goaes encrypt ./input.txt
```
```bash
hexdump -C ./input.txt.goaes
00000000 3e 7f 03 01 01 14 45 6e 63 72 79 70 74 65 64 44 |>.....EncryptedD|
00000010 61 74 61 50 61 79 6c 6f 61 64 01 ff 80 00 01 03 |ataPayload......|
00000020 01 03 44 45 4b 01 0a 00 01 04 53 61 6c 74 01 0a |..DEK.....Salt..|
00000030 00 01 07 50 61 79 6c 6f 61 64 01 0a 00 00 00 ff |...Payload......|
00000040 8d ff 80 01 3c a6 d4 3d 5d ab b3 49 74 dd 5d 0f |....<..=]..It.].|
00000050 1d bc 93 01 78 c9 5a 39 37 53 8f 09 40 56 00 a0 |....x.Z97S..@V..|
00000060 5a a2 03 7c 71 ae 2f 54 f4 fc d9 0d f4 35 b5 df |Z..|q./T.....5..|
00000070 21 e0 18 ef 54 60 3b 61 38 f5 3b 79 be 08 c4 a5 |!...T`;a8.;y....|
00000080 c4 01 20 49 2d 4d 72 02 d0 43 a3 e6 2c 30 6f ba |.. I-Mr..C..,0o.|
00000090 66 ed cd b4 13 d6 24 8f e4 8c 07 5a 09 0a a2 e8 |f.....$....Z....|
000000a0 75 08 8f 01 28 b5 16 a9 f4 98 6d 55 32 86 57 01 |u...(.....mU2.W.|
000000b0 09 24 4f 82 72 ba 0f ee 88 6d 07 b8 e3 ff af 16 |.$O.r....m......|
000000c0 89 45 bb 87 50 e0 a2 82 ee 25 88 63 7d 00 |.E..P....%.c}.|
000000ce
```
### usage
```bash
NAME:
goaes - Simple AES encryption built with Go
USAGE:
goaes [global options] [command [command options]]
COMMANDS:
generate, g Generate a base64 encoded key
encrypt, e Encrypt a file
decrypt, d Decrypt a file
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--help, -h show help
```
## reference material
- https://en.wikipedia.org/wiki/Key_wrap
- https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
- https://en.wikipedia.org/wiki/Galois/Counter_Mode
- https://en.wikipedia.org/wiki/Authenticated_encryption
- https://en.wikipedia.org/wiki/Argon2
- https://en.wikipedia.org/wiki/Key_derivation_function
- https://en.wikipedia.org/wiki/Salt_(cryptography)
- https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html
- https://words.filippo.io/2025-state/
## inspiration
- https://github.com/FiloSottile/age
- https://github.com/restic/restic
|
