|
- // Copyright 2016 The Go Authors. All rights reserved.
- // Use of this source code is governed by a BSD-style
- // license that can be found in the LICENSE file.
-
- package secretbox_test
-
- import (
- "crypto/rand"
- "encoding/hex"
- "fmt"
- "io"
-
- "golang.org/x/crypto/nacl/secretbox"
- )
-
- func Example() {
- // Load your secret key from a safe place and reuse it across multiple
- // Seal calls. (Obviously don't use this example key for anything
- // real.) If you want to convert a passphrase to a key, use a suitable
- // package like bcrypt or scrypt.
- secretKeyBytes, err := hex.DecodeString("6368616e676520746869732070617373776f726420746f206120736563726574")
- if err != nil {
- panic(err)
- }
-
- var secretKey [32]byte
- copy(secretKey[:], secretKeyBytes)
-
- // You must use a different nonce for each message you encrypt with the
- // same key. Since the nonce here is 192 bits long, a random value
- // provides a sufficiently small probability of repeats.
- var nonce [24]byte
- if _, err := io.ReadFull(rand.Reader, nonce[:]); err != nil {
- panic(err)
- }
-
- // This encrypts "hello world" and appends the result to the nonce.
- encrypted := secretbox.Seal(nonce[:], []byte("hello world"), &nonce, &secretKey)
-
- // When you decrypt, you must use the same nonce and key you used to
- // encrypt the message. One way to achieve this is to store the nonce
- // alongside the encrypted message. Above, we stored the nonce in the first
- // 24 bytes of the encrypted text.
- var decryptNonce [24]byte
- copy(decryptNonce[:], encrypted[:24])
- decrypted, ok := secretbox.Open(nil, encrypted[24:], &decryptNonce, &secretKey)
- if !ok {
- panic("decryption error")
- }
-
- fmt.Println(string(decrypted))
- // Output: hello world
- }
|
