a52bd4519d
- Use Google Distroless images for all services (Go & Node.js). - Standardize documentation with [PROJECT-NAME].md. - Add .dockerignore and .gitignore to all projects. - Remove docker-compose.yml in favor of docker run instructions. - Fix Go version and dependency issues in observability, repo-integrations, and security-governance. - Add Podman support (fully qualified image names). - Update Dashboard to use Node.js static server for Distroless compatibility.
63 lines
1.3 KiB
Go
63 lines
1.3 KiB
Go
package crypto
|
|
|
|
import (
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
"crypto/rand"
|
|
"encoding/hex"
|
|
"fmt"
|
|
"io"
|
|
)
|
|
|
|
// Encrypt encrypts data using AES-GCM.
|
|
func Encrypt(stringToEncrypt string, keyString string) (string, error) {
|
|
key, _ := hex.DecodeString(keyString)
|
|
plaintext := []byte(stringToEncrypt)
|
|
|
|
block, err := aes.NewCipher(key)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
aesGCM, err := cipher.NewGCM(block)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
nonce := make([]byte, aesGCM.NonceSize())
|
|
if _, err = io.ReadFull(rand.Reader, nonce); err != nil {
|
|
return "", err
|
|
}
|
|
|
|
ciphertext := aesGCM.Seal(nonce, nonce, plaintext, nil)
|
|
return fmt.Sprintf("%x", ciphertext), nil
|
|
}
|
|
|
|
// Decrypt decrypts data using AES-GCM.
|
|
func Decrypt(encryptedString string, keyString string) (string, error) {
|
|
key, _ := hex.DecodeString(keyString)
|
|
enc, _ := hex.DecodeString(encryptedString)
|
|
|
|
block, err := aes.NewCipher(key)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
aesGCM, err := cipher.NewGCM(block)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
nonceSize := aesGCM.NonceSize()
|
|
if len(enc) < nonceSize {
|
|
return "", fmt.Errorf("ciphertext too short")
|
|
}
|
|
|
|
nonce, ciphertext := enc[:nonceSize], enc[nonceSize:]
|
|
plaintext, err := aesGCM.Open(nil, nonce, ciphertext, nil)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
return string(plaintext), nil
|
|
}
|