在Golang中,标准库crypto/aes和crypto/cipher提供了可靠的AES加密解密实现,无需自定义底层逻辑。以下是完整示例:
package main
import (
"crypto/aes"
"crypto/cipher"
"crypto/rand"
"encoding/hex"
"errors"
"fmt"
"io"
)
// 使用GCM模式加密
func encryptGCM(plaintext, key []byte) ([]byte, error) {
block, err := aes.NewCipher(key)
if err != nil {
return nil, err
}
gcm, err := cipher.NewGCM(block)
if err != nil {
return nil, err
}
nonce := make([]byte, gcm.NonceSize())
if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
return nil, err
}
return gcm.Seal(nonce, nonce, plaintext, nil), nil
}
// 使用GCM模式解密
func decryptGCM(ciphertext, key []byte) ([]byte, error) {
block, err := aes.NewCipher(key)
if err != nil {
return nil, err
}
gcm, err := cipher.NewGCM(block)
if err != nil {
return nil, err
}
nonceSize := gcm.NonceSize()
if len(ciphertext) < nonceSize {
return nil, errors.New("ciphertext too short")
}
nonce, ciphertext := ciphertext[:nonceSize], ciphertext[nonceSize:]
return gcm.Open(nil, nonce, ciphertext, nil)
}
// 使用CBC模式加密(需要填充)
func encryptCBC(plaintext, key []byte) ([]byte, error) {
block, err := aes.NewCipher(key)
if err != nil {
return nil, err
}
// PKCS7填充
plaintext = pkcs7Pad(plaintext, aes.BlockSize)
ciphertext := make([]byte, aes.BlockSize+len(plaintext))
iv := ciphertext[:aes.BlockSize]
if _, err := io.ReadFull(rand.Reader, iv); err != nil {
return nil, err
}
mode := cipher.NewCBCEncrypter(block, iv)
mode.CryptBlocks(ciphertext[aes.BlockSize:], plaintext)
return ciphertext, nil
}
// 使用CBC模式解密
func decryptCBC(ciphertext, key []byte) ([]byte, error) {
block, err := aes.NewCipher(key)
if err != nil {
return nil, err
}
if len(ciphertext) < aes.BlockSize {
return nil, errors.New("ciphertext too short")
}
iv := ciphertext[:aes.BlockSize]
ciphertext = ciphertext[aes.BlockSize:]
mode := cipher.NewCBCDecrypter(block, iv)
mode.CryptBlocks(ciphertext, ciphertext)
return pkcs7Unpad(ciphertext), nil
}
// PKCS7填充
func pkcs7Pad(data []byte, blockSize int) []byte {
padding := blockSize - len(data)%blockSize
padtext := bytes.Repeat([]byte{byte(padding)}, padding)
return append(data, padtext...)
}
// PKCS7去填充
func pkcs7Unpad(data []byte) []byte {
length := len(data)
unpadding := int(data[length-1])
return data[:(length - unpadding)]
}
func main() {
key := []byte("examplekey123456") // 16字节密钥(AES-128)
plaintext := []byte("Hello, AES Encryption!")
// GCM模式示例
fmt.Println("=== GCM模式 ===")
encrypted, _ := encryptGCM(plaintext, key)
fmt.Printf("加密结果: %s\n", hex.EncodeToString(encrypted))
decrypted, _ := decryptGCM(encrypted, key)
fmt.Printf("解密结果: %s\n", decrypted)
// CBC模式示例
fmt.Println("\n=== CBC模式 ===")
encrypted, _ = encryptCBC(plaintext, key)
fmt.Printf("加密结果: %s\n", hex.EncodeToString(encrypted))
decrypted, _ = decryptCBC(encrypted, key)
fmt.Printf("解密结果: %s\n", decrypted)
}
对于更高级的封装,可以使用第三方包github.com/gtank/cryptopasta:
import "github.com/gtank/cryptopasta"
func exampleCryptopasta() {
key := &[32]byte{} // AES-256密钥
rand.Read(key[:])
plaintext := []byte("secret message")
// 加密
ciphertext, err := cryptopasta.Encrypt(plaintext, key)
if err != nil {
panic(err)
}
// 解密
decrypted, err := cryptopasta.Decrypt(ciphertext, key)
if err != nil {
panic(err)
}
fmt.Printf("解密结果: %s\n", decrypted)
}
标准库支持所有AES密钥长度(128/192/256位),并提供了GCM(推荐)、CBC、CTR等多种加密模式。GCM模式同时提供加密和认证功能,CBC模式需要手动处理填充。
