This package is a simple AES-CTR encryption wrapper with SHA512 HMAC authentication. I wrote it to handle large blobs of data that would not fit into memory (or would take to much memory). Examples include files and client-to-client uploads. The assumption is that this will be used with public/private key cryptography where the AES password (and HMAC password) will be strong and random providing a strong security guarantee.
I also wanted this to be easy to implement in Javascript for client-to-client communication via electron or react-native.
Included the example folder is a benchmark of encrypting an decrypting a 500MB stream of data. I get over 100MB/sec on my local computer using two cores.
go get github.com/Xeoncross/go-aesctr-with-hmac
cd $GOPATH/src/github.com/Xeoncross/go-aesctr-with-hmac/example
go run main.go
If using passwords to encrypt things I recommend you use this the "decrypto" AES-CTR + HMAC + scrypt password strengthening implementation found in odeke-em/drive. It might be slower (and uses a temp file) but is worth it for the security gains. Human-passwords aren't safe to use alone.
If the data you are encrypting is small and easily fits into memory then you should use GCM. GCM is nice and simple to use if your data is small.
If you need to encrypt video/audio stream, then a more complex chunked version of GCM is for you. https://github.com/minio/sio (D.A.R.E. v2) provides a way to break data up into chunks that can be decrypted as they arrive and used without waiting for the rest of the stream to finish arriving.
I am not a cryptographer. However, this implementation has very few moving parts all of which are written by real cryptographers and used as described.
- Cryptography lessons-learned
- Symmetric Security (NaCI, GCM, CTR)
- https://www.imperialviolet.org/2014/06/27/streamingencryption.html
- streaming encryption with AES-OFB
- Encrypt then MAC
- AES OFB vs CRT
- How do you encrypt large streams?
- Authenticated Encryption "AHEAD"
- PBKDF2 is redundant for bits from a CSPRNG (for use in AES)
- AES-256-GCM basic implementation
- Golang AES-CFB encrypted TCP stream
- https://github.com/SermoDigital/boxer/blob/master/boxer.go
- AES-256-GCM in C using OpenSSL for iPhone
- AES-CTR + HMAC + RFC2898 key derivation (Go)