Encryption and Decryption

This package is a simple AES-CTR encryption wrapper with SHA512 HMAC authentication. I wrote it to handle large blobs of data that would not fit into memory (or would take to much memory). Examples include files and client-to-client uploads. The assumption is that this will be used with public/private key cryptography where the AES password (and HMAC password) will be strong and random providing a strong security guarantee.

I also wanted this to be easy to implement in Javascript for client-to-client communication via electron or react-native.

Benchmarks

Included the example folder is a benchmark of encrypting an decrypting a 500MB stream of data. I get over 100MB/sec on my local computer using two cores.

go get github.com/Xeoncross/go-aesctr-with-hmac
cd $GOPATH/src/github.com/Xeoncross/go-aesctr-with-hmac/example
go run main.go

Using passwords

If using passwords to encrypt things I recommend you use this the "decrypto" AES-CTR + HMAC + scrypt password strengthening implementation found in odeke-em/drive. It might be slower (and uses a temp file) but is worth it for the security gains. Human-passwords aren't safe to use alone.

Encrypting small blobs

If the data you are encrypting is small and easily fits into memory then you should use GCM. GCM is nice and simple to use if your data is small.

Encrypting a Media stream

If you need to encrypt video/audio stream, then a more complex chunked version of GCM is for you. https://github.com/minio/sio (D.A.R.E. v2) provides a way to break data up into chunks that can be decrypted as they arrive and used without waiting for the rest of the stream to finish arriving.

Warning

I am not a cryptographer. However, this implementation has very few moving parts all of which are written by real cryptographers and used as described.

Reference

About

AES encryption for large blobs in Go (golang) using AES-CTR + hmac on io.Writer and io.Reader streams

MIT License

Languages

Language:Go 100.0%