From 2136543726c386debd1bee46c35716dd8938b311 Mon Sep 17 00:00:00 2001 From: trivernis Date: Sun, 16 Feb 2020 08:56:10 +0100 Subject: [PATCH] Remove base64 encode/decode step Remove the base64 encode/decode step as it only increases the size of the cipher but not the security. --- README.md | 12 +++++------- cryptpng.go | 25 ++++++++----------------- 2 files changed, 13 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index 844d0fb..b542f4e 100644 --- a/README.md +++ b/README.md @@ -25,11 +25,10 @@ image data. The steps for encrypting are: 1. Parse the png file and split it into chunks. 2. Prompt for a password and use the sha512 32byte value with a generated salt. 3. Store the salt in the `saLt` chunk. -4. Create a base64 string out of the data. -5. Encrypt the base64 string using aes and the provided hashed key. -6. Split the data into parts of 1 MiB of size. -7. Store every data part into a separate `crPt` chunk. -8. Write the png header and chunks to the output file. +4. Encrypt the data using aes and the provided hashed key. +5. Split the data into parts of 1 MiB of size. +6. Store every data part into a separate `crPt` chunk. +7. Write the png header and chunks to the output file. ### Decrypt @@ -38,5 +37,4 @@ image data. The steps for encrypting are: 3. Get the `crPt` chunks and and concat the data. 4. Prompt for the password and create the sha512 32byte hash with the salt. 5. Decrypt the data using aes and the provided hash key. -6. Decode the base64 data. -7. Write the data to the specified output file. \ No newline at end of file +6. Write the data to the specified output file. \ No newline at end of file diff --git a/cryptpng.go b/cryptpng.go index 6fa181c..4942ef9 100644 --- a/cryptpng.go +++ b/cryptpng.go @@ -5,7 +5,6 @@ import ( "crypto/cipher" "crypto/rand" "crypto/sha512" - "encoding/base64" "errors" "flag" "fmt" @@ -145,40 +144,32 @@ func readPassword(passwordSalt *[]byte) ([]byte, []byte) { } } -// encrypt and decrypt functions taken from -// https://stackoverflow.com/questions/18817336/golang-encrypting-a-string-with-aes-and-base64 - -func encrypt(key, text []byte) ([]byte, error) { +func encrypt(key, data []byte) ([]byte, error) { block, err := aes.NewCipher(key) if err != nil { return nil, err } - b := base64.StdEncoding.EncodeToString(text) - cipherText := make([]byte, aes.BlockSize+len(b)) + cipherText := make([]byte, aes.BlockSize+len(data)) iv := cipherText[:aes.BlockSize] if _, err := io.ReadFull(rand.Reader, iv); err != nil { return nil, err } cfb := cipher.NewCFBEncrypter(block, iv) - cfb.XORKeyStream(cipherText[aes.BlockSize:], []byte(b)) + cfb.XORKeyStream(cipherText[aes.BlockSize:], data) return cipherText, nil } -func decrypt(key, text []byte) ([]byte, error) { +func decrypt(key, data []byte) ([]byte, error) { block, err := aes.NewCipher(key) if err != nil { return nil, err } - if len(text) < aes.BlockSize { + if len(data) < aes.BlockSize { return nil, errors.New("ciphertext too short") } - iv := text[:aes.BlockSize] - text = text[aes.BlockSize:] + iv := data[:aes.BlockSize] + data = data[aes.BlockSize:] cfb := cipher.NewCFBDecrypter(block, iv) - cfb.XORKeyStream(text, text) - data, err := base64.StdEncoding.DecodeString(string(text)) - if err != nil { - return nil, err - } + cfb.XORKeyStream(data, data) return data, nil } \ No newline at end of file