Easy to use encryption library for Go



EncryptedBox is an easy to use module for Go that can encrypt or sign any type of data. It is especially useful when you must serialize your structured data before encrypting or signing it.

There are a number of examples provided in this repo, which should make it easy to understand how to use this library.

How it works

EncryptedBox provides a Cipher component which can be configured to encrypt and decrypt data using an easy to understand pipeline which includes serial and deserialization. Alternatively, it can also sign and verify data.

  1. Serialize structured data to raw binary data
  2. (Optional) Compress the binary data
  3. Encrypt or Sign
  4. (Optional) Encode encrypted data or signature as a string

The inverse steps must be done in reverse order when decrypting. Encryptedbox allows you fit these pieces together in a way where the implementation for any of the steps can be easily changed to suit your needs.


Encryption works on binary data, so the first step to encrypt anything is to turn it into a stream of bytes.

encryptedbox can work with easily with Go data structures by serializing them into JSON. You can also use other provided serializers or create your own to pack your structs into binary more efficiently.


Encrypted data appears random, and so compression is no longer possible. If the data is compressible and you want to compress it, you should do it before encryption.

* Note in some circumstances, compressing data can cause information to be leaked, especially if an attacker can control part of the message being compressed. See for instance CRIME (Compression Ratio Info-leak Made Easy).

Encrypt or Sign

EncryptedBox includes components for encrypting with AES for private key encryption and RSA for public key encryption. It also includes components for HMAC-SHA for symmetric signatures and RSA signing for asymmetric signatures.

The library chooses reasonably safe defaults out of the box:

  • the same plaintext will produce different ciphertext each time it is run
  • you can encrypt as many blocks as you want

Encode encrypted data or signature as a string

It is common the encrypted payload will need to be encoded into a safe format in order to be transmitted in different contexts, such as a query parameter. At the expense of the message size, encryptedbox has two convenience functions to make this easier, Cipher.EncryptToString() and Cipher.DecryptString(). The encoding used by this function can be changed if you are unhappy with the default of base64.RawURLEncoding.


The most basic example that can be contrived is the following snippet, which encrypts and decrypts "Hello world!"

key, _ := aesutil.NewKey256()
cipher, _ := encryptedbox.NewAESCipher(key)

ciphertext, _ := cipher.Encrypt("Hello world!")

var decrypted string
_ = cipher.Decrypt(ciphertext, &decrypted)


There are several more examples located in the examples directory.

Jesse Swidler
Senior Software Engineer at AKASA
Jesse Swidler
A super easy file encryption utility written in go and under 800kb

filecrypt A super easy to use file encryption utility written in golang ⚠ Help Wanted on porting filecrypt to other programing languages NOTE: if you

Flew Software 78 Jul 20, 2022
A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.

A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.

Filippo Valsorda 11.1k Aug 17, 2022
Lattigo: lattice-based multiparty homomorphic encryption library in Go

Lattigo: lattice-based multiparty homomorphic encryption library in Go Lattigo i

null 0 Jan 18, 2022
The minilock file encryption system, ported to pure Golang. Includes CLI utilities.

Go-miniLock A pure-Go reimplementation of the miniLock asymmetric encryption system. by Cathal Garvey, Copyright Oct. 2015, proudly licensed under the

Cathal Garvey 171 May 29, 2022
DERO Homomorphic Encryption Blockchain Protocol

Homomorphic encryption is a form of encryption allowing one to perform calculations on encrypted data without decrypting it first. The result of the computation is in an encrypted form, when decrypted the output is the same as if the operations had been performed on the unencrypted data.

null 98 Aug 10, 2022
Sekura is an Encryption tool that's heavily inspired by the Rubberhose file system.

It allows for multiple, independent file systems on a single disk whose existence can only be verified if you posses the correct password.

null 51 Feb 1, 2022
A document encryption solution for the reMarkable 2 ePaper tablet.

Remarkable 2 Encryption This repository contains multiple tools to encrypt the home folder of the reMarkable 2 epaper tablet using gocryptfs. Detailed

RedTeam Pentesting GmbH 28 Jul 28, 2022
Encryption Abstraction Layer and Utilities for ratnet

What is Bencrypt? Bencrypt is an abstraction layer for cryptosystems in Go, that lets applications use hybrid cryptosystems without being coupled to t

null 17 Jul 23, 2022
Go implementation of the Data At Rest Encryption (DARE) format.

Secure IO Go implementation of the Data At Rest Encryption (DARE) format. Introduction It is a common problem to store data securely - especially on u

Object Storage for the Era of the Hybrid Cloud 301 Aug 10, 2022
A simple, semantic and developer-friendly golang package for encoding&decoding and encryption&decryption

A simple, semantic and developer-friendly golang package for encoding&decoding and encryption&decryption

null 275 Aug 16, 2022
Encryption & Decryption package for golang

encdec Encryption & Decryption package for golang func main() { startingTime := time.Now() privKey, pubKey := GenerateRsaKeyPair() fmt.Println("Priva

MD MOSTAIN BILLAH 3 Feb 11, 2022
A tool for secrets management, encryption as a service, and privileged access management

Deploy HCP Vault & AWS Transit Gateways via Terraform https://medium.com/hashicorp-engineering/deploying-hcp-vault-using-the-hcp-terraform-provider-5e

Temur Yunusov 0 Nov 23, 2021
TTAK.KO-12.0223 Lightweight Encryption Algorithm with Galois/Counter Mode (LEA-GCM)

LEACrypt The Lightweight Encryption Algorithm (also known as LEA) is a 128-bit block cipher developed by South Korea in 2013 to provide confidentialit

Pedro F. Albanese 0 Dec 28, 2021
Functional encryption for images

ImageFE Functional encryption for images. Introduction In the traditional cryptography framework, a decryptor either recovers the entire plaintext fro

null 3 Mar 8, 2022
Attempts to make attribute based encryption work, particularly trying out bn256 pairing curve

EC Pairings over bn256 This is an attempt to solve the core problem of attribute based encryption, where the goal is to be able to use CA-issued attri

Robert Fielding 1 Jan 5, 2022
Go Encrypt! Is a simple command-line encryption and decryption application using AES-256 GCM.

Go Encrypt! Go Encrypt! is a command-line application used to easily encrypt and decrypt files with the AES-256 GCM encryption algorithm. Usage Usage

Peter Georgas 0 Jan 5, 2022
Ubiq-fpe-go - Format preserving encryption in Go

Format Preserving Encryption in Go An implementation of the NIST-approved FF1 an

Ubiq Security, Inc. 6 Jun 8, 2022
Length-preserving encryption algorithm

hctr2 Length-preserving encryption algorithm https://eprint.iacr.org/2021/1441.pdf Security Disclosure This project uses full disclosure. If you find

Eric Lagergren 2 Feb 28, 2022
Card-encrypt - The encryption code necessary to enroll debit cards in the Palla API

?? Card RSA Encryption Thank you for choosing Palla! ?? In this repository you'l

palla 0 Jul 15, 2022