don't log some plaintext secret info
This commit is contained in:
@@ -125,10 +125,9 @@ func (s *Secret) EncryptSecret() (*Secret, error) {
|
||||
// The key argument should be the AES key, either 16 or 32 bytes
|
||||
// to select AES-128 or AES-256.
|
||||
key := []byte(keyString)
|
||||
//key := []byte("ECB518652A170880555136EA1F9752D6")
|
||||
plaintext := []byte(s.Secret)
|
||||
|
||||
log.Printf("EncryptSecret applying key '%v' of length '%d' to plaintext secret '%s'\n", key, len(key), s.Secret)
|
||||
//log.Printf("EncryptSecret applying key '%v' of length '%d' to plaintext secret '%s'\n", key, len(key), s.Secret)
|
||||
|
||||
block, err := aes.NewCipher(key)
|
||||
if err != nil {
|
||||
@@ -142,7 +141,7 @@ func (s *Secret) EncryptSecret() (*Secret, error) {
|
||||
log.Printf("EncryptSecret nonce generation error '%s'\n", err)
|
||||
return s, err
|
||||
}
|
||||
log.Printf("EncryptSecret random nonce value is '%x'\n", nonce)
|
||||
//log.Printf("EncryptSecret random nonce value is '%x'\n", nonce)
|
||||
|
||||
aesgcm, err := cipher.NewGCM(block)
|
||||
if err != nil {
|
||||
@@ -151,12 +150,12 @@ func (s *Secret) EncryptSecret() (*Secret, error) {
|
||||
}
|
||||
|
||||
ciphertext := aesgcm.Seal(nil, nonce, plaintext, nil)
|
||||
log.Printf("EncryptSecret generated ciphertext '%x''\n", ciphertext)
|
||||
//log.Printf("EncryptSecret generated ciphertext '%x''\n", ciphertext)
|
||||
|
||||
// Create a new slice to store nonce at the start and then the resulting ciphertext
|
||||
// Nonce is always 12 bytes
|
||||
combinedText := append(nonce, ciphertext...)
|
||||
log.Printf("EncryptSecret combined secret value is now '%x'\n", combinedText)
|
||||
//log.Printf("EncryptSecret combined secret value is now '%x'\n", combinedText)
|
||||
|
||||
// Store the value back into the struct ready for database operations
|
||||
s.Secret = hex.EncodeToString(combinedText)
|
||||
@@ -167,12 +166,10 @@ func (s *Secret) EncryptSecret() (*Secret, error) {
|
||||
}
|
||||
|
||||
func (s *Secret) DecryptSecret() (*Secret, error) {
|
||||
|
||||
keyString := os.Getenv("SECRETS_KEY")
|
||||
key := []byte(keyString)
|
||||
// The key argument should be the AES key, either 16 or 32 bytes
|
||||
// to select AES-128 or AES-256.
|
||||
//key := []byte("ECB518652A170880555136EA1F9752D6")
|
||||
keyString := os.Getenv("SECRETS_KEY")
|
||||
key := []byte(keyString)
|
||||
|
||||
if len(s.Secret) < nonceSize {
|
||||
log.Printf("DecryptSecret ciphertext is too short to decrypt\n")
|
||||
@@ -181,18 +178,17 @@ func (s *Secret) DecryptSecret() (*Secret, error) {
|
||||
|
||||
crypted, err := hex.DecodeString(s.Secret)
|
||||
if err != nil {
|
||||
log.Printf("DecryptSecret unable to convert hex encoded string due to error '%s'\n", err)
|
||||
log.Printf("DecryptSecret unable to convert hex encoded string due to error '%s'\n", err)
|
||||
return s, err
|
||||
}
|
||||
|
||||
log.Printf("DecryptSecret processing secret '%x'\n", crypted)
|
||||
//log.Printf("DecryptSecret processing secret '%x'\n", crypted)
|
||||
|
||||
//nonce, _ := hex.DecodeString("64a9433eae7ccceee2fc0eda")
|
||||
// The nonce is the first 12 bytes from the ciphertext
|
||||
nonce := crypted[:nonceSize]
|
||||
ciphertext := crypted[nonceSize:]
|
||||
|
||||
log.Printf("DecryptSecret applying key '%v' and nonce '%x' to ciphertext '%x'\n", key, nonce, ciphertext)
|
||||
//log.Printf("DecryptSecret applying key '%v' and nonce '%x' to ciphertext '%x'\n", key, nonce, ciphertext)
|
||||
|
||||
block, err := aes.NewCipher(key)
|
||||
if err != nil {
|
||||
@@ -212,7 +208,7 @@ func (s *Secret) DecryptSecret() (*Secret, error) {
|
||||
return s, err
|
||||
}
|
||||
|
||||
log.Printf("DecryptSecret plaintext is '%s'\n", plaintext)
|
||||
//log.Printf("DecryptSecret plaintext is '%s'\n", plaintext)
|
||||
|
||||
s.Secret = string(plaintext)
|
||||
return s, nil
|
||||
|
||||
Reference in New Issue
Block a user