A personal study project in Go (v1.23) that demonstrates how to generate and manage HMAC keys, encrypt and decrypt messages using AES-GCM, and store data securely in a lightweight embedded database (buntdb
).
- Key Management:
- Generate and store an HMAC key.
- Retrieve the stored key via an API endpoint.
- Encryption/Decryption:
- Encrypt a message using AES-GCM.
- Decrypt a previously encrypted message.
- Lightweight Database:
- Stores the HMAC key using
buntdb
.
- Stores the HMAC key using
- Description: Generates a new HMAC key and stores it in the database.
- Response: 201 Created
{ "key": "0766ff57136f0d93328d990d57404b7dfbdac4a5fe350bbf8d3e9f108366599e" }
- Description: Retrieves the stored HMAC key.
- Response:
{ "key": "a1b2c3d4e5f67890abcdef1234567890abcdef1234567890abcdef1234567890" }
- Description: Encrypts a given plaintext using AES-GCM.
- Request:
{ "text": "fabs" }
- Response:
{ "text_decrypted": "fabs", "text_encrypted": "kIQUVGVxJOGsSB2imBc48PJ+RcUg/UEteMX+0qberDM=" }
- Description: Decrypts a previously encrypted message using AES-GCM.
- Request:
{ "text": "kIQUVGVxJOGsSB2imBc48PJ+RcUg/UEteMX+0qberDM=" }
- Response:
{ "text_decrypted": "fabs", "text_encrypted": "kIQUVGVxJOGsSB2imBc48PJ+RcUg/UEteMX+0qberDM=" }
encrypt-decrypt/
├── cmd/
│ └── main.go # Main file to start the server
├── internal/
│ ├── handler/ # Layer responsible for HTTP (controllers)
│ │ └── decrypt_handler.go
│ │ └── encrypt_handler.go
│ │ └── key_handler.go
│ ├── service/ # Business logic layer (use cases)
│ │ └── decrypt_service.go
│ │ └── encrypt_service.go
│ │ └── key_service.go
│ ├── repository/ # Data access layer
│ │ └── key_repo.go
│ └── entity/ # Domain entities layer
│ └── key.go
├── go.mod # Dependency management
└── go.sum
- Go 1.23 or later
- buntdb library
git clone https://github.com/your-username/encrypt-decrypt.git
cd encrypt-decrypt
go mod tidy
go run cmd/main.go
- The POST /key endpoint generates a cryptographically secure HMAC key and stores it in buntdb.
- The GET /key endpoint retrieves this key for internal operations.
- AES-GCM is used for encrypting and decrypting messages. This ensures authenticated encryption for message confidentiality and integrity.
- Encrypted messages are encoded in Base64 for easy handling.
- buntdb is used to persist the HMAC key. It provides a lightweight, in-memory database with ACID compliance
curl -X POST http://localhost:8080/key
curl http://localhost:8080/key
curl -X POST -H "Content-Type: application/json" -d '{"text":"fabs"}' http://localhost:8080/encrypt
curl -X POST -H "Content-Type: application/json" -d '{"text":"fabs"}' http://localhost:8080/decrypt
Developed by Fabs.