Encryption API for Go SDK
PubNub Go SDK provides built-in message and file encryption to secure your real-time communications. This documentation covers crypto module configuration and utility methods for encrypting and decrypting messages and files using both legacy 128-bit and enhanced 256-bit AES-CBC encryption.
For general SDK configuration and initialization, refer to the Configuration page.
Configuration
CryptoModule configuration
To configure the CryptoModule to encrypt all messages/files, you can use the following methods in the Go SDK:
// encrypts using 256 bit AES-CBC cipher (recommended)
// decrypts data encrypted with the legacy and the 256 bit AES-CBC ciphers
config.CryptoModule = crypto.NewAesCbcCryptoModule("cipherKey", true)
// encrypts with 128-bit cipher key entropy (legacy)
// decrypts data encrypted with the legacy and the 256 bit AES-CBC ciphers
config.CryptoModule = crypto.NewLegacyModule("cipherKey", true)
Your client can decrypt content encrypted using either of the modules. This way, you can interact with historical messages or messages sent from older clients while encoding new messages using the more secure 256 bit AES-CBC cipher.
Older SDK versions
Apps built using the SDK versions lower than 7.1.2 will not be able to decrypt data encrypted using the 256 bit AES-CBC cipher. Make sure to update your clients or encrypt data using the legacy algorithm.
SDK Initialization required
Before using encryption methods, ensure your PubNub client is properly configured with subscribe key and user ID. See the Configuration guide for setup instructions.
Encryption methods
Encrypt
This function allows to encrypt the data.
Deprecated
The key parameter in this method is deprecated. We recommend that you configure a separate instance of the crypto module and use it for partial encryption.
If you pass cipherKey as an argument, it overrides the crypto module configuration and the legacy encryption with 128-bit cipher key entropy is used.
Method(s)
utils.EncryptString(cipherKey, string, useRandomInitializationVector)
| Parameter | Description |
|---|---|
cipherKey *Type: string | Cipher key to use for decryption. If no key is provided, Cipher key provided in PNConfiguration will be considered. |
string *Type: string | The data to encrypt |
useRandomInitializationVector *Type: boolean | When true the initialization vector (IV) is random for all requests (not just for file upload). When false the IV is hard-coded for all requests except for file upload. |
Sample code
Reference code
This example is a self-contained code snippet ready to be run. It includes necessary imports and executes methods with console logging. Use it as a reference when working with other examples in this document.
package main
import (
"fmt"
"log"
"github.com/pubnub/go/v7/crypto"
)
func main() {
// Initialize the Crypto Module with a cipher key
module, err := crypto.NewAesCbcCryptoModule("enigma", false)
if err != nil {
log.Fatalf("Error initializing crypto module: %v", err)
}
Encrypt file
This function allows to encrypt the file content/data.
Deprecated
The cipherKey parameter in this method is deprecated. We recommend that you configure a separate instance of the crypto module and use it for partial encryption.
If you pass cipherKey as an argument, it overrides the crypto module configuration and the legacy encryption with 128-bit cipher key entropy is used.
Method(s)
To encrypt the file you can use the following method(s) in Go SDK.
utils.EncryptFile(cipherKey, iv, filePart, file)
| Parameter | Description |
|---|---|
cipherKeyType: | PNConfiguration will be considered.This parameter is ignored. |
ivType: string | Initalization Vector if using a hardcoded one (not recommended). Should be passed as []byte{} when not used. |
filePart *Type: io.Writer | Writer to write the encrypted contents. |
file *Type: os.File | Reader to read the file. |
Sample code
out, _ := os.Create("cat_picture.jpg")
file, err := os.Open(filepathInput)
if err != nil {
panic(err)
}
module, err := crypto.NewAesCbcCryptoModule("enigma", false)
module.EncryptFile("enigma", []byte{}, out, file)
Decryption methods
Decrypt
This function allows to decrypt the data.
Deprecated
The cipherKey parameter in this method is deprecated. We recommend that you configure a separate instance of the crypto module and use it for partial encryption.
If you pass cipherKey as an argument, it overrides the crypto module configuration and the legacy encryption with 128-bit cipher key entropy is used.
Method(s)
utils.DecryptString(cipherKey, encrypted, useRandomInitializationVector)
| Parameter | Description |
|---|---|
cipherKey *Type: string | Cipher key to use for decryption. If no key is provided, Cipher key provided in PNConfiguration will be considered. |
encrypted *Type: string | The data to decrypt |
useRandomInitializationVector *Type: boolean | When set to true, the initialization vector (IV) is random for all requests, not just for file upload. When set to false, the IV is hard-coded for all requests except for file upload. |
Sample code
config := pubnub.NewConfig("someUserId")
config.CipherKey = "cipherKey"
pn := pubnub.NewPubNub(config)
r, _ := utils.DecryptString(pn.config.CipherKey, encrypted, true)
module, err := crypto.NewAesCbcCryptoModule("enigma", false)
module.DecryptString("enigma", []byte{})
Decrypt file
This function allows to decrypt the file content/data.
Deprecated
The key parameter in this method is deprecated. We recommend that you configure a separate instance of the crypto module and use it for partial encryption.
If you pass cipherKey as an argument, it overrides the crypto module configuration and the legacy encryption with 128-bit cipher key entropy is used.
Method(s)
To decrypt the file you can use the following method(s) in Go SDK.
utils.DecryptFile(cipherKey, contentLenEnc, reader, w)
| Parameter | Description |
|---|---|
cipherKeyType: | PNConfiguration will be considered.This parameter is ignored. |
contentLenEncType: int64 | The total length of the file. |
reader *Type: io.Reader | Reader to read the encrypted contents. |
w *Type: io.WriteCloser | Writer to write the decrypted contents. |
Sample code
outDec, _ := os.Open("cat_picture.jpg")
fi, _ := outDec.Stat()
contentLenEnc := fi.Size()
defer outDec.Close()
fileDec, _ := os.Create(filepathOutputDec)
defer fileDec.Close()
r, w := io.Pipe()
module, err := crypto.NewAesCbcCryptoModule("enigma", false)
module.EncryptFile("enigma", []byte{}, out, file)