On this page

Encryption API for Go SDK

PubNub Go SDK includes message and file encryption. This page shows how to set up the crypto module and how to encrypt and decrypt data. The SDK supports 128-bit Advanced Encryption Standard (AES) and 256-bit AES in Cipher Block Chaining (CBC) mode.

For general SDK configuration and initialization, refer to the Configuration page.

Configuration

CryptoModule configuration

To configure the CryptoModule to encrypt all messages/files, you can use the following methods in the Go SDK:

1// encrypts using 256 bit AES-CBC cipher (recommended)
2// decrypts data encrypted with the legacy and the 256 bit AES-CBC ciphers
3config.CryptoModule = crypto.NewAesCbcCryptoModule("cipherKey", true)
4

5// encrypts with 128-bit cipher key entropy (legacy)
6// decrypts data encrypted with the legacy and the 256 bit AES-CBC ciphers
7config.CryptoModule = crypto.NewLegacyModule("cipherKey", true)

Your client can decrypt content encrypted using either of the modules. This way, you can interact with historical messages or messages sent from older clients while encoding new messages using the more secure 256 bit AES-CBC cipher.

Older SDK versions

Apps built using the SDK versions lower than 7.1.2 will not be able to decrypt data encrypted using the 256 bit AES-CBC cipher. Make sure to update your clients or encrypt data using the legacy algorithm.

SDK initialization required

Before you use encryption methods, ensure your PubNub client is configured with a subscribe key and a user ID. See the Configuration guide for setup instructions.

Encryption methods

Encrypt

Use this function to encrypt data.

Deprecated

The key parameter in this method is deprecated. We recommend that you configure a separate instance of the crypto module and use it for partial encryption.

If you pass cipherKey as an argument, it overrides the crypto module configuration and the legacy encryption with 128-bit cipher key entropy is used.

Method(s)

1utils.EncryptString(cipherKey, string, useRandomInitializationVector)
* required
ParameterDescription
cipherKey *
Type: string
Cipher key to use for decryption. If no key is provided, Cipher key provided in PNConfiguration will be considered.
string *
Type: string
The data to encrypt
useRandomInitializationVector *
Type: boolean
When true the initialization vector (IV) is random for all requests (not just for file upload). When false the IV is hard-coded for all requests except for file upload.

Sample code

Reference code
This example is a self-contained code snippet ready to be run. It includes necessary imports and executes methods with console logging. Use it as a reference when working with other examples in this document.
1

Encrypt file

Use this function to encrypt file content using the CryptoModule.

Method(s)

To encrypt a file stream, you can use the following method in Go SDK:

1module.EncryptStream(input io.Reader) (io.Reader, error)
* required
ParameterDescription
input *
Type: io.Reader
Reader to read the file or data stream to encrypt.

Returns

io.Reader with encrypted data, and an error if encryption fails.

Sample code

Reference code
This example is a self-contained code snippet ready to be run. It includes necessary imports and executes methods with console logging. Use it as a reference when working with other examples in this document.
1

Decryption methods

Decrypt

Use this function to decrypt data.

Deprecated

The cipherKey parameter in this method is deprecated. We recommend that you configure a separate instance of the crypto module and use it for partial encryption.

If you pass cipherKey as an argument, it overrides the crypto module configuration and the legacy encryption with 128-bit cipher key entropy is used.

Method(s)

1utils.DecryptString(cipherKey, encrypted, useRandomInitializationVector)
* required
ParameterDescription
cipherKey *
Type: string
Cipher key to use for decryption. If no key is provided, Cipher key provided in PNConfiguration will be considered.
encrypted *
Type: string
The data to decrypt
useRandomInitializationVector *
Type: boolean
When set to true, the initialization vector (IV) is random for all requests, not just for file upload. When set to false, the IV is hard-coded for all requests except for file upload.

Sample code

Reference code
This example is a self-contained code snippet ready to be run. It includes necessary imports and executes methods with console logging. Use it as a reference when working with other examples in this document.
1

Decrypt file

Use this function to decrypt file content using the CryptoModule.

Method(s)

To decrypt a file stream, you can use the following method in Go SDK:

1module.DecryptStream(input io.Reader) (io.Reader, error)
* required
ParameterDescription
input *
Type: io.Reader
Reader to read the encrypted file or data stream.

Returns

io.Reader with decrypted data, and an error if decryption fails.

Sample code

Reference code
This example is a self-contained code snippet ready to be run. It includes necessary imports and executes methods with console logging. Use it as a reference when working with other examples in this document.
1

Other examples

Publish encrypted message

This example shows how to publish an encrypted message using the CryptoModule:

1

Subscribe to encrypted messages

This example shows how to subscribe to a channel and automatically decrypt incoming messages:

1

Publish encrypted JSON data

This example demonstrates encrypting complex JSON data structures:

1

Fetch encrypted message history

This example shows how to retrieve encrypted messages from history. Messages are automatically decrypted:

1

Use different encryption keys for different channels

This example demonstrates using multiple PubNub instances with different encryption keys:

1

Using legacy CipherKey configuration (deprecated)

This example shows the deprecated way of configuring encryption. Use CryptoModule instead for new applications:

1
Last updated on
On this page