config icon indicating copy to clipboard operation
config copied to clipboard
verified publisher icon gookit

[FEAT] Support Encrypted Config File

Open KiddoV opened this issue 3 years ago • 4 comments

It would be nice to have a built-in encrypted config file so sometime we are only allow user to change setting directly from the app.

I have 2 function to encrypt and decrypt the string to base64, just not sure how to implement it...

// Encrypt a string with a secret key.
// Secretkey must be 16, 24 or 32 characters long.
func EncryptStr(text, secretKey string) (string, error) {
	var randBytes = []byte{35, 46, 57, 24, 85, 35, 24, 74, 87, 35, 88, 98, 66, 32, 14, 05}
	block, err := aes.NewCipher([]byte(secretKey))
	if err != nil {
		return "", err
	}
	plainText := []byte(text)
	cfb := cipher.NewCFBEncrypter(block, randBytes)
	cipherText := make([]byte, len(plainText))
	cfb.XORKeyStream(cipherText, plainText)
	endCodeCipherText := base64.StdEncoding.EncodeToString(cipherText)
	return endCodeCipherText, nil
}

// Decrypt am encrypt string with the same secret key used in encrypt.
// Secretkey must be 16, 24 or 32 characters long.
func DecryptStr(eText, secretKey string) (string, error) {
	var randBytes = []byte{35, 46, 57, 24, 85, 35, 24, 74, 87, 35, 88, 98, 66, 32, 14, 05}
	block, err := aes.NewCipher([]byte(secretKey))
	if err != nil {
		return "", err
	}
	cipherText, _ := base64.StdEncoding.DecodeString(eText)
	cfb := cipher.NewCFBDecrypter(block, randBytes)
	plainText := make([]byte, len(cipherText))
	cfb.XORKeyStream(plainText, cipherText)
	return string(plainText), nil
}

Thought?

KiddoV avatar Oct 21 '22 17:10 KiddoV

Do you mean to decrypt the content of the file when it is loaded, and write it to the file after encryption?

inhere avatar Nov 15 '22 11:11 inhere

I meant to encrypt the file so users cannot see what inside the config file physically. Forcing users to use application only to make changes for settings.

In this case, application will have to generate its setting file automatically only on first time uses. So... User first time open the app => app generate encrypted setting file for the first time => user make changes on settings => app read changes, apply to the map or struct => encrypted json or any format string => save to config file => user open the app again => app load encrypted config string => decrypt => apply settings to struct or map...

KiddoV avatar Nov 15 '22 13:11 KiddoV

:) ... I think what you want is a config center like service, or a local config database like library.

inhere avatar Nov 15 '22 14:11 inhere

With a middle ware or a center like service, It won't play nice with those built-in methods like *get() or set() config. This has to be modified at the root level of the library, I think.

KiddoV avatar Nov 15 '22 15:11 KiddoV