developing go applications with embedded age encryption

https://github.com/marshyon/go_age_crypt_example/tree/main

I created a simple example app so as to demonstrate how age can be embedded with relative ease into an application in Go.

Why do this? I’m currently writing an app that will serve as a sort of pipeline in a production environment and I want for some things that it does to be ‘batteries included’ or ‘built in’ so to speak. So whilst doing other things, like checking to see if directories exist and creating them if needed, copying template generated files where necessary and so forth I wanted to copy in data files from an external source. Where would that data be held I thought, an S3 bucket would be ideal but I want for the data to be encrypted and not have to use any AWS native encryption so I can migrate to any S3 compatible at a later date.

It is possible and easy to install GPG, age or any other tool on the production system but why can’t the app I’m already building in Go have the capability to encrypt and decrypt files using age as it also is written in Go ? This will decrease the amount of setup for my setup program that is meant to get on with setting things up.

There are exampleson pkg.go.dev how to encrypt and decrypt string data with the age go library.

This is an example that is a little more complete than the above and that use an input file and public and private keys that are stored in an .env file.

The input and output files, be they plain text, Encrypted or decrypted are still hard coded in the go code and how to handle these with configurable values is left to the reader to implement with environment variables, command line parameters, database queries, external configuration etc or whatever takes your fancy, fill your boots

for convenience and to create a set of keys, initially install age with your package manager, for example

sudo apt update && sudo apt install age

so that a key pair may be created with

❯ age-keygen -o age_key.txt
Public key: ....

NB: if you do this more than once it will not over write an existing key file if one already exists with this filename

Then create an .env file that has the public and private keys that this file contains :

❯ cat .env
PUBLIC_KEY=YOUR PUBLIC KEY GOES HERE
PRIVATE_KEY=YOUR PRIVATE_KEY GOES HERE

to run the go code examples

❯ go run encrypt/main.go
Encrypted file size: 247

then decrypt with

❯ go run decrypt/main.go
Decryption successful, data written to decrypted_file.txt

edit the file input.txt replacing it with your message, re-run the above to prove to yourself things are working as expected

to build executables

go build -o enc encrypt/main.go
go build -o dec decrypt/main.go

and copy the binaries enc and dec together with the .env file created earlier and an input.txt file to run elsewhere

./enc
Encrypted file size: 266$
./dec
Decryption successful, data written to decrypted_file.txt$
cat decrypted_file.txt
I'm forever blowing bubbles,
pretty bubbles in the air !
.fin

on the remote system, we no loner need age installed now as we have created our own ‘mini apps’ with age built in.