Encrypt AES string with Go and decrypt with Crypto-js - go

I'm looking for encrypt string in my Go application and decrypt the encoded string with Crypto-js.
I have been trying for hours without success, trying many of the solutions offered by Stackoverflow, github or gist.
If anyone has the solution they would save me from a certain nervous breakdown lol
My Go encrypt code:
func EncryptBody() (encodedmess string, err error) {
key := []byte("6368616e676520746869732070617373")
// Create the AES cipher
block, err := aes.NewCipher(key)
if err != nil {
panic(err)
}
plaintext, _ := pkcs7Pad([]byte("exampletext"), block.BlockSize())
// The IV needs to be unique, but not secure. Therefore it's common to
// include it at the beginning of the ciphertext.
ciphertext := make([]byte, aes.BlockSize+len(plaintext))
iv := ciphertext[:aes.BlockSize]
if _, err := io.ReadFull(rand.Reader, iv); err != nil {
panic(err)
}
bm := cipher.NewCBCEncrypter(block, iv)
bm.CryptBlocks(ciphertext[aes.BlockSize:], plaintext)
return fmt.Sprintf("%x", ciphertext), nil
}
My pkcs7Pad function :
func pkcs7Pad(b []byte, blocksize int) ([]byte, error) {
if blocksize <= 0 {
return nil, errors.New("invalid blocksize")
}
if b == nil || len(b) == 0 {
return nil, errors.New("invalid PKCS7 data (empty or not padded)")
}
n := blocksize - (len(b) % blocksize)
pb := make([]byte, len(b)+n)
copy(pb, b)
copy(pb[len(b):], bytes.Repeat([]byte{byte(n)}, n))
return pb, nil
}
My Crypto-JS decrypt code :
public decryptData() {
const data = "3633fbef042b01da5fc4b69d8f038a83130994a898137bb0386604cf2c1cbbe6"
const key = "6368616e676520746869732070617373"
const decrypted = CryptoJS.AES.decrypt(data, key, {
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7
})
console.log("Result : " + decrypted.toString(CryptoJS.enc.Hex))
return decrypted.toString(CryptoJS.enc.Hex)
}


Thanks to #Topaco for your help !
Solution :
Go code :
func EncryptBody(data string) (encodedmess string, err error) {
key := []byte("6368616e676520746869732070617373")
// Create the AES cipher
block, err := aes.NewCipher(key)
if err != nil {
panic(err)
}
plaintext, _ := pkcs7Pad([]byte(data), block.BlockSize())
// The IV needs to be unique, but not secure. Therefore it's common to
// include it at the beginning of the ciphertext.
ciphertext := make([]byte, aes.BlockSize+len(plaintext))
iv := ciphertext[:aes.BlockSize]
if _, err := io.ReadFull(rand.Reader, iv); err != nil {
panic(err)
}
bm := cipher.NewCBCEncrypter(block, iv)
bm.CryptBlocks(ciphertext[aes.BlockSize:], plaintext)
return fmt.Sprintf("%x", ciphertext), nil
}
NodeJS Code :
protected decryptData(data: string) {
const iv = CryptoJS.enc.Hex.parse(data.substr(0,32))
const ct = CryptoJS.enc.Hex.parse(data.substr(32))
const key = CryptoJS.enc.Utf8.parse("6368616e676520746869732070617373")
// #ts-ignore !!!!!!!! IMPORTANT IF YOU USE TYPESCRIPT COMPILER
const decrypted = CryptoJS.AES.decrypt({ciphertext: ct}, key, {
mode: CryptoJS.mode.CBC,
iv: iv
})
console.log("Result : " + decrypted.toString(CryptoJS.enc.Utf8))
return decrypted.toString(CryptoJS.enc.Utf8)
}

Related

Error: could not assemble transaction: ProposalResponsePayloads do not match - proposal response: version:1 response:<status:200 payload:"

Recently, I am trying to implement the elliptic curve encryption algorithm in the chain code. One of the functions I want to implement is to pass in the plaintext and private key, and then directly encrypt and generate rtext and stext and store them in the ledger. I can succeed in the stand-alone environment, but I will report an error when executing in multiple peer nodes. I don't know why. It seems to have something to do with the consensus. Please have a look!
Here is my chain code method:
func (t *SimpleChaincode) UserSign(stub shim.ChaincodeStubInterface, args []string) pb.Response {
if len(args) !=3 {
return shim.Error("err! number is ont right!")
}
plainText := args[1]
private := args[2]
block, _ := pem.Decode([]byte(private))
fmt.Println("type is :", block.Type)
privateKey, err := x509.ParsePKCS8PrivateKey(block.Bytes)
if err != nil {
panic(err)
}
ecdsaKey := privateKey.(*ecdsa.PrivateKey)
hash256 := sha256.New()
hash256.Write([]byte(plainText))
hashValue := hash256.Sum(nil)
r, s, err := ecdsa.Sign(rand.Reader, ecdsaKey, hashValue)
rText, _ := r.MarshalText()
sText, _ := s.MarshalText()
//rText, sText := ECDSAFabricUsePrivateKeySign([]byte(plainText), privateKeyfile)
RText := string(rText)
SText := string(sText)
fmt.Println(RText)
fmt.Println(SText)
querycommoditybyte, err := stub.GetState(args[0])
if err != nil {
jsonResp := "err!Failed to get state!"
return shim.Error(jsonResp)
}
if querycommoditybyte == nil {
return shim.Error("err!the name is not exit!")
}
var signInfo Publickeyinfor
err = json.Unmarshal(querycommoditybyte, &signInfo)
if err != nil {
return shim.Error(err.Error())
}
//var publicinfor Publickeyinfor
//signInfo.UserName = args[0]
signInfo.PlainText = args[1]
signInfo.RText = RText
signInfo.SText = SText
peerAsBytes, _ := json.Marshal(signInfo)
err = stub.PutState(signInfo.UserName, peerAsBytes)
if err != nil {
fmt.Println("Could not store, err:", err)
return shim.Error(err.Error())
}
fmt.Println(string(peerAsBytes))
return shim.Success(peerAsBytes)
}

AES-256-GCM Encryption from Ruby & Decryption with Golang

I have an encryption in Ruby with aes-256-gcm
require 'openssl'
key = "972ec8dd995743d981417981ac2f30db"
iv = "6a825c25ea74"
auth_data = "73f6828fc5be"
plaintext = "John Doe play foo bar"
cipher = OpenSSL::Cipher.new('aes-256-gcm')
cipher.encrypt
cipher.iv = iv
cipher.key = key
cipher.auth_data = auth_data
cipherText = cipher.update(plaintext) + cipher.final
authTag = cipher.auth_tag
hexString = (cipherText + iv + authTag).unpack('H*').first
the hextString result looks like
fa03a24cad007ceaadc34c22edff943cb58fe514ed36613832356332356561373425f6bc5724b956daae151c8d78a21263
I want to decrypt it in Go
key := "972ec8dd995743d981417981ac2f30db"
iv := "6a825c25ea74"
authData := "73f6828fc5be"
hexString, _ := hex.DecodeString("fa03a24cad007ceaadc34c22edff943cb58fe514ed36613832356332356561373425f6bc5724b956daae151c8d78a21263")
block, err := aes.NewCipher([]byte(key))
if err != nil {
panic(err.Error())
}
aesgcm, err := cipher.NewGCM(block)
if err != nil {
panic(err.Error())
}
plaintext, err := aesgcm.Open(nil, []byte(iv), hexString, []byte(authData))
if err != nil {
panic(err.Error())
}
I got cipher: message authentication failed.
and Also I don't get the point about authData in golang, I can't fine it in here https://golang.org/pkg/crypto/cipher/#NewGCM

The nonce (iv) does not belong in the middle of the ciphertext. The hex-encoded output you want here from the ruby example is only the cipherText + authTag. Since the nonce must be sent along with the ciphertext, it is common to prefix the ciphertext with the nonce if you so choose, but you must trim that off before deciphering the message. (Also note that your key, iv and auth_data values appear to be hex strings, but they are being used as raw bytes which may be adding to some of the confusion).
Re-arranging the bytes of the message to prepend the nonce, gives us this example: https://play.golang.org/p/YV5FugSyM5_G
key := []byte("972ec8dd995743d981417981ac2f30db")
authData := []byte("73f6828fc5be")
msg, err := hex.DecodeString("366138323563323565613734fa03a24cad007ceaadc34c22edff943cb58fe514ed25f6bc5724b956daae151c8d78a21263")
block, err := aes.NewCipher([]byte(key))
if err != nil {
log.Fatal(err)
}
aesgcm, err := cipher.NewGCM(block)
if err != nil {
log.Fatal(err)
}
sz := aesgcm.NonceSize()
nonce, cipherText := msg[:sz], msg[sz:]
pt, err := aesgcm.Open(nil, nonce, cipherText, authData)
if err != nil {
log.Fatal(err)
}
fmt.Printf("%q\n", pt)
"John Doe play foo bar"

This is what worked for me. I originally used the attr_encrypted gem to encrypt the information.
package main
import (
"crypto/aes"
"crypto/cipher"
"encoding/base64"
"fmt"
"log"
)
func main() {
// data: "7621276423"
// encrypted_data: "Hz1HXFTfSyucPvy3iDoY1F4O5YmAx2skRa4="
// encrypted_data_iv: "Ezk8f3+944gs4x5E"
// license_key: "iUPGMBmppYA92kbciS5fIUe7gRcx6G025haOeAmEjU4="
cipherText, err := base64.StdEncoding.DecodeString("Hz1HXFTfSyucPvy3iDoY1F4O5YmAx2skRa4=")
nonce, err := base64.StdEncoding.DecodeString("Ezk8f3+944gs4x5E")
key, err := base64.StdEncoding.DecodeString("iUPGMBmppYA92kbciS5fIUe7gRcx6G025haOeAmEjU4=")
block, err := aes.NewCipher([]byte(key))
if err != nil {
log.Fatal(err)
}
aesgcm, err := cipher.NewGCM(block)
if err != nil {
log.Fatal(err)
}
pt, err := aesgcm.Open(nil, nonce, cipherText, nil)
if err != nil {
log.Fatal(err)
}
fmt.Printf("%q\n", pt)
}
// "123456789"

receiving crypto/rsa: decryption error when decrypting a file

This is my decrypt function but it keeps returning: "crypto/rsa: decryption error". any advice would be helpful! I split the encryption into sections because the key kept raising the "key too short error". I am new to the encryption work in golang.
func DecryptFile(file string, privateKey *rsa.PrivateKey)([]byte, error){
var decryptedBytes []byte
// read the file into bytes
data, err := ioutil.ReadFile(file)
if err != nil {
return decryptedBytes,err
}
fmt.Println(len(data))
var decryptedByte []byte
ByteSlice := split(data,200)
rng := rand.Reader
for _,bytes := range ByteSlice{
decryptedBytes,err = rsa.DecryptOAEP(
sha256.New(),
rng,
privateKey,
bytes,
nil)
if err != nil {
return decryptedBytes,err
}
decryptedBytes = append(decryptedBytes,decryptedByte...)
}
return decryptedBytes,nil
}
Encryption function:
func EncryptFile(file string, PublicKey *rsa.PublicKey)([]byte, error){
var encryptedBytes []byte
// read the file into bytes
data, err := ioutil.ReadFile(file)
if err != nil {
return encryptedBytes,err
}
fmt.Println(len(data))
// Encrypts the file
//fmt.Println(PublicKey.N.BitLen())
//_,_ = strconv.Atoi((PublicKey.N).String())
ByteSlice := split(data,200)
var encryptedByte []byte
rng := rand.Reader
for _,bytes := range ByteSlice{
encryptedByte, err = rsa.EncryptOAEP(
sha256.New(),
rng,
PublicKey,
bytes,
nil)
if err != nil {
return encryptedBytes,err
}
encryptedBytes = append(encryptedBytes, encryptedByte...)
}
// Returns file encrypted
return encryptedBytes,nil
}

The step for rsa.EncryptOAEP() should be no longer than :
publicKey.Size() - 2*hash.Size() - 2
You can use publicKey.Size() - 2*hash.Size() - 2 as step of rsa.EncryptOAEP()
No matter the length of step,
rsa.EncryptOAEP() function always produce fixed length encrypted data, the fixed length is publicKey.Size().
so, the step for rsa.DecryptOAEP() is :
publicKey.Size()
Please see :
RS256 message too long for RSA public key size - error signing JWT

Double Click Crypto in Golang

doc: https://developers.google.com/ad-exchange/rtb/response-guide/decrypt-price#sample_code
There is no official "Double Click Crypto" example code in golang, so I try to implement by myself. But I can't pass the test in doc. Please help me!
skU7Ax_NL5pPAFyKdkfZjZz2-VhIN8bjj1rVFOaJ_5o= // Encryption key (e_key)
arO23ykdNqUQ5LEoQ0FVmPkBd7xB5CO89PDZlSjpFxo= // Integrity key (i_key)
WEp8wQAAAABnFd5EkB2k1wJeFcAj-Z_JVOeGzA // 100 CPI micros
WEp8sQAAAACwF6CtLJrXSRFBM8UiTTIyngN-og // 1900 CPI micros
WEp8nQAAAAADG-y45xxIC1tMWuTjzmDW6HtroQ // 2700 CPI micros
Here is my code:
package main
// https://developers.google.com/ad-exchange/rtb/response-guide/decrypt-price?hl=zh-CN
import (
"bytes"
"crypto/hmac"
"crypto/sha1"
"encoding/base64"
"encoding/binary"
"fmt"
)
var base64Codec = base64.URLEncoding.WithPadding(base64.NoPadding)
func safeXORBytes(dst, a, b []byte) int {
n := len(a)
if len(b) < n {
n = len(b)
}
for i := 0; i < n; i++ {
dst[i] = a[i] ^ b[i]
}
return n
}
func EncryptPrice(eKey []byte, iKey []byte, price uint64, iv []byte) (finalMessage string, err error) {
if len(iv) != 16 {
err = fmt.Errorf("len(iv) = %d != 16", len(iv))
return
}
h1 := hmac.New(sha1.New, eKey)
h1.Write(iv)
pad := h1.Sum(nil)[:8]
priceBytes := make([]byte, 8)
binary.BigEndian.PutUint64(priceBytes, price)
encPrice := make([]byte, 8)
n := safeXORBytes(encPrice, priceBytes, pad)
if n != 8 {
err = fmt.Errorf("safeXORBytes n != %d", n)
return
}
h2 := hmac.New(sha1.New, iKey)
h2.Write(priceBytes)
h2.Write(iv)
signature := h2.Sum(nil)[:4]
finalMessage = base64Codec.EncodeToString(append(append(iv, encPrice...), signature...))
return
}
func DecryptPrice(eKey []byte, iKey []byte, finalMessage string) (price uint64, err error) {
finalMessageBytes, err := base64Codec.DecodeString(finalMessage)
if err != nil {
return
}
if len(finalMessageBytes) != 28 {
err = fmt.Errorf("len(finalMessageBytes) = %d != 28", len(finalMessageBytes))
return
}
iv := finalMessageBytes[:16]
encPrice := finalMessageBytes[16:24]
signature := finalMessageBytes[24:]
h1 := hmac.New(sha1.New, eKey)
h1.Write(iv)
pad := h1.Sum(nil)[:8]
priceBytes := make([]byte, 8)
n := safeXORBytes(priceBytes, encPrice, pad)
if n != 8 {
err = fmt.Errorf("safeXORBytes n != %d", n)
return
}
h2 := hmac.New(sha1.New, iKey)
h2.Write(priceBytes)
h2.Write(iv)
confSignature := h2.Sum(nil)[:4]
if bytes.Compare(confSignature, signature) != 0 {
err = fmt.Errorf("sinature mismatch: confSignature = %s, sinature = %s", confSignature, signature)
return
}
price = binary.BigEndian.Uint64(priceBytes)
return
}
package main
import (
"github.com/stretchr/testify/assert"
"testing"
)
func TestEncryptPrice(t *testing.T) {
eKeyBase64Encoded := "skU7Ax_NL5pPAFyKdkfZjZz2-VhIN8bjj1rVFOaJ_5o"
eKey, err := base64Codec.DecodeString(eKeyBase64Encoded)
assert.Nil(t, err)
iKeyBase64Encoded := "arO23ykdNqUQ5LEoQ0FVmPkBd7xB5CO89PDZlSjpFxo"
iKey, err := base64Codec.DecodeString(iKeyBase64Encoded)
assert.Nil(t, err)
finalMessage, err := EncryptPrice(eKey, iKey, uint64(100), []byte{88, 74, 124, 193, 0, 0, 0, 0, 103, 21, 222, 68, 144, 29, 164, 215})
assert.Nil(t, err)
assert.Equal(t, "WEp8wQAAAABnFd5EkB2k1wJeFcAj-Z_JVOeGzA", finalMessage)
}
func TestDecryptPrice(t *testing.T) {
eKeyBase64Encoded := "skU7Ax_NL5pPAFyKdkfZjZz2-VhIN8bjj1rVFOaJ_5o"
eKey, err := base64Codec.DecodeString(eKeyBase64Encoded)
assert.Nil(t, err)
iKeyBase64Encoded := "arO23ykdNqUQ5LEoQ0FVmPkBd7xB5CO89PDZlSjpFxo"
iKey, err := base64Codec.DecodeString(iKeyBase64Encoded)
assert.Nil(t, err)
price, err := DecryptPrice(eKey, iKey, "WEp8wQAAAABnFd5EkB2k1wJeFcAj-Z_JVOeGzA")
assert.Nil(t, err)
assert.Equal(t, uint64(100), price)
}
test result:
--- FAIL: TestEncryptPrice (0.00s)
Error Trace: price_test.go:19
Error: Not equal:
expected: "WEp8wQAAAABnFd5EkB2k1wJeFcAj-Z_JVOeGzA"
actual: "WEp8wQAAAABnFd5EkB2k1wf7jAcG7gZ9tPUnAA"
--- FAIL: TestDecryptPrice (0.00s)
Error Trace: price_test.go:32
Error: Expected nil, but got: &errors.errorString{s:"sinature mismatch: confSignature = \xbe\xaa\xf6h, sinature = T\xe7\x86\xcc"}
Error Trace: price_test.go:33
Error: Not equal:
expected: 0x64
actual: 0x0
FAIL

this code can pass the test in https://github.com/google/openrtb-doubleclick/blob/0.9.0/doubleclick-core/src/test/java/com/google/doubleclick/crypto/DoubleClickCryptoTest.java
, so I guess that the encrypted price in the doc are not excrypted by the e_key and i_key in the doc.

I met the same problem today. Finally, I found the bug was that 'ekey' and 'ikey' did not need to base64Codec.DecodeString, just use []byte(eKeyBase64Encoded).
eKeyBase64Encoded := "skU7Ax_NL5pPAFyKdkfZjZz2-VhIN8bjj1rVFOaJ_5o"
eKey := []byte(eKeyBase64Encoded)
assert.Nil(t, err)
iKeyBase64Encoded := "arO23ykdNqUQ5LEoQ0FVmPkBd7xB5CO89PDZlSjpFxo"
iKey :=[]byte(iKeyBase64Encoded)
assert.Nil(t, err)
price, err := DecryptPrice(eKey, iKey, "WEp8wQAAAABnFd5EkB2k1wJeFcAj-Z_JVOeGzA")
....

The encrypted price that are listed in this document https://developers.google.com/authorized-buyers/rtb/response-guide/decrypt-price have been encoded using the keys they showed above the prices. The examples are correct. I wrote a small Go package that provides a Decrypt function, I might add an encrypt one soon: https://github.com/matipan/doubleclick. Below I leave an example and code snippets for easy access.
First, to be able to parse the keys we need to respect the web-safe base64 decoding, which means we need to use base64.URLEncoding! to decode the keys:
// ParseKeys parses the base64 web-safe encoded keys as explained in Google's documentation:
// https://developers.google.com/authorized-buyers/rtb/response-guide/decrypt-price
func ParseKeys(ic, ec []byte) (icKey []byte, ecKey []byte, err error) {
icKey = make([]byte, base64.URLEncoding.DecodedLen(len([]byte(ic))))
n, err := base64.URLEncoding.Decode(icKey, []byte(ic))
if err != nil {
return nil, nil, fmt.Errorf("%w: could not decode price integrity key", err)
}
icKey = icKey[:n]
ecKey = make([]byte, base64.URLEncoding.DecodedLen(len([]byte(ec))))
n, err = base64.URLEncoding.Decode(ecKey, []byte(ec))
if err != nil {
return nil, nil, fmt.Errorf("%w: could not decode price encryption key", err)
}
ecKey = ecKey[:n]
return icKey, ecKey, nil
}
We can call this code and decrypt the keys they show:
icKey, ecKey, err = ParseKeys([]byte("arO23ykdNqUQ5LEoQ0FVmPkBd7xB5CO89PDZlSjpFxo="), []byte("skU7Ax_NL5pPAFyKdkfZjZz2-VhIN8bjj1rVFOaJ_5o="))
The function to decrypt the price with a bit more error handling is:
// ErrInvalidPrice is the error returned when the price parsed
// by DecryptPrice is not correct.
var ErrInvalidPrice = errors.New("price is invalid")
// DecryptPrice decrypts the price with google's doubleclick cryptography encoding.
// encPrice is an unpadded web-safe base64 encoded string according to RFC 3548.
// https://developers.google.com/authorized-buyers/rtb/response-guide/decrypt-price
func DecryptPrice(icKey, ecKey, encPrice []byte) (uint64, error) {
if len(icKey) == 0 || len(ecKey) == 0 {
return 0, errors.New("encryption and integrity keys are required")
}
if len(encPrice) != 38 {
return 0, fmt.Errorf("%w: invalid length, expected 28 got %d", ErrInvalidPrice, len(encPrice))
}
dprice := make([]byte, base64.RawURLEncoding.DecodedLen(len(encPrice)))
n, err := base64.RawURLEncoding.Decode(dprice, encPrice)
if err != nil {
return 0, fmt.Errorf("%w: invalid base64 string", err)
}
dprice = dprice[:n]
if len(dprice) != 28 {
return 0, fmt.Errorf("%w: invalid decoded price length. Expected 28 got %d", ErrInvalidPrice, len(dprice))
}
// encrypted price is composed of parts of fixed lenth. We break it up according to:
// {initialization_vector (16 bytes)}{encrypted_price (8 bytes)}{integrity (4 bytes)}
iv, p, sig := dprice[0:16], dprice[16:24], dprice[24:]
h := hmac.New(sha1.New, ecKey)
n, err = h.Write(iv)
if err != nil || n != len(iv) {
return 0, fmt.Errorf("%w: could not write hmac hash for iv. err=%s, n=%d, len(iv)=%d", ErrInvalidPrice, err, n, len(iv))
}
pricePad := h.Sum(nil)
price := safeXORBytes(p, pricePad)
if price == nil {
return 0, fmt.Errorf("%w: price xor price_pad failed", ErrInvalidPrice)
}
h = hmac.New(sha1.New, icKey)
n, err = h.Write(price)
if err != nil || n != len(price) {
return 0, fmt.Errorf("%w: could not write hmac hash for price. err=%s, n=%d, len(price)=%d", ErrInvalidPrice, err, n, len(price))
}
n, err = h.Write(iv)
if err != nil || n != len(iv) {
return 0, fmt.Errorf("%w: could not write hmac hash for iv. err=%s, n=%d, len(iv)=%d", ErrInvalidPrice, err, n, len(iv))
}
confSig := h.Sum(nil)[:4]
if bytes.Compare(confSig, sig) != 0 {
return 0, fmt.Errorf("%w: integrity of price is not valid", ErrInvalidPrice)
}
return binary.BigEndian.Uint64(price), nil
}
func safeXORBytes(a, b []byte) []byte {
n := len(a)
if len(b) < n {
n = len(b)
}
if n == 0 {
return nil
}
dst := make([]byte, n)
for i := 0; i < n; i++ {
dst[i] = a[i] ^ b[i]
}
return dst
}
We can now call this code using the example of 1900 micros: YWJjMTIzZGVmNDU2Z2hpN7fhCuPemC32prpWWw:
price, err := DecryptPrice(icKey, ecKey, []byte("YWJjMTIzZGVmNDU2Z2hpN7fhCuPemC32prpWWw"))
And price will be 1900

How could i use flags to select which func i want to call

Hello this is my first actually stab at writing an actual Go command line program so please forgive the appearance I also pulled some of this code off the Internet. What I am actually trying to do is have the ability to choose when i want to encrypt or decrypt while still being able to choose the src file and dest file. Thanks in advance for any help. I couldn't find anything solid explaining this or at least nothing i could make out.
package main
import (
"crypto/aes"
"crypto/cipher"
"crypto/rand"
"errors"
"io"
"io/ioutil"
"log"
"os"
)
func decrypt(key, ciphertext []byte) (plaintext []byte, err error) {
var block cipher.Block
if block, err = aes.NewCipher(key); err != nil {
return
}
if len(ciphertext) < aes.BlockSize {
err = errors.New("ciphertext too short")
return
}
iv := ciphertext[:aes.BlockSize]
ciphertext = ciphertext[aes.BlockSize:]
cfb := cipher.NewCFBDecrypter(block, iv)
cfb.XORKeyStream(ciphertext, ciphertext)
plaintext = ciphertext
return
}
func encrypt(key, text []byte) (ciphertext []byte, err error) {
var block cipher.Block
if block, err = aes.NewCipher(key); err != nil {
return nil, err
}
ciphertext = make([]byte, aes.BlockSize+len(string(text)))
iv := ciphertext[:aes.BlockSize]
if _, err = io.ReadFull(rand.Reader, iv); err != nil {
return
}
cfb := cipher.NewCFBEncrypter(block, iv)
cfb.XORKeyStream(ciphertext[aes.BlockSize:], text)
return
}
func encryptFileData(srcFile, destFile string) {
if len(os.Args) > 1 {
srcFile = os.Args[1]
}
if len(os.Args) > 2 {
destFile = os.Args[2]
}
var cipherText, plainText []byte
var err error
key := []byte("abcdefg123456789")
plainText, _ = ioutil.ReadFile(srcFile)
if cipherText, err = encrypt(key, plainText); err != nil {
log.Fatal(err)
}
ioutil.WriteFile(destFile, cipherText, 0755)
return
}
func decryptFileData(srcFile, destFile string) {
if len(os.Args) > 1 {
srcFile = os.Args[1]
}
if len(os.Args) > 2 {
destFile = os.Args[2]
}
var cipherText, plainText []byte
var err error
key := []byte("abcdefg123456789")
cipherText, _ = ioutil.ReadFile(srcFile)
if plainText, err = decrypt(key, cipherText); err != nil {
log.Fatal(err)
}
ioutil.WriteFile(destFile, plainText, 0755)
return
}
func main() {
encryptFileData(os.Args[1], os.Args[2])
decryptFileData(os.Args[1], os.Args[2])
}

Use the flag package. For example:
func main() {
encrypt := flag.Bool("encrypt", false, "encrypt file")
decrypt := flag.Bool("decrypt", false, "decrypt file")
flag.Parse()
srcFile, destFile := flag.Arg(0), flag.Arg(1)
if *encrypt {
encryptFileData(srcFile, destFile)
}
if *decrypt {
decryptFileData(srcFile, destFile)
}
}

Resources