高级加密标准(英语:Advanced Encryption Standard,缩写:AES),又称Rijndael加密法,是美国联邦政府采用的一种区块加密标准。这个标准用来替代原先的DES,已经被多方分析且广为全世界所使用。经过五年的甄选流程,高级加密标准由美国国家标准与技术研究院(NIST)于2001年11月26日发布于FIPS PUB 197,并在2002年5月26日成为有效的标准。现在,高级加密标准已然成为对称密钥加密中最流行的算法之一。
aes-192密钥的长度为24字节,aes-256密钥的长度为32字节,aes-128密码的长度为16字节。aes-ccm需要key,nonce,adata,另外aes-gcm不需要填充。
GCM ( Galois/Counter Mode) 指的是该对称加密采用Counter模式,并带有GMAC消息认证码。
aes-gcm 在线加密工具:https://const.net.cn/tool/aes/aes-gcm/
代码:

package main

import (
    "bytes"
    "crypto/aes"
    "crypto/cipher"
    "crypto/md5"
    "fmt"
)

func main() {
    fmt.Println("go crypto aes-192-gcm demo/example.")
    message := []byte("https://const.net.cn/ aes-192-gcm test vectors.")
    //指定密钥h
    key := []byte("123456781234567812345678")
    fmt.Printf("key.size = %d\n", len(key))
    //加密
    cipherText := AES_GCM_Encrypt(message, key)
    fmt.Printf("加密后:%x len = %d\n", cipherText, len(cipherText))
    fmt.Printf("MD5后为:%x\n", md5.Sum(cipherText))
    //解密
    plainText := AES_GCM_Decrypt(cipherText, key)
    fmt.Println("解密后为:", string(plainText))
}

//AES加密(GCM模式)
func AES_GCM_Encrypt(plainText []byte, key []byte) []byte {
    //指定加密算法,返回一个AES算法的Block接口对象
    block, err := aes.NewCipher(key)
    if err != nil {
        panic(err)
    }
    //指定初始向量vi,长度为12
    iv := []byte("123456781234")
    additionalData := []byte("12345678")
    //指定分组模式,返回一个BlockMode接口对象
    blockMode, _ := cipher.NewGCMWithNonceSize(block, len(iv))
    //blockMode, _ := cipher.NewGCM(block)
    //加密连续
    cipherText := make([]byte, len(plainText))
    cipherText = blockMode.Seal(cipherText[:0], iv, plainText, additionalData)
    //返回密文
    return cipherText
}

//AES解密(GCM模式)
func AES_GCM_Decrypt(cipherText []byte, key []byte) []byte {
    //指定解密算法,返回一个AES算法的Block接口对象
    block, err := aes.NewCipher(key)
    if err != nil {
        panic(err)
    }
    //指定初始化向量IV,和加密的一致
    iv := []byte("123456781234")
    additionalData := []byte("12345678")
    //指定分组模式,返回一个BlockMode接口对象
    blockMode, _ := cipher.NewGCMWithNonceSize(block, len(iv))
    //解密
    plainText := make([]byte, len(cipherText))
    plainText, _ = blockMode.Open(plainText[:0], iv, cipherText, additionalData)

    return plainText
}

输出 :

go run .
go crypto aes-192-gcm demo/example.
key.size = 24
加密后:085d12a881561fd6d0f4977222ada32a49d48b24e7a862a26d6c459344d9f6e57083476dd3d0107c6d13a0229e3809fdf1a1052ae652ac624867d729b9a49f len = 63
MD5后为:2db9ab0073956f1fb4ac61e4e92241fe
解密后为: https://const.net.cn/ aes-192-gcm test vectors.

高级加密标准(英语:Advanced Encryption Standard,缩写:AES),又称Rijndael加密法,是美国联邦政府采用的一种区块加密标准。这个标准用来替代原先的DES,已经被多方分析且广为全世界所使用。经过五年的甄选流程,高级加密标准由美国国家标准与技术研究院(NIST)于2001年11月26日发布于FIPS PUB 197,并在2002年5月26日成为有效的标准。现在,高级加密标准已然成为对称密钥加密中最流行的算法之一。
aes-192密钥的长度为24字节,aes-256密钥的长度为32字节,aes-128密码的长度为16字节。aes-ccm需要key,nonce,adata,另外aes-gcm不需要填充。
GCM ( Galois/Counter Mode) 指的是该对称加密采用Counter模式,并带有GMAC消息认证码。
aes-gcm 在线加密工具:https://const.net.cn/tool/aes/aes-gcm/
代码:

package main

import (
    "bytes"
    "crypto/aes"
    "crypto/cipher"
    "crypto/md5"
    "fmt"
)

func main() {
    fmt.Println("go crypto aes-256-gcm demo/example.")
    message := []byte("https://const.net.cn/ aes-256-gcm test vectors.")
    //指定密钥h
    key := []byte("12345678123456781234567812345678")
    fmt.Printf("key.size = %d\n", len(key))
    //加密
    cipherText := AES_GCM_Encrypt(message, key)
    fmt.Printf("加密后:%x len = %d\n", cipherText, len(cipherText))
    fmt.Printf("MD5后为:%x\n", md5.Sum(cipherText))
    //解密
    plainText := AES_GCM_Decrypt(cipherText, key)
    fmt.Println("解密后为:", string(plainText))
}

//AES加密(GCM模式)
func AES_GCM_Encrypt(plainText []byte, key []byte) []byte {
    //指定加密算法,返回一个AES算法的Block接口对象
    block, err := aes.NewCipher(key)
    if err != nil {
        panic(err)
    }
    //指定初始向量vi,长度为12
    iv := []byte("123456781234")
    additionalData := []byte("12345678")
    //指定分组模式,返回一个BlockMode接口对象
    blockMode, _ := cipher.NewGCMWithNonceSize(block, len(iv))
    //blockMode, _ := cipher.NewGCM(block)
    //加密连续
    cipherText := make([]byte, len(plainText))
    cipherText = blockMode.Seal(cipherText[:0], iv, plainText, additionalData)
    //返回密文
    return cipherText
}

//AES解密(GCM模式)
func AES_GCM_Decrypt(cipherText []byte, key []byte) []byte {
    //指定解密算法,返回一个AES算法的Block接口对象
    block, err := aes.NewCipher(key)
    if err != nil {
        panic(err)
    }
    //指定初始化向量IV,和加密的一致
    iv := []byte("123456781234")
    additionalData := []byte("12345678")
    //指定分组模式,返回一个BlockMode接口对象
    blockMode, _ := cipher.NewGCMWithNonceSize(block, len(iv))
    //解密
    plainText := make([]byte, len(cipherText))
    plainText, _ = blockMode.Open(plainText[:0], iv, cipherText, additionalData)

    return plainText
}

输出:

go run .
go crypto aes-256-gcm demo/example.
key.size = 32
加密后:e256d43a63f05a71c64a3c20ecd1cf579acbb1f7463a15b5c0c72ea4c78139d6b67bb344c1595d6ba24e9e6398193b887e85677cbdde78218b5bccd96532d5 len = 63
MD5后为:8874a42e73b2df1f8831e4710c7f8744
解密后为: https://const.net.cn/ aes-256-gcm test vectors.

echo -n "https://const.net.cn" > openssl_test.txt
echo -n "https://const.net.cn" | openssl dgst -md5 

(stdin)= 682d2c63236af6e721794b2988fc1d44

md5sum openssl_test.txt 

682d2c63236af6e721794b2988fc1d44 openssl_test.txt

openssl dgst -md5 openssl_test.txt 

MD5(openssl_test.txt)= 682d2c63236af6e721794b2988fc1d44

openssl dgst -md5 -c openssl_test.txt 

MD5(openssl_test.txt)= 68:2d:2c:63:23:6a:f6:e7:21:79:4b:29:88:fc:1d:44

openssl dgst -md5 -r openssl_test.txt 

682d2c63236af6e721794b2988fc1d44 *openssl_test.txt

openssl dgst -md5 -r *.txt 

682d2c63236af6e721794b2988fc1d44 *openssl_test.txt

openssl dgst -md5 -r *

682d2c63236af6e721794b2988fc1d44 *openssl_test.txt

openssl dgst -md5 -r * > openssl_test.md5
cat openssl_test.md5 

682d2c63236af6e721794b2988fc1d44 *openssl_test.txt

openssl dgst -md5 -c  *

MD5(openssl_test.md5)= f8:ca:f5:9a:35:44:19:c3:95:17:c4:19:47:40:8b:d2
MD5(openssl_test.txt)= 68:2d:2c:63:23:6a:f6:e7:21:79:4b:29:88:fc:1d:44

openssl md5 -c *

MD5(openssl_test.md5)= f8:ca:f5:9a:35:44:19:c3:95:17:c4:19:47:40:8b:d2
MD5(openssl_test.txt)= 68:2d:2c:63:23:6a:f6:e7:21:79:4b:29:88:fc:1d:44

BLAKE和BLAKE2是基于丹尼尔·J·伯恩斯坦ChaCha流密码的密码散列函数。与SHA-2一样,有两种不同字大小的变体。BLAKE-256和BLAKE-224使用32位字,分别产生256位和224位的摘要大小,而BLAKE-512和BLAKE-384分别使用64位字,产生512位和384位的摘要大小。在64位的x64和ARM体系结构上运行时,BLAKE2b比SHA-3,SHA-2,SHA-1和MD5更快。BLAKE2的安全性提供类似于SHA-3,优于SHA-2:免疫长度扩展攻击,来自随机预言机的无差异性等。BLAKE的改进版本BLAKE2于2012年12月21日宣布推出。BLAKE3于2020年1月9日宣布推出。

openssl dgst -list

Supported digests:
-blake2b512 -blake2s256 -md4
-md5 -md5-sha1 -ripemd
-ripemd160 -rmd160 -sha1
-sha224 -sha256 -sha3-224
-sha3-256 -sha3-384 -sha3-512
-sha384 -sha512 -sha512-224
-sha512-256 -shake128 -shake256
-sm3 -ssl3-md5 -ssl3-sha1
-whirlpool

openssl dgst -blake2b512 可以简写为 openssl blake2b512,openssl BLAKE2b512

echo -n "https://const.net.cn" > openssl_test.txt 
openssl dgst -blake2b512 openssl_test.txt 

BLAKE2b512(openssl_test.txt)= 701fd7a8c7104bd71497d3f4d9cbaa82b392aa132dbddc02e323243a60363bb9dbd3d4ae597f9ec862695d52ab85066df22d9c4aca04df11fd9dfe4e2542ab3e

openssl dgst -blake2b512 -c openssl_test.txt 

BLAKE2b512(openssl_test.txt)= 70:1f:d7:a8:c7:10:4b:d7:14:97:d3:f4:d9:cb:aa:82:b3:92:aa:13:2d:bd:dc:02:e3:23:24:3a:60:36:3b:b9:db:d3:d4:ae:59:7f:9e:c8:62:69:5d:52:ab:85:06:6d:f2:2d:9c:4a:ca:04:df:11:fd:9d:fe:4e:25:42:ab:3e

openssl dgst -blake2b512 -r openssl_test.txt 

701fd7a8c7104bd71497d3f4d9cbaa82b392aa132dbddc02e323243a60363bb9dbd3d4ae597f9ec862695d52ab85066df22d9c4aca04df11fd9dfe4e2542ab3e *openssl_test.txt

echo -n "https://const.net.cn" | openssl dgst -blake2b512 

(stdin)= 701fd7a8c7104bd71497d3f4d9cbaa82b392aa132dbddc02e323243a60363bb9dbd3d4ae597f9ec862695d52ab85066df22d9c4aca04df11fd9dfe4e2542ab3e

openssl blake2b512 openssl_test.txt 

BLAKE2b512(openssl_test.txt)= 701fd7a8c7104bd71497d3f4d9cbaa82b392aa132dbddc02e323243a60363bb9dbd3d4ae597f9ec862695d52ab85066df22d9c4aca04df11fd9dfe4e2542ab3e

openssl blake2b512 *

BLAKE2b512(openssl_test.md5)= 72cc4d0b342d407a0063b1c5a647f7385c81c8864e52ccb10665bc00742b00e6157826b69bd81c890f7b4545b0f6634f18f97231109980b995a1f333746587d8
BLAKE2b512(openssl_test.txt)= 701fd7a8c7104bd71497d3f4d9cbaa82b392aa132dbddc02e323243a60363bb9dbd3d4ae597f9ec862695d52ab85066df22d9c4aca04df11fd9dfe4e2542ab3e

openssl BLAKE2b512 *

BLAKE2b512(openssl_test.md5)= 72cc4d0b342d407a0063b1c5a647f7385c81c8864e52ccb10665bc00742b00e6157826b69bd81c890f7b4545b0f6634f18f97231109980b995a1f333746587d8
BLAKE2b512(openssl_test.txt)= 701fd7a8c7104bd71497d3f4d9cbaa82b392aa132dbddc02e323243a60363bb9dbd3d4ae597f9ec862695d52ab85066df22d9c4aca04df11fd9dfe4e2542ab3e

openssl dgst -list
Supported digests:
-blake2b512 -blake2s256 -md4
-md5 -md5-sha1 -ripemd
-ripemd160 -rmd160 -sha1
-sha224 -sha256 -sha3-224
-sha3-256 -sha3-384 -sha3-512
-sha384 -sha512 -sha512-224
-sha512-256 -shake128 -shake256
-sm3 -ssl3-md5 -ssl3-sha1
-whirlpool

用法:
openssl dgst [-digest]
或者
openssl digest
参数:
-c 参数是以冒号分隔HexString.
-hex 是输出16进制字符串,默认就是这个
-binary 是输出二进制的结果
-d 调试信息,没什么用
-out filename 将计算结果输出到文件,默认输出控制台

官方手册地址:https://www.openssl.org/docs/man1.1.1/man1/dgst.html

示例:

echo -n "https://const.net.cn" > openssl_test.txt

openssl blake2s256  openssl_test.txt 

BLAKE2s256(openssl_test.txt)= 1d550a31cf7034f24aac69abb8430474610522a8fc844ef4584d364789890feb

openssl blake2b512  openssl_test.txt 

BLAKE2b512(openssl_test.txt)= 701fd7a8c7104bd71497d3f4d9cbaa82b392aa132dbddc02e323243a60363bb9dbd3d4ae597f9ec862695d52ab85066df22d9c4aca04df11fd9dfe4e2542ab3e

openssl md4  openssl_test.txt 

MD4(openssl_test.txt)= d6dd1d2a616b6a480c6ce417b517734b

openssl md5  openssl_test.txt 

MD5(openssl_test.txt)= 682d2c63236af6e721794b2988fc1d44

openssl md5-sha1  openssl_test.txt 

MD5-SHA1(openssl_test.txt)= 682d2c63236af6e721794b2988fc1d44520fc9bd671e47fd9bd8961d88baacb4d356494a

openssl ripemd  openssl_test.txt 

RIPEMD160(openssl_test.txt)= b4967924b4475514dba56090e82656d710e92d1c

openssl ripemd160  openssl_test.txt 

RIPEMD160(openssl_test.txt)= b4967924b4475514dba56090e82656d710e92d1c

openssl rmd160  openssl_test.txt 

RIPEMD160(openssl_test.txt)= b4967924b4475514dba56090e82656d710e92d1c

openssl sha1  openssl_test.txt 

SHA1(openssl_test.txt)= 520fc9bd671e47fd9bd8961d88baacb4d356494a

openssl sha224  openssl_test.txt 

SHA224(openssl_test.txt)= 4a4c7f39fe288a3125e1095cc940d13efd18a61839611b0ac5865738

openssl sha256  openssl_test.txt 

SHA256(openssl_test.txt)= 8564929a323c97aa80d5be728fc2b7c53241926d138decb4d30f8cae1e36750f

openssl sha3-224  openssl_test.txt 

SHA3-224(openssl_test.txt)= 3f91daa869ff38c9e289d8b20bfb30f35cd24b1ade2d60e117b6f705

openssl sha3-256  openssl_test.txt 

SHA3-256(openssl_test.txt)= 2d2120298f04f9ccf45eb104a1a832b72dc36e92df83697ddf41381937f8a9d7

openssl sha3-384  openssl_test.txt 

SHA3-384(openssl_test.txt)= 9a5de69d2997788656d11b8dbe3007e74c4c116aa4759495e684d6a6cda9adff29e815235fcf110b799ab62ccaa0c029

openssl sha3-512  openssl_test.txt 

SHA3-512(openssl_test.txt)= bcaeaeace4c0f640325b76cda96ad8e527eedacb256afc42d3e8d68842fc694a3355d034c31faa8f8c8b00a869215a3342883f94a06503eb0c350382ae5f430e

openssl sha384  openssl_test.txt 

SHA384(openssl_test.txt)= b13f0e9e1b0a3230346eae998b4e58721afd42926625b3de532c4f13e7d70b62ab51497078de8ef394f34356da39e7bc

openssl sha512  openssl_test.txt 

SHA512(openssl_test.txt)= 8513a9c64d9f897546b9eff11a03182f000dee5df2d3c48dc24a4ac7840ec2e90eae1b99cd05f125e28ca28328b6fda9e287f725164b7c380844071c3a53a025

openssl sha512-224  openssl_test.txt 

SHA512-224(openssl_test.txt)= 1a1b23c9a9b105ef19f0bb5d95077c2fe1995f0fd90729ebc9afe42c

openssl sha512-256  openssl_test.txt

SHA512-256(openssl_test.txt)= 6eefb9b7ea272dd7374749eeeb59b3bf399652918032810e214cd7d86e9e52c6

openssl shake128  openssl_test.txt 

SHAKE128(openssl_test.txt)= e3aeecee8d193be5c58ba3df620abb03

openssl shake256  openssl_test.txt 

SHAKE256(openssl_test.txt)= 1acf0858f828d2fc6c429561c96061c73d200929ef1d05b925d19d71d2030ecb

openssl sm3  openssl_test.txt 

SM3(openssl_test.txt)= bb1318898097df76a8a992ec2ac3dac85914db06dae0851bebd4a5de9a13369f

openssl ssl3-md5  openssl_test.txt 

MD5(openssl_test.txt)= 682d2c63236af6e721794b2988fc1d44

openssl ssl3-sha1  openssl_test.txt 

SHA1(openssl_test.txt)= 520fc9bd671e47fd9bd8961d88baacb4d356494a

openssl whirlpool  openssl_test.txt 

whirlpool(openssl_test.txt)= a57446d6ff2e44fa7a72d7c6739960e6c17f9ea38a8d4032ba163ebe3c0f6d95b7e96c3dbcede63f3e7632462643d3dd10c3272e139bb1cca1873dfc2b86ab3f