encrypt-data.html

<!DOCTYPE html>
<html lang="en">

<head>
<!--__GOLF_REDIRECT__-->
<title>Encrypt data</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<meta name="HandheldFriendly" content="True"/>
<meta name="viewport" content="width=device-width, initial-scale=1"/>
<link rel="canonical" href="https://golf-lang.com/encrypt-data.html" />
<style>


body, html {
    color:black;
    text-rendering: optimizelegibility;
    background-color: white;
    min-height: 150%;
    font-family: "Times New Roman";
    font-weight:400;
    font-size:18px;
    line-height:27px;
    letter-spacing: 2px;
    z-index: 1;
    height: 100%;
    text-align:left;
    width:80%;
    margin-left:auto;
    margin-right:auto;
    padding:0;
    /*font-family: Helvetica, Arial, sans-serif;*/
}

body {
    padding-left:1vw;
    padding-right:1vw;
}
    
.ncode {
    line-height:20px;
    letter-spacing: 0px;
    font-size:14px;
    font-family: monospace;
    display:inline-block;
    max-width:100%;
    min-width:90%;
    margin:0;
    padding:0;
    padding-left:5px;
    padding-top:3px;
    padding-bottom:3px;
    margin-bottom:15px;
    border: 2px solid #d6d6d6;
    background-color:#f5f7f4;
    white-space:nowrap;
}

.shcode {
    line-height:23px;
    letter-spacing: 0px;
    font-size:14px;
    font-family: monospace;
    display:inline-block;
    max-width:100%;
    min-width:90%;
    margin:0;
    padding:0;
    padding-left:5px;
    padding-top:3px;
    padding-bottom:3px;
    margin-bottom:15px;
    border: 2px solid #d6d6d6;
    background-color:#f5f7f4;
    white-space:nowrap;
}

.sqlcode {
    line-height:23px;
    letter-spacing: 0px;
    font-size:14px;
    font-family: monospace;
    display:inline-block;
    max-width:100%;
    min-width:90%;
    margin:0;
    padding:0;
    padding-left:5px;
    padding-top:3px;
    padding-bottom:3px;
    margin-bottom:15px;
    border: 2px solid #d6d6d6;
    background-color:#f5f7f4;
    white-space:nowrap;
}

.htmlcode {
    line-height:23px;
    letter-spacing: 0px;
    font-size:14px;
    font-family: monospace;
    display:inline-block;
    max-width:100%;
    min-width:90%;
    margin:0;
    padding:0;
    padding-left:5px;
    padding-top:3px;
    padding-bottom:3px;
    margin-bottom:15px;
    border: 2px solid #d6d6d6;
    background-color:#f5f7f4;
    white-space:nowrap;
}

.code {
    line-height:23px;
    letter-spacing: 0px;
    font-size:14px;
    font-family: monospace;
    display:inline-block;
    max-width:100%;
    min-width:90%;
    margin:0;
    padding:0;
    padding-left:5px;
    padding-top:3px;
    padding-bottom:3px;
    margin-bottom:15px;
    border: 2px solid #d6d6d6;
    background-color:#f5f7f4;
    white-space:nowrap;
}

/*Just like h1 but for pdf conversion it would be indented this way it's not*/
.vhub {
    display: block;
   font-size: 1.6em;
   margin-top: 0.63em;
   margin-bottom: 0.63em;
   margin-left: 0;
   margin-right: 0;
   font-weight: bold;
}

/*Just like h2 but for pdf conversion it would be indented this way it's not*/
.vsub {
    display: block;
   font-size: 1.25em;
   margin-top: 0.53em;
   margin-bottom: 0.53em;
   margin-left: 0;
   margin-right: 0;
   font-weight: bold;
}

ul {
  margin-left: 0.75vw;
  padding-left: 0;
}
li {
  margin-left: 0.75vw;
  padding-left: 0;
}

/* this must be last, as it overrides previous settings, for mobile */
@media (hover: none) {
a {
   display: inline-block;
   padding-top: 3px;
   padding-bottom: 2px;
}
body {
    padding-left:2vw;
    padding-right:2vw;
    font-size:14px;
    line-height:22px;
    letter-spacing: 1px;
}
}

/*The following is for code snippets that are highlighted by 2html vim*/
pre { overflow-x: scroll; margin:0; padding:0; font-family:monospace; }
.Identifier { color: #008b8b; }
.Statement { color: #af5f00; }
.PreProc { color: #5fd7ff; }
.Type { color: #005f00; }
.Comment { color: blue ; }
.Constant { color: #ff00ff; }
/*end of highlighted snippets*/

a {
    text-decoration:none;
    padding-bottom: 0px; 
    color:inherit;
    border-bottom: 2px solid #6cb8f0;
}
a:hover {
    text-decoration: none;
    color:black;
    border-bottom: 1px solid red;
}
/*do not underline links nor should they be active*/
pre a {
    text-decoration:none;
    color:black;
    border-bottom: none;
    pointer-events: none;
    cursor: default;
}


.golfSnippet {display:none;}

ul {
  list-style-type:square;
  list-style-position: outside;
}

</style>


</head>
<body>

<script>
function gg_copy(gt, eid, gc) {
  gt.textContent = eid.textContent;
  gt.select();
  document.execCommand("copy");
  gc.style.visibility="visible"
  setTimeout(()=>{ gc.style.visibility="hidden"; }, 1000);
}

</script>

<!--GOLFMENU13-->

<!--GOLFENDMENU13-->



<!--BEGVDOC90-->
<div class='vhub' style='margin-top:10px;margin-right:20px;text-align:right;background-color:white;'><a href='https://golf-lang.com' style='border-bottom:0px'><img src='https://golf-lang.com/golf.png'/></a></div><div class='vhub' style='margin-top:10px;'>&nbsp;Encrypt data</div><hr/><span style="font-weight:bold;">Purpose</span>: Encrypt data.<br/>
<br/>
<div class='code'  style='position:relative;padding-right:16px;'>
<pre id='code_439'>
<span class="Statement"> encrypt-data</span> &lt;data&gt;<span class="Type"> to</span> &lt;result&gt; \
     [<span class="Identifier"> input-length</span> &lt;input length&gt; ] \
     [<span class="Identifier"> binary</span> [ &lt;binary&gt; ] ] \
     (<span class="Identifier"> password</span> &lt;password&gt; \
         [<span class="Identifier"> salt</span> &lt;salt&gt; [<span class="Identifier"> salt-length</span> &lt;salt length&gt; ] ] \
         [<span class="Identifier"> iterations</span> &lt;iterations&gt; ] \
         [<span class="Identifier"> cipher</span> &lt;cipher algorithm&gt; ] \
         [<span class="Identifier"> digest</span> &lt;digest algorithm&gt; ]
         [<span class="Identifier"> cache</span> ]
         [<span class="Identifier"> clear-cache</span> &lt;clear cache&gt; <span class="Error">)</span> \
     [<span class="Identifier"> init-vector</span> &lt;init vector&gt; ]</pre>
<span id=golf_copied_439 style='position:absolute;right:-14px;top:-30px; cursor: pointer;visibility:hidden;background:white;'>Copied!</span>
<textarea id='golft_439' style='position: absolute;left: -500%;'></textarea>
<img src='https://golf-lang.com/golf-copy-small-1.png' id='golfb' onclick='gg_copy(golft_439, code_439, golf_copied_439)' style='position:absolute;right:0;top:0; cursor: pointer;opacity:0.5;'/>
</div><br/>
encrypt-data encrypts &lt;data&gt; and stores the ciphertext to &lt;result&gt; specified by "to" clause.<br/>
<div class="vsub"><a id="Cipher and digest"></a>Cipher and digest</div>
By default, AES-256-CBC encryption and SHA256 hashing is used. You can however specify different cipher and digest algorithms with &lt;cipher algorithm&gt; (in "cipher" clause) and &lt;digest algorithm&gt; (in "digest" clause) as long as <a href='https://www.openssl.org/'>OpenSSL</a> supports them, or you have added them to OpenSSL. You can see the available ones by using:<br/>
<div class="shcode" style='position:relative;padding-right:16px;'>
<pre id='code_440'>
<span class="Comment">#get list of cipher providers</span>
openssl list <span class="Special">-cipher-algorithms</span>

<span class="Comment">#get list of digest providers</span>
openssl list <span class="Special">-digest-algorithms</span></pre>
<span id=golf_copied_440 style='position:absolute;right:-14px;top:-30px; cursor: pointer;visibility:hidden;background:white;'>Copied!</span>
<textarea id='golft_440' style='position: absolute;left: -500%;'></textarea>
<img src='https://golf-lang.com/golf-copy-small-1.png' id='golfb' onclick='gg_copy(golft_440, code_440, golf_copied_440)' style='position:absolute;right:0;top:0; cursor: pointer;opacity:0.5;'/>
</div><br/>
Note that the default algorithms will typically suffice. If you use different algorithms, you should have a specific reason. If you use a specific cipher and digest for encoding, you must use the same for decoding. The key derivation method is PBKDF2.<br/>
<div class="vsub"><a id="Data to be encrypted"></a>Data to be encrypted</div>
If "input-length" clause is missing, then the number of bytes encrypted is the length of &lt;data&gt; (see <a href='https://golf-lang.com/string-length.html'>string-length</a>). If "input-length" clause is used, then &lt;input length&gt; bytes are encrypted.<br/>
<div class="vsub"><a id="Password"></a>Password</div>
String &lt;password&gt; (in "password" clause) is the password used to encrypt and it must be a null-terminated string. <br/>
<div class="vsub"><a id="Salt"></a>Salt</div>
String &lt;salt&gt; (in "salt" clause) is the salt used in Key Derivation Function (KDF) when an actual symmetric encryption key is created. If &lt;salt length&gt; (in "salt-length" clause) is not specified, then the salt is null-terminated, otherwise it is a binary value of length &lt;salt length&gt;. See <a href='https://golf-lang.com/random-string.html'>random-string</a> or <a href='https://golf-lang.com/random-crypto.html'>random-crypto</a> for generating a random salt. If you use the "salt" clause, then you must use the exact same &lt;salt&gt; when data is decrypted with <a href='https://golf-lang.com/decrypt-data.html'>decrypt-data</a> - typically salt values are stored or transmitted unencrypted.<br/>
<div class="vsub"><a id="Iterations"></a>Iterations</div>
The number of iterations used in producing a key is specified in &lt;iterations&gt; in "iterations" clause. The default is 1000 per <a href='https://www.rfc-editor.org/rfc/rfc8018'>RFC 8018</a>, though depending on your needs and the quality of password you may choose a different value.<br/>
<div class="vsub"><a id="Initialization vector (IV)"></a>Initialization vector (IV)</div>
Different encrypted messages should have a different IV value, which is specified with &lt;init vector&gt; in the "init-vector" clause. See <a href='https://golf-lang.com/random-string.html'>random-string</a> or <a href='https://golf-lang.com/random-crypto.html'>random-crypto</a> for generating IV values. The decrypting side must use the same IV value to decrypt the message. Just like salt, IV is not a secret and is transmitted in plain text. Each cipher algorithm may require a certain number of bytes for IV.<br/>
<div class="vsub"><a id="Encrypted data"></a>Encrypted data</div>
The encrypted data is stored in &lt;result&gt; (in "to" clause). The encrypted data can be a binary data (if "binary" clause is present without boolean variable &lt;binary&gt;, or if &lt;binary&gt; evaluates to true), which is binary-mode encryption; or if not, it will be a null-terminated string, which is character-mode encryption, consisting of hexadecimal characters (i.e. ranging from "0" to "9" and "a" to "f"). Character mode of encryption is convenient if the result of encryption should be a human readable string, or for the purposes of non-binary storage in the database.<br/>
<div class="vsub"><a id="Caching key"></a>Caching key</div>
A key used to actually encrypt/decrypt data is produced by using password, salt, cipher, digest and the number of iterations. Depending on these parameters (especially the number of iterations), computing the key can be a resource intensive and lengthy operation. You can cache the key value and compute it only once (or once in a while) by using "cache" clause. If you need to recompute the key once in a while, use "clear-cache" clause. &lt;clear cache&gt; is a "bool" variable; the key cache is cleared if it is true, and stays if it is false. For example with encrypt-data (the same applies to decrypt-data):<br/>
<div class='code'  style='position:relative;padding-right:16px;'>
<pre id='code_441'>
<span class="Statement"> set-bool</span> clear = <span class="Constant">true</span> if-<span class="Constant">true</span> q equal <span class="Constant">0</span>
<span class="Statement"> encrypt-data</span> dt<span class="Identifier"> init-vector</span> non<span class="Identifier"> password</span> pwd \
    <span class="Identifier"> salt</span> rs<span class="Identifier"> salt-length</span> <span class="Constant">10</span><span class="Identifier"> iterations</span> iter<span class="Type"> to</span> \
     dt_enc<span class="Identifier"> cache clear-cache</span> clear</pre>
<span id=golf_copied_441 style='position:absolute;right:-14px;top:-30px; cursor: pointer;visibility:hidden;background:white;'>Copied!</span>
<textarea id='golft_441' style='position: absolute;left: -500%;'></textarea>
<img src='https://golf-lang.com/golf-copy-small-1.png' id='golfb' onclick='gg_copy(golft_441, code_441, golf_copied_441)' style='position:absolute;right:0;top:0; cursor: pointer;opacity:0.5;'/>
</div><br/>
In this case, when "q" is 0, cache will be cleared, with values of password, salt and iterations presumably changed, and the new key is computed and then cached. In all other cases, the last computed key stays the same. Normally, with IV usage (in "init-vector" clause), there is no need to change the key often, or at all.<br/>
<br/>
Note that while "cache" clause is in effect, the values for "password", "salt", "cipher", "digest" and "iterations" clauses can change without any effect. Only when "clear-cache" evaluates to "true" are those values taken into account.<br/>
<div class="vsub"><a id="Safety"></a>Safety</div>
Unless you are encrypting/decrypting a single message, you should always use IV in "init-vector" clause. Its purpose is to randomize the data encrypted, so that same messages do not produce the same ciphertext.<br/>
<br/>
If you use salt, a random IV is created with each different salt value. However, different salt values without "cache" clause will regenerate the key, which may be computationally intensive, so it may be better to use a different IV instead for each new encryption and keep the salt value the same with the high number of iterations. In practicality this means using "cache" so that key is computed once per process with the salt, and IV changes with each message. If you need to recompute the key occasionally, use "clear-cache".<br/>
<br/>
Each cipher/digest combination carries separate recommendations about the usage of salt, IV and the number of iterations. Please consult their documentation for more details.<br/>
<div class="vsub"><a id="Examples"></a>Examples</div>
In the following example, the data is encrypted, and then decrypted, producing the very same data:<br/>
<div class='code'  style='position:relative;padding-right:16px;'>
<pre id='code_442'>
 <span class="Comment">// Original string to encrypt</span>
<span class="Statement"> set-string</span> orig_data=<span class="Constant">&quot;something to encrypt!&quot;</span>

 <span class="Comment">// Encrypted data is in </span><span class="Constant">&quot;res&quot;</span><span class="Comment"> variable</span>
<span class="Statement"> encrypt-data</span> orig_data<span class="Identifier"> password</span> <span class="Constant">&quot;mypass&quot;</span><span class="Type"> to</span> res

 <span class="Comment">// Decrypt what was just encrypted, decrypted data is in </span><span class="Constant">&quot;dec_data&quot;</span>
<span class="Statement"> decrypt-data</span> res<span class="Identifier"> password</span> <span class="Constant">&quot;mypass&quot;</span><span class="Type"> to</span> dec_data

 <span class="Comment">// Check that decrypted data matches the original </span>
 <span class="Statement">if</span> (!strcmp (orig_data, dec_data)) {
<span class="Statement">     @</span>Success!
<span class="Statement"> }</span> else {
<span class="Statement">     @</span>Failure!
<span class="Statement"> }</span></pre>
<span id=golf_copied_442 style='position:absolute;right:-14px;top:-30px; cursor: pointer;visibility:hidden;background:white;'>Copied!</span>
<textarea id='golft_442' style='position: absolute;left: -500%;'></textarea>
<img src='https://golf-lang.com/golf-copy-small-1.png' id='golfb' onclick='gg_copy(golft_442, code_442, golf_copied_442)' style='position:absolute;right:0;top:0; cursor: pointer;opacity:0.5;'/>
</div><br/>
A more involved example below encrypts specific number of bytes (6 in this case). <a href='https://golf-lang.com/random-string.html'>random-string</a> is used to produce salt. The length of data to encrypt is given with "input-length" clause. The encrypted data is specified to be "binary" (meaning not as a human-readable string), so the "output-length" of such binary output is specified. The decryption thus uses "input-length" clause to specify the length of data to decrypt, and also "output-length" to get the length of decrypted data. Finally, the original data is compared with the decrypted data, and the length of such data must be the same as the original (meaning 6):<br/>
<div class='code'  style='position:relative;padding-right:16px;'>
<pre id='code_443'>
 <span class="Comment">// Original data (only the first </span><span class="Constant">6</span><span class="Comment"> bytes are encrypted)</span>
<span class="Statement"> set-string</span> orig_data=<span class="Constant">&quot;something to encrypt!&quot;</span>

 <span class="Comment">// Get </span><span class="Constant">8</span><span class="Comment"> random binary bytes to be the salt</span>
<span class="Statement"> random-string</span><span class="Type"> to</span> newsalt<span class="Identifier"> length</span> <span class="Constant">8</span><span class="Identifier"> binary</span>

 <span class="Comment">// Encrypt data using salt and produce binary output (meaning it's not a null-terminated character string), with the</span>
 <span class="Comment">// length of such output in </span><span class="Constant">&quot;encrypted_len&quot;</span><span class="Comment"> variable.</span>
<span class="Statement"> encrypt-data</span> orig_data<span class="Identifier"> input-length</span> <span class="Constant">6</span> output-length encrypted_len<span class="Identifier"> password</span> <span class="Constant">&quot;mypass&quot;</span><span class="Identifier"> salt</span> newsalt<span class="Type"> to</span> res<span class="Identifier"> binary</span>

 <span class="Comment">// Decrypt the data encrypted above. The length of encrypted data is passed in </span><span class="Constant">&quot;encrypted_len&quot;</span><span class="Comment"> variable, and then length of decrypted data</span>
 <span class="Comment">// is obtained in </span><span class="Constant">&quot;decrypted_len&quot;</span><span class="Comment"> variable.</span>
<span class="Statement"> decrypt-data</span> res output-length decrypted_len<span class="Identifier"> password</span> <span class="Constant">&quot;mypass&quot;</span><span class="Identifier"> salt</span> newsalt<span class="Type"> to</span> dec_data<span class="Identifier"> input-length</span> encrypted_len<span class="Identifier"> binary</span>

 <span class="Comment">// Check if the </span><span class="Constant">6</span><span class="Comment"> bytes of the original data matches decrypted data, and if exactly </span><span class="Constant">6</span><span class="Comment"> bytes was decrypted</span>
 <span class="Statement">if</span> (!strncmp(orig_data,dec_data, <span class="Constant">6</span>) &amp;&amp; decrypted_len == <span class="Constant">6</span>) {
<span class="Statement">     @</span>Success!
<span class="Statement"> }</span> else {
<span class="Statement">     @</span>Failure!
<span class="Statement"> }</span></pre>
<span id=golf_copied_443 style='position:absolute;right:-14px;top:-30px; cursor: pointer;visibility:hidden;background:white;'>Copied!</span>
<textarea id='golft_443' style='position: absolute;left: -500%;'></textarea>
<img src='https://golf-lang.com/golf-copy-small-1.png' id='golfb' onclick='gg_copy(golft_443, code_443, golf_copied_443)' style='position:absolute;right:0;top:0; cursor: pointer;opacity:0.5;'/>
</div><br/>
An example of using different algorithms:<br/>
<div class='code'  style='position:relative;padding-right:16px;'>
<pre id='code_444'>
<span class="Statement"> encrypt-data</span> <span class="Constant">&quot;some data!&quot;</span><span class="Identifier"> password</span> <span class="Constant">&quot;mypwd&quot;</span><span class="Identifier"> salt</span> rs1<span class="Type"> to</span> encd1<span class="Identifier"> cipher</span> <span class="Constant">&quot;camellia-256-cfb1&quot;</span><span class="Identifier"> digest</span> <span class="Constant">&quot;sha3-256&quot;</span>
<span class="Statement"> decrypt-data</span> encd1<span class="Identifier"> password</span> <span class="Constant">&quot;mypwd&quot;</span><span class="Identifier"> salt</span> rs1<span class="Type"> to</span> decd1<span class="Identifier"> cipher</span> <span class="Constant">&quot;camellia-256-cfb1&quot;</span><span class="Identifier"> digest</span> <span class="Constant">&quot;sha3-256&quot;</span></pre>
<span id=golf_copied_444 style='position:absolute;right:-14px;top:-30px; cursor: pointer;visibility:hidden;background:white;'>Copied!</span>
<textarea id='golft_444' style='position: absolute;left: -500%;'></textarea>
<img src='https://golf-lang.com/golf-copy-small-1.png' id='golfb' onclick='gg_copy(golft_444, code_444, golf_copied_444)' style='position:absolute;right:0;top:0; cursor: pointer;opacity:0.5;'/>
</div><br/>
<div class="vsub"><a id="See also"></a>See also</div>
 <a name='Encryption'></a><span style="font-weight:bold;">Encryption</span><br/>
<a href='https://golf-lang.com/decrypt-data.html'>decrypt-data</a> &nbsp;<br/>
<a href='https://golf-lang.com/derive-key.html'>derive-key</a> &nbsp;<br/>
<a href='https://golf-lang.com/encrypt-data.html'>encrypt-data</a> &nbsp;<br/>
<a href='https://golf-lang.com/hash-string.html'>hash-string</a> &nbsp;<br/>
<a href='https://golf-lang.com/hmac-string.html'>hmac-string</a> &nbsp;<br/>
<a href='https://golf-lang.com/random-crypto.html'>random-crypto</a> &nbsp;<br/>
<a href='https://golf-lang.com/random-string.html'>random-string</a> &nbsp; <br/>
<span style="font-weight:bold;">See all</span> <br/>
<a href='https://golf-lang.com/documentation.html'>documentation</a><br/>
<!--ENDVDOC90-->
<br/><div style='width:100%;clear:both;'>
<hr/>
<!--GOLFFOOT77--><span style='font-size:80%'><a href="https://golf-lang.com/copyright.html">Copyright</a> (c) 2019-2025 Gliim LLC. All contents on this web site is "AS IS" without warranties or guarantees of any kind.</span>
</div><br/></body></html>