MySQL database and Go language: How to ensure internal encryption of data?

With the continuous development of Internet technology, data security has become a very important topic. In database operations, ensuring data security and confidentiality is very critical. As a popular database, MySQL has weak security setting capabilities, but it can ensure internal data encryption through some technical means, and the Go language is a language that is very suitable for data encryption. Next, let us discuss how the MySQL database and Go language ensure internal data encryption.

1. MySQL data encryption

1.1 Password encryption

By default in the MySQL database, user login passwords are stored in clear text, which makes them very easy to be stolen by hackers. To prevent this from happening, we need to encrypt the password.

MySQL provides a variety of encryption methods, such as MD5, SHA, etc. Among them, SHA-2 is considered a relatively strong encryption method. Encrypting the user's password through SHA-2 and storing it in the database can effectively improve the security of the user's password.

You can use MySQL's PASSWORD function to perform SHA-2 encryption, as shown below:

UPDATE users SET password=PASSWORD('123456') WHERE name='zhangsan';

1.2 Database encryption

In addition to password encryption, we can also encrypt the entire The database is encrypted. MySQL provides an encryption method, Transparent Data Encryption (TDE), which can ensure the security of stored data without affecting database performance.

TDE uses an encryption algorithm called "Advanced Encryption Standard (AES)" to encrypt the entire database, thereby effectively preventing the risk of database intrusion and data theft by hackers.

TDE encryption can be achieved through the following steps:

1. Add the following two lines to the my.cnf file in the MySQL installation directory:

[mysqld]
plugin-load-add=innodb_engine.so

2. Execute the following SQL statement in the MySQL command line:

INSTALL PLUGIN INNODB_TRX; 
INSTALL PLUGIN INNODB_LOCKS; 
INSTALL PLUGIN INNODB_LOCK_WAITS; 
INSTALL PLUGIN INNODB_CMP; 
INSTALL PLUGIN INNODB_CMP_RESET; 
INSTALL PLUGIN INNODB_CMPMEM; 
INSTALL PLUGIN INNODB_CMPMEM_RESET; 
SET GLOBAL innodb_file_per_table=1;
SET GLOBAL innodb_file_format=Barracuda;

3. Encrypt the existing table:

ALTER TABLE table_name ENCRYPTION='Y';

2. Go language data encryption

2.1 Symmetric encryption

Symmetric encryption is a common encryption method. It uses the same key for encryption and decryption. During the encryption and decryption process, the key must remain consistent. The crypto package is used in Go language to implement symmetric encryption. Commonly used encryption algorithms include AES, DES, Blowfish, etc.

The following is an example of using AES symmetric encryption:

package main

import (
    "crypto/aes"
    "crypto/cipher"
    "crypto/rand"
    "encoding/base64"
    "fmt"
    "io"
)

func encrypt(key []byte, text string) (string, error) {
    // Create the AES cipher
    cipherBlock, err := aes.NewCipher(key)
    if err != nil {
        return "", err
    }

    // Create a new IV with random data
    iv := make([]byte, aes.BlockSize)
    if _, err = io.ReadFull(rand.Reader, iv); err != nil {
        return "", err
    }

    // Create a new Cipher Block Chaining (CBC) mode encrypter
    encrypter := cipher.NewCBCEncrypter(cipherBlock, iv)

    // Encrypt the text
    plaintext := []byte(text)
    ciphertext := make([]byte, len(plaintext))
    encrypter.CryptBlocks(ciphertext, plaintext)

    // Base64 encode the IV and ciphertext
    result := base64.StdEncoding.EncodeToString(iv)
    result += ":"
    result += base64.StdEncoding.EncodeToString(ciphertext)
    return result, nil
}

func decrypt(key []byte, text string) (string, error) {
    // Split the data into IV and ciphertext
    parts := strings.Split(text, ":")
    if len(parts) != 2 {
        return "", fmt.Errorf("invalid encrypted text format")
    }

    // Base64 decode the IV and ciphertext
    iv, err := base64.StdEncoding.DecodeString(parts[0])
    if err != nil {
        return "", err
    }
    ciphertext, err := base64.StdEncoding.DecodeString(parts[1])
    if err != nil {
        return "", err
    }

    // Create the AES cipher
    cipherBlock, err := aes.NewCipher(key)
    if err != nil {
        return "", err
    }

    // Create a new Cipher Block Chaining (CBC) mode decrypter
    decrypter := cipher.NewCBCDecrypter(cipherBlock, iv)

    // Decrypt the ciphertext
    plaintext := make([]byte, len(ciphertext))
    decrypter.CryptBlocks(plaintext, ciphertext)

    return string(plaintext), nil
}

func main() {
    key := []byte("thisisasamplekey")
    encryptedText, err := encrypt(key, "Hello World!")
    if err != nil {
        panic(err)
    }
    fmt.Println("Encrypted Text:", encryptedText)

    decryptedText, err := decrypt(key, encryptedText)
    if err != nil {
        panic(err)
    }
    fmt.Println("Decrypted Text:", decryptedText)
}

2.2 Asymmetric encryption

Asymmetric encryption uses a pair of keys for encryption and decryption, one of which One key is public and is called a public key, while the other key is private and is called a private key. The crypto/rsa package is used in the Go language to implement asymmetric encryption. The asymmetric encryption algorithm is more secure than the symmetric encryption algorithm, but slower, so it is generally used to encrypt a small amount of data or used in conjunction with symmetric encryption.

The following is an example of using RSA asymmetric encryption:

package main

import (
    "crypto/rand"
    "crypto/rsa"
    "crypto/sha256"
    "encoding/hex"
    "fmt"
)

func generateRSAKeys() (*rsa.PrivateKey, *rsa.PublicKey, error) {
    privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
    if err != nil {
        return nil, nil, err
    }

    return privateKey, &privateKey.PublicKey, nil
}

func encrypt(message string, publicKey *rsa.PublicKey) (string, error) {
    hashed := sha256.Sum256([]byte(message))

    ciphertext, err := rsa.EncryptPKCS1v15(rand.Reader, publicKey, hashed[:])
    if err != nil {
        return "", err
    }

    return hex.EncodeToString(ciphertext), nil
}

func decrypt(ciphertext string, privateKey *rsa.PrivateKey) (string, error) {
    data, err := hex.DecodeString(ciphertext)
    if err != nil {
        return "", err
    }

    hash := make([]byte, len(data))
    err = rsa.DecryptPKCS1v15(rand.Reader, privateKey, data, hash)
    if err != nil {
        return "", err
    }

    return string(hash), nil
}

func main() {
    privateKey, publicKey, err := generateRSAKeys()
    if err != nil {
        panic(err)
    }

    encryptedText, err := encrypt("Hello World!", publicKey)
    if err != nil {
        panic(err)
    }
    fmt.Println("Encrypted Text:", encryptedText)

    decryptedText, err := decrypt(encryptedText, privateKey)
    if err != nil {
        panic(err)
    }
    fmt.Println("Decrypted Text:", decryptedText)
}

3. Summary

Both MySQL database and Go language provide different solutions in data encryption. Password encryption and database encryption can be used for data protection in MySQL, while symmetric encryption and asymmetric encryption can be used for data encryption in the Go language. As needed, different solutions can be combined to achieve a more powerful data protection effect.

The above is the detailed content of MySQL database and Go language: How to ensure internal encryption of data?. For more information, please follow other related articles on the PHP Chinese website!