Invalid gorilla key size
When I create a new cookie store and do the following:
var store = sessions.NewCookieStore(securecookie.GenerateRandomKey(1), securecookie.GenerateRandomKey(2))
I have an error message
crypto/aes: invalid key size 2
Why am I wrong? When I look at the definition of a function
// NewCookieStore returns a new CookieStore.
//
// Keys are defined in pairs to allow key rotation, but the common case is
// to set a single authentication key and optionally an encryption key.
//
// The first key in a pair is used for authentication and the second for
// encryption. The encryption key can be set to nil or omitted in the last
// pair, but the authentication key is required in all pairs.
//
// It is recommended to use an authentication key with 32 or 64 bytes.
// The encryption key, if set, must be either 16, 24, or 32 bytes to select
// AES-128, AES-192, or AES-256 modes.
//
// Use the convenience function securecookie.GenerateRandomKey() to create
// strong keys.
func NewCookieStore(keyPairs ...[]byte) *CookieStore {
return &CookieStore{
Codecs: securecookie.CodecsFromPairs(keyPairs...),
Options: &Options{
Path: "/",
MaxAge: 86400 * 30,
},
}
}
I think we are passing the correct parameter.
+3
source to share
1 answer
From the documentation you provided:
// It is recommended to use an authentication key with 32 or 64 bytes.
// Encryption key, if set, must be 16, 24 or 32 bytes to select AES-128, AES-192, or AES-256 modes.
So, you can use something like this:
//replace 16 with 24 for 192bit or 32 for 256bit.
var store = sessions.NewCookieStore(securecookie.GenerateRandomKey(16),
securecookie.GenerateRandomKey(16))
// edit
Also @elithrar made a very correct point in the comments, so keep that in mind:
Also note that restarting the application means it cannot read existing sessions (as new keys are generated each time) when using this method.
+6
source to share