Encrypt decrypt

btcec/ciphering.go

@@ -5,6 +5,12 @@
 package btcec
 
 import (
+	"bytes"
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/rand"
+	"crypto/sha256"
+	"fmt"
 	secp "github.com/decred/dcrd/dcrec/secp256k1/v4"
 )
 
@@ -14,3 +20,45 @@ import (
 func GenerateSharedSecret(privkey *PrivateKey, pubkey *PublicKey) []byte {
 	return secp.GenerateSharedSecret(privkey, pubkey)
 }
+
+// Encrypt encrypts data for the target public key using AES-128-GCM
+func Encrypt(pubKey *PublicKey, msg []byte) ([]byte, error) {
+	var pt bytes.Buffer
+
+	ephemeral, err := NewPrivateKey()
+	if err != nil {
+		return nil, fmt.Errorf("failed to generate private key: %v", err)
+	}
+
+	pt.Write(ephemeral.PubKey().SerializeUncompressed())
+
+	ecdhKey := GenerateSharedSecret(ephemeral, pubKey)
+	hashedSecret := sha256.Sum256(ecdhKey)
+	encryptionKey := hashedSecret[:16]
+
+	block, err := aes.NewCipher(encryptionKey)
+	if err != nil {
+		return nil, err
+	}
+
+	nonce := make([]byte, 16)
+	if _, err := rand.Read(nonce); err != nil {
+		return nil, err
+	}
+
+	pt.Write(nonce)
+
+	gcm, err := cipher.NewGCMWithNonceSize(block, 16)
+	if err != nil {
+		return nil, err
+	}
+
+	ciphertext := gcm.Seal(nil, nonce, msg, nil)
+
+	tag := ciphertext[len(ciphertext)-gcm.NonceSize():]
+	pt.Write(tag)
+	ciphertext = ciphertext[:len(ciphertext)-len(tag)]
+	pt.Write(ciphertext)
+
+	return pt.Bytes(), nil
+}