package secretcrypto import "strings" import "testing" func TestEncryptDecryptRoundTrip(t *testing.T) { var box *Box var enc string var dec string var err error box = New(t.TempDir()) enc, err = box.Encrypt(`{"password":"hunter2","token":"abc"}`) if err != nil { t.Fatalf("encrypt: %v", err) } if !strings.HasPrefix(enc, Prefix) { t.Fatalf("ciphertext missing prefix: %q", enc) } if strings.Contains(enc, "hunter2") { t.Fatalf("plaintext leaked into ciphertext: %q", enc) } dec, err = box.Decrypt(enc) if err != nil { t.Fatalf("decrypt: %v", err) } if dec != `{"password":"hunter2","token":"abc"}` { t.Fatalf("round-trip mismatch: %q", dec) } } func TestEncryptEmptyIsEmpty(t *testing.T) { var box *Box var enc string var err error box = New(t.TempDir()) enc, err = box.Encrypt("") if err != nil || enc != "" { t.Fatalf("empty payload should encrypt to empty, got %q err=%v", enc, err) } } func TestDecryptPassthroughForPlaintext(t *testing.T) { var box *Box var out string var err error box = New(t.TempDir()) // A value without the prefix (legacy/plaintext) is returned as-is. out, err = box.Decrypt("not-encrypted") if err != nil || out != "not-encrypted" { t.Fatalf("passthrough failed: %q err=%v", out, err) } } func TestKeyPersistsAcrossBoxes(t *testing.T) { var dir string var enc string var dec string var err error dir = t.TempDir() enc, err = New(dir).Encrypt("secret-value") if err != nil { t.Fatalf("encrypt: %v", err) } // A fresh Box over the same data dir must reuse the persisted key. dec, err = New(dir).Decrypt(enc) if err != nil { t.Fatalf("decrypt with new box: %v", err) } if dec != "secret-value" { t.Fatalf("expected secret-value, got %q", dec) } }