gorilla session invalid key size

Question

When I create new cookie store and do like:

var store = sessions.NewCookieStore(securecookie.GenerateRandomKey(1), securecookie.GenerateRandomKey(2))

I've got the the error message

crypto/aes: invalid key size 2

Why what do I wrong? When I look at the function definition

// NewCookieStore returns a new CookieStore.
//
// Keys are defined in pairs to allow key rotation, but the common case is
// to set a single authentication key and optionally an encryption key.
//
// The first key in a pair is used for authentication and the second for
// encryption. The encryption key can be set to nil or omitted in the last
// pair, but the authentication key is required in all pairs.
//
// It is recommended to use an authentication key with 32 or 64 bytes.
// The encryption key, if set, must be either 16, 24, or 32 bytes to select
// AES-128, AES-192, or AES-256 modes.
//
// Use the convenience function securecookie.GenerateRandomKey() to create
// strong keys.
func NewCookieStore(keyPairs ...[]byte) *CookieStore {
    return &CookieStore{
        Codecs: securecookie.CodecsFromPairs(keyPairs...),
        Options: &Options{
            Path:   "/",
            MaxAge: 86400 * 30,
        },
    }
}

I think pass the right parameter.

Answer 1

From the documentation you linked:

// It is recommended to use an authentication key with 32 or 64 bytes.

// The encryption key, if set, must be either 16, 24, or 32 bytes to select AES-128, AES-192, or AES-256 modes.

So you could use something like this:

//replace 16 with 24 for 192bit or 32 for 256bit.
var store = sessions.NewCookieStore(securecookie.GenerateRandomKey(16), 
                                    securecookie.GenerateRandomKey(16))

// edit

Also @elithrar made a very valid point in comments, so keep it in mind:

Also note that restarting your application means that it cannot read existing sessions (as new keys are generated every time) when using this method.