diff --git a/README.md b/README.md
index d9c9d41..00a741f 100644
--- a/README.md
+++ b/README.md
@@ -5,3 +5,23 @@ go env -w  GONOPROXY=git.apinb.com/*
 go env -w  GOINSECURE=git.apinb.com/*
 go env -w  GONOSUMDB=git.apinb.com/*
 ```
+# crypto 加密与解密
+## GCM加密
+```
+AESGCMEncrypt GCM 加密
+AESGCMDecrypt GCM 解密
+```
+## CBC加密
+```
+Encrypt CBC加密
+Decrypt CBC解密
+```
+## ECB加密
+```
+AesEncryptECB ECB加密
+AesDecryptECB ECB解密
+```
+## 环境变量检测
+```
+AesKeyCheck 秘钥环境变量检测
+```
diff --git a/crypto/aes/aes.go b/crypto/aes/aes.go
index 4839fc3..bd848cd 100644
--- a/crypto/aes/aes.go
+++ b/crypto/aes/aes.go
@@ -4,10 +4,58 @@ import (
 	"bytes"
 	"crypto/aes"
 	"crypto/cipher"
+	"crypto/rand"
 	"encoding/base64"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"io"
+	"os"
 )
 
-// AES加密
+// =================== GCM ======================
+// AEC GCM 加密
+func AESGCMEncrypt(plaintext, key []byte) (string, error) {
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return "", err
+	}
+	gcm, err := cipher.NewGCM(block)
+	if err != nil {
+		return "", err
+	}
+	nonce := make([]byte, gcm.NonceSize())
+	if _, err = io.ReadFull(rand.Reader, nonce); err != nil {
+		return "", err
+	}
+	ciphertext := gcm.Seal(nonce, nonce, plaintext, nil)
+	return hex.EncodeToString(ciphertext), nil
+}
+
+// AEC GCM 解密
+func AESGCMDecrypt(ciphertext string, key []byte) ([]byte, error) {
+	data, err := hex.DecodeString(ciphertext)
+	if err != nil {
+		return nil, err
+	}
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+	gcm, err := cipher.NewGCM(block)
+	if err != nil {
+		return nil, err
+	}
+	nonceSize := gcm.NonceSize()
+	if len(data) < nonceSize {
+		return nil, errors.New("密文无效")
+	}
+	nonce, cipherbyte := data[:nonceSize], data[nonceSize:]
+	return gcm.Open(nil, nonce, cipherbyte, nil)
+}
+
+// =================== CBC ======================
+// AES CBC加密
 func Encrypt(key string, iv string, data string) string {
 	if len(data) == 0 {
 		return ""
@@ -24,7 +72,7 @@ func Encrypt(key string, iv string, data string) string {
 	return data
 }
 
-// AES解密
+// AES CBC解密
 func Decrypt(key string, iv string, data string) string {
 	if len(data) == 0 {
 		return ""
@@ -102,3 +150,24 @@ func generateKey(key []byte) (genKey []byte) {
 	}
 	return genKey
 }
+
+func AesKeyCheck(key string) (string, error) {
+	// 从环境变量获取密钥
+	keyHex := os.Getenv("RST_KEY")
+	if keyHex == "" {
+		fmt.Println("环境变量 RST_KEY 未设置")
+		return "", errors.New("环境变量 RST_KEY 未设置")
+	}
+	// 解码十六进制字符串的密钥
+	byteKey, err := hex.DecodeString(keyHex)
+	if err != nil {
+		fmt.Printf("密钥解码失败: %v\n", err)
+		return "", errors.New("密钥解码失败")
+	}
+	// 检查密钥长度
+	if len(byteKey) != 16 && len(key) != 24 && len(key) != 32 {
+		fmt.Printf("无效的密钥长度: %d 字节 (需要16,24或32字节)\n", len(key))
+		return "", errors.New("无效的密钥长度,需要16,24或32字节")
+	}
+	return keyHex, nil
+}