使用 PyCrypto 进行 AES 加密并使用 mcrypt 进行解密
对于一些敏感数据,我决定将其以 AES 加密方式存储在光盘上。我已经使用 PyCrypto 实现了加密。
此外,数据很重要,并且存储的加密数据将是我唯一的副本(除了备份),因此我寻找了一些在不使用 PyCrypto 的情况下检索数据的方法,以便考虑到 PyCrypto 不再可用的可能性对我来说(无论出于什么原因)。
我认为 mcrypt 可能是一个选择。
这是我编写一些密文的测试用例:
import Crypto.Cipher.AES
import sys
pwd = 'qwertzuiopasdfgh'
mode = Crypto.Cipher.AES.MODE_CBC
aes = Crypto.Cipher.AES.new( pwd, mode )
text = 'asdfghjklyxcvbnm'
sys.stdout.write( aes.encrypt( text ) )
我将输出重定向到文件 out.nc
并尝试解密,
mcrypt -d -b -k qwertzuiopasdfgh -a rijndael-128 -m CBC out.nc
但不幸的是,生成的文件 out
的字节大小为零。
我希望 mcrypt 有多种选项组合来完成这项工作......
For some sensitive data I decided to store it AES-encrypted on disc. I've implemented the encryption using PyCrypto.
Furthermore, the data is important, and the stored encrypted data will be my only copy of it (backups aside), so I looked for some means of retrieving the data without using PyCrypto to have a fallback given the possibility that PyCrypto is not longer available to me (for whatever reason that may be).
I thought mcrypt could be an option.
This is my test case to get some ciphertext written:
import Crypto.Cipher.AES
import sys
pwd = 'qwertzuiopasdfgh'
mode = Crypto.Cipher.AES.MODE_CBC
aes = Crypto.Cipher.AES.new( pwd, mode )
text = 'asdfghjklyxcvbnm'
sys.stdout.write( aes.encrypt( text ) )
I redirected the output to a file out.nc
and tried decryption by
mcrypt -d -b -k qwertzuiopasdfgh -a rijndael-128 -m CBC out.nc
but the resulting file out
has zero bytes size, unfortunately.
I hope there is a combination of options to mcrypt to make this work…
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我认为问题可能在于您没有为 CBC 模式提供 IV,并且如果没有 IV,mCrypt 和 PyCrypto 可能会通过使用不同的默认 IV 来以不同的方式处理它。我见过一些实现(例如 phpseclib)默认使用 16 个空字节和 IV。 mcrypt 可能不会这样做。
I think the problem may lay in the fact that you don't supply an IV for CBC mode and without an IV maybe mCrypt and PyCrypto handle it differently by using different default IVs. I have seen some implementations (phpseclib for instance) use and IV of 16 null bytes by default. mcrypt might not do this.
为什么在没有 PyCrypto 的情况下能够恢复很重要?您只需使用旧操作系统和旧版本的 PyCrypto 启动虚拟机,导出数据,然后使用不同的算法和实现重新加密即可。
Why is it important to be able to recover without PyCrypto? You can simply fire up a VM with the old OS and the old release of PyCrypto, export your data, and re-encrypt with a different algorithm and implementation.