m2crypto aes-256-cbc 不适用于编码的 openssl 文件
$ echo 'this is text' > text.1
$ openssl enc -aes-256-cbc -a -k "thisisapassword" -in text.1 -out text.enc
$ openssl enc -d -aes-256-cbc -a -k "thisisapassword" -in text.enc -out text.2
$ cat text.2
this is text
我可以用 openssl 来做到这一点。现在,我如何在 m2crypto 中执行相同的操作。文档缺乏这一点。我查看了 sNV 测试用例,仍然没有任何内容。我找到了一个示例, http://passingcuriosity.com/2009/ aes-encryption-in-python-with-m2crypto/ (更改为 aes_256_cbc),它将加密/解密它自己的字符串,但它无法解密使用 openssl 制作的任何内容,并且它加密的任何内容都无法从中解密openssl。
我需要能够使用 aes-256-cbc 进行 enc/dec,因为许多文件已经用此方法加密,并且我们还有许多其他系统也可以很好地处理 aes-256-cbc 输出。
我们只使用密码短语,没有 IV。因此将 IV 设置为 \0 * 16 是有意义的,但我不确定这是否也是问题的一部分。
有人有任何与 m2crypto 兼容的 AES 256 工作示例吗?
我还将尝试一些额外的库,看看它们是否工作得更好。
$ echo 'this is text' > text.1
$ openssl enc -aes-256-cbc -a -k "thisisapassword" -in text.1 -out text.enc
$ openssl enc -d -aes-256-cbc -a -k "thisisapassword" -in text.enc -out text.2
$ cat text.2
this is text
I can do this with openssl. Now, how do I do the same in m2crypto. Documentation is lacking this. I looked at the snv test cases, still nothing there. I found one sample, http://passingcuriosity.com/2009/aes-encryption-in-python-with-m2crypto/ (changed to aes_256_cbc), and it will encrypted/descrypt it's own strings, but it cannot decrypt anything made with openssl, and anything it encrypts isn't decryptable from openssl.
I need to be able enc/dec with aes-256-cbc as have many files already encrypted with this and we have many other systems in place that also handle the aes-256-cbc output just fine.
We use password phrases only, with no IV. So setting the IV to \0 * 16 makes sense, but I'm not sure if this is also part of the problem.
Anyone have any working samples of doing AES 256 that is compatible with m2crypto?
I will also be trying some additional libraries and seeing if they work any better.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
部分问题在于 openssl 创建的文件包含 16 个字节的前置盐信息 Salted__xxxxxxxx。因此,必须先提取这些内容,然后才能进行解密。下一个问题是获取原始密码,撒上盐,然后从中获取生成的密钥并制作用于解密的密钥/iv 对。我已经能够在第一轮中输入哈希值,但由于是 256 位,因此需要两轮才能成功。问题是创建第二轮哈希。
还应该提到的是,我们被锁定在 python 2.4 中,因此未来引入的一些关键例程对我们不起作用。
Part of the problem is that the openssl created file contains 16 bytes of prepended salt information Salted__xxxxxxxx. So, these must be extracted first, then decryption may occur. The next problem is to take original password, sprinkle in the salt, and take the generated key from that and make the key/iv pair for decryption. I have been able to make the first round of they key in hash, but being 256 bit, it needs two rounds to be successful. The problem is creating the second round of hash.
It should also be mentioned that we are locked into python 2.4 so some of the future key routines that are introduced do not work for us.