使用 openssl 加密 Apple 的 HTTP Live Streaming - 问题

发布于 2024-10-09 19:17:02 字数 401 浏览 0 评论 0原文

这是当 static.key 包含我的随机密钥时我的 shell 脚本的代码。

hexKey=$(cat static.key | hexdump -e '16/1 "%02x"')
echo $hexKey
hexIV="0"
echo $hexIV
openssl aes-128-cbc -e -in logo-1.ts -out logo-enc-1.ts -p -nosalt -K ${he-iv ${hexIV}

我在运行时遇到一些错误。

(output:
non-hex digit
invalid hex iv value
: command not found
)

也许有人知道这个问题。我已经连续几天了。

原文

This is my code of my shell script when static.key contains my random key.

hexKey=$(cat static.key | hexdump -e '16/1 "%02x"')
echo $hexKey
hexIV="0"
echo $hexIV
openssl aes-128-cbc -e -in logo-1.ts -out logo-enc-1.ts -p -nosalt -K ${he-iv ${hexIV}

I get some error when running it.

(output:
non-hex digit
invalid hex iv value
: command not found
)

Maybe someone knows the problem. I'm on it for days now.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

落在眉间の轻吻 2024-10-16 19:17:02

该错误意味着 OpenSSL 看到的 IV 值包含非十六进制字符（即 0123456789abcdefABCDEF 以外的字符）。

AES128 密钥为 128/8 = 16 字节，因此密钥应有 32 个字符。 IV 为 16 个字节，对应于 AES 块大小，OpenSSL 将为您将单个“0”转换为 16 个零字节。这是一个好的命令的示例：

$ echo -n "hello" > in
$ openssl aes-128-cbc -e -in in -out out -p -nosalt \
  -K 000102030405060708090a0b0c0d0e0f -iv 000102030405060708090a0b0c0d0e0f
$ cat out | hexdump -e '16/1 "%02x"'
8326dc340c564d49790650a59260fea0

现在将 IV 的最后一个字符替换为非十六进制字符，您会看到与所得到的错误相同。

$ openssl aes-128-cbc -e -in in -out out -p -nosalt \
  -K 000102030405060708090a0b0c0d0e0f -iv 000102030405060708090a0b0c0d0e0q
$ cat out | hexdump -e '16/1 "%02x"'
non-hex digit
invalid hex iv value

如果您粘贴的是您正在运行的真实代码，那么问题就很明显了。首先，-K ${he-iv ${hexIV} 是什么意思？其次，参数 -K 是给出密钥。您缺少 -iv 来提供 IV。你甚至缺少一个右大括号。

假设 static.key 有 16 个字节，这可能会解决您的问题：

openssl aes-128-cbc -e -in logo-1.ts -out logo-enc-1.ts -p -nosalt -K $hexKey -iv $hexIV

作为最后一个提示，如果您使用的是 bash，请使用 -x 作为参数运行脚本bash ，它会在扩展变量后打印它执行的每一行，以便您可以准确地看到它在做什么：

$ /bin/bash -x my_script
+ hexKey=0
+ hexIV=0
+ openssl aes-128-cbc -e -in in -out out -p -nosalt -K 0 -iv 0

That error means that the value OpenSSL sees for the IV contains a non-hexadecimal character (i.e., something other than 0123456789abcdefABCDEF).

An AES128 key is 128/8 = 16 bytes, so you should have 32 characters for the key. An IV is 16 bytes, corresponding to the AES block size, and OpenSSL will covert a single "0" into 16 zero bytes for you. This is an example of a good command:

$ echo -n "hello" > in
$ openssl aes-128-cbc -e -in in -out out -p -nosalt \
  -K 000102030405060708090a0b0c0d0e0f -iv 000102030405060708090a0b0c0d0e0f
$ cat out | hexdump -e '16/1 "%02x"'
8326dc340c564d49790650a59260fea0

Now replace the last character of the IV with a non-hex character, and see that you get the same error you're getting.

$ openssl aes-128-cbc -e -in in -out out -p -nosalt \
  -K 000102030405060708090a0b0c0d0e0f -iv 000102030405060708090a0b0c0d0e0q
$ cat out | hexdump -e '16/1 "%02x"'
non-hex digit
invalid hex iv value

If what you've pasted is the real code you're running, the problem is obvious. First, what is -K ${he-iv ${hexIV} supposed to mean? Second, the argument -K is to give the key. You're missing -iv to give the IV. You're even missing a closing brace.

This will probably fix your problem assuming static.key has 16 bytes:

openssl aes-128-cbc -e -in logo-1.ts -out logo-enc-1.ts -p -nosalt -K $hexKey -iv $hexIV

As a last tip, if you're using bash, run your script with -x as the argument to bash and it will print every line it executes after it expands the variables so you can see exactly what it's doing:

$ /bin/bash -x my_script
+ hexKey=0
+ hexIV=0
+ openssl aes-128-cbc -e -in in -out out -p -nosalt -K 0 -iv 0

回复收藏 0 原文

櫻之舞 2024-10-16 19:17:02

在 bash shell 中存储键值的过程中，包含了一些尾随垃圾（空值或换行符），这些垃圾被传递给 openssl 并导致它抱怨非十六进制字符。

要修复 128 位/32 个 ascii 字符十六进制键和 IV 的问题，请告诉 bash 仅传递前 32 个字符，如下所示（对于其他键或 iv 长度，将值从 32 更改为键中位数的 1/4 或iv)

openssl aes-128-cbc -e -in logo-1.ts -out logo-enc-1.ts -p -nosalt -K ${hexKey:0:32} -iv ${hexIV:0:32}

要验证是否传递了正确的值，请使用 openssl 的“打印键”-P 选项（注意大写“-P”）

openssl aes-128-cbc -e -in logo-1.ts -out logo-enc-1.ts -p -nosalt -K ${hexKey:0:32} -iv ${hexIV:0:32} -P

In the process of storing the key value in the bash shell, some trailing garbage got included (either a null or newline) which is being passed to openssl and causing it to complain about non hex characters.

To fix this for 128 bit / 32 ascii character hex keys and IVs, tell bash to pass ONLY the first 32 characters like this (for other key or iv lengths change the value from 32 to 1/4 the number of bits in the key or iv)

openssl aes-128-cbc -e -in logo-1.ts -out logo-enc-1.ts -p -nosalt -K ${hexKey:0:32} -iv ${hexIV:0:32}

To verify that the correct values are being passed, use openssl's 'print keys' -P option (note UPPER CASE "-P")

openssl aes-128-cbc -e -in logo-1.ts -out logo-enc-1.ts -p -nosalt -K ${hexKey:0:32} -iv ${hexIV:0:32} -P

回复收藏 0 原文

指尖微凉心微凉 2024-10-16 19:17:02

我一直在努力解决这个问题，基本上我找到了这个解决方案：

加密：

openssl aes-256-cbc -k “choose_password_to_encrypt” -in /path_to_your_file_to_encrypt/file_to_encrypt.extension_file -out /path_to_your_file_to_dencrypt/choose_name_file_after_decrypt.extension_file.enc -a

解密：

openssl aes-256-cbc -k “password_chose_to_encrypt” -in /path_to_your_file_to_dencrypt/choose_name_file_after_decrypt.extension_file.enc -d -a -out /path_to_your_file_to_encrypt/file_to_encrypt.extension_file

我希望它有用

I have been struggling with this, basically I found this solution:

Encrypt:

openssl aes-256-cbc -k “choose_password_to_encrypt” -in /path_to_your_file_to_encrypt/file_to_encrypt.extension_file -out /path_to_your_file_to_dencrypt/choose_name_file_after_decrypt.extension_file.enc -a

Decrypt:

openssl aes-256-cbc -k “password_chose_to_encrypt” -in /path_to_your_file_to_dencrypt/choose_name_file_after_decrypt.extension_file.enc -d -a -out /path_to_your_file_to_encrypt/file_to_encrypt.extension_file

I hope it can be useful

回复收藏 0 原文

~没有更多了~