在 iOS 中解码 OpenSSL AES256 字符串

发布于 2025-01-04 21:26:44 字数 477 浏览 1 评论 0原文

CLI

$ echo -n "TEST1" | openssl enc -aes256 -k FUUU -nosalt -a
bYbkQJcDFZt3y3UQEMbEeg==

iOS

NSString *leSYT = @"bYbkQJcDFZt3y3UQEMbEeg==";
NSData *data = [NSData dataFromBase64String:leSYT];
NSLog(@"%@",[data AES256DecryptWithKey:@"FUUU"]);

iOS 由于失败而不会输出任何内容。我缺少什么？

NSData 添加： http://pastie.org/426530 // NSData+Base64 by Matt Gallagher

原文

CLI

$ echo -n "TEST1" | openssl enc -aes256 -k FUUU -nosalt -a
bYbkQJcDFZt3y3UQEMbEeg==

iOS

NSString *leSYT = @"bYbkQJcDFZt3y3UQEMbEeg==";
NSData *data = [NSData dataFromBase64String:leSYT];
NSLog(@"%@",[data AES256DecryptWithKey:@"FUUU"]);

iOS doesn't output anything since it failed.
What am I missing?

NSData additions: http://pastie.org/426530 // NSData+Base64 by Matt Gallagher

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

她说她爱他 2025-01-11 21:26:44

OpenSSL 的 enc 实用程序中的 -k 选项从您的密码“FUUU”中派生出 AES 密钥和 IV。您可以使用 -p 选项让 OpenSSL 打印它派生的 AES256 密钥和 IV：

$ echo -n "TEST1" | openssl enc -aes256 -k FUUU -nosalt -a -p
key=59C12FFF74992ED40F4DF80A56AB55AE7C513B17CB4B8CF8342E9444C7F7AF3B
iv =0BEE68AD25123B7076B91A5AFB549E33
bYbkQJcDFZt3y3UQEMbEeg==

AES256DecryptWithKey 需要 32 字节 AES 密钥，如注释所述：

- (NSData *)AES256DecryptWithKey:(NSString *)key {
    // 'key' should be 32 bytes for AES256, will be null-padded otherwise
    char keyPtr[kCCKeySizeAES256+1]; // room for terminator (unused)
    bzero(keyPtr, sizeof(keyPtr)); // fill with zeroes (for padding)

但即使您转换密钥字符串从 OpenSSL 到字节字符串（不是 64 个 ASCII 字符。32 个字节），您仍然无法解密它并取回原始字符串。这是因为 OpenSSL 使用 IV，但 AES256DecryptWithKey 不是：（

CCCryptorStatus cryptStatus = CCCrypt(kCCDecrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding,
                                 keyPtr, kCCKeySizeAES256,
                                 NULL /* initialization vector (optional) */,
                                 [self bytes], dataLength, /* input */
                                 buffer, bufferSize, /* output */
                                 &numBytesDecrypted);

看到为 IV 传递的 NULL 了吗？这对你不起作用）

所以你需要使用加密和解密方法，它们都使用相同的 AES 密钥和 IV为了这个工作。

The -k option in OpenSSL's enc utility derives an AES key and IV from your passphrase "FUUU". You can use the -p option to have OpenSSL print the AES256 key and IV that it derived:

$ echo -n "TEST1" | openssl enc -aes256 -k FUUU -nosalt -a -p
key=59C12FFF74992ED40F4DF80A56AB55AE7C513B17CB4B8CF8342E9444C7F7AF3B
iv =0BEE68AD25123B7076B91A5AFB549E33
bYbkQJcDFZt3y3UQEMbEeg==

AES256DecryptWithKey is expecting a 32-byte AES key, as the comments say:

- (NSData *)AES256DecryptWithKey:(NSString *)key {
    // 'key' should be 32 bytes for AES256, will be null-padded otherwise
    char keyPtr[kCCKeySizeAES256+1]; // room for terminator (unused)
    bzero(keyPtr, sizeof(keyPtr)); // fill with zeroes (for padding)

But even if you convert the key string from OpenSSL to a string of bytes (not 64 ASCII characters. 32 bytes), you still won't be able to decrypt it and get your original string back. That's because OpenSSL is using an IV, but AES256DecryptWithKey is not:

CCCryptorStatus cryptStatus = CCCrypt(kCCDecrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding,
                                 keyPtr, kCCKeySizeAES256,
                                 NULL /* initialization vector (optional) */,
                                 [self bytes], dataLength, /* input */
                                 buffer, bufferSize, /* output */
                                 &numBytesDecrypted);

(See the NULL being passed for the IV? That's not going to work for you)

So you need to use an encryption and decryption method that both use the same AES key and IV for this to work.

回复收藏 0 原文

~没有更多了~