通过加密数据生成MAC
我希望这个问题不会因为没有建设性而被关闭。我一直在用头撞墙来解决这个问题,但仍然一无所获。所以,这是我最后的希望:
问题基本上是关于生成 ISO 8583-Rev 93 消息的 MAC 字段。
我有一些有效消息的转储,我正在尝试生成正确的 MAC。
- 加密算法为
DES、Mode=CBC、IV = new byte[] {0, 0, 0, 0, 0, 0, 0, 0}< /code> - 加密密钥为:
new byte[] { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 } - 要加密的数据是(消息)(208 字节长):
new byte[] { 49, 50, 48, 48, 70, 54, 51, 52, 56, 52, 48, 49, 56, 56, 69, 49, 49, 48, 48, 48, 48, 49, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 22, 54, 50, 56, 48, 50, 51, 49, 49, 49, 48, 48, 48, 48, 54, 52, 50, 51, 49, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 49, 49, 54, 48, 56, 48, 56, 52, 53, 51, 57, 55, 57, 56, 54, 49, 50, 48, 49, 49, 54, 49, 49, 51, 56, 52, 53, 48, 48, 48, 48, 48, 49, 49, 54, 54, 49, 48, 53, 48, 48, 54, 49, 51, 49, 55, 67, 6, 54, 50, 56, 48, 50, 51, 6, 54, 50, 56, 48, 50, 51, 53, 49, 52, 50, 52, 49, 52, 51, 50, 53, 52, 51, 48, 57, 57, 57, 57, 52, 48, 50, 48, 48, 48, 48, 48, 57, 57, 57, 57, 52, 48, 50, 32, 32, 32, 7, 84, 101, 108, 66, 97, 110, 107, 0, 0, 51, 55, 54, 69, 55, 49, 67, 68, 69, 49, 68, 56, 54, 54, 51, 54, 0, 0 };- 我应该加密数据并(可能在将结果转换为十六进制之后)获取有效的 BF327C0CED48F26B 值它进入消息的第 128 字段。
这是我尝试过的(以及更多实现):
var mac = Encrypt(dataToEncrypt);
// Convert to hex representation.
var hexMac = IsoUtils.ByteArrayToHex(mac);
// No BF327C0CED48F26B is in hexMac! something is probably wrong!
/// <summary>
/// Encrypts the input data. Tried many other ways with the same result.
/// </summary>
public byte[] Encrypt(byte[] input)
{
DESCryptoServiceProvider desProvider = new DESCryptoServiceProvider();
desProvider.Padding = PaddingMode.None;
desProvider.Mode = CipherMode.CBC;
ICryptoTransform cryptoTransform = desProvider.CreateEncryptor(this._key, this._iv);
MemoryStream encryptedStream = new MemoryStream();
CryptoStream cryptStream = new CryptoStream(encryptedStream, cryptoTransform, CryptoStreamMode.Write);
cryptStream.Write(input, 0, input.Length);
cryptStream.FlushFinalBlock();
encryptedStream.Position = 0;
byte[] result = new byte[encryptedStream.Length];
encryptedStream.Read(result, 0, (int)encryptedStream.Length);
cryptStream.Close();
return result;
}
/// <summary>
/// Gets the hex representation of the byte array. The length is 2xdata.Length
/// </summary>
public static string ByteArrayToHex(byte[] data)
{
string result = string.Empty;
foreach (byte ascii in data)
{
var n = (int)ascii;
result += n.ToString("X").PadLeft(2, '0');
}
return result;
}
简而言之,如何通过加密dataToEncrypt变量来实现BF327C0CED48F26B?
我真的很想感谢任何帮助。
更新:以下是消息详细信息,以防有任何帮助:
------------------------------------------------------------------------
Data For Encryption
------------------------------------------------------------------------
HEX NORMAL
31 32 30 30 46 36 33 34 38 34 30 31 38 38 45 31 1200F634840188E1
31 30 30 30 30 31 30 30 30 30 30 30 30 30 30 30 1000010000000000
30 30 30 30 16 36 32 38 30 32 33 31 31 31 30 30 000062802311100
30 30 36 34 32 33 31 30 30 30 30 30 30 30 30 30 0064231000000000
30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000
30 30 30 30 31 31 36 30 38 30 38 34 35 33 39 37 0000116080845397
39 38 36 31 32 30 31 31 36 31 31 33 38 34 35 30 9861201161138450
30 30 30 30 31 31 36 36 31 30 35 30 30 36 31 33 0000116610500613
31 37 43 60 36 32 38 30 32 33 60 36 32 38 30 32 17C62802362802
33 35 31 34 32 34 31 34 33 32 35 34 33 30 39 39 3514241432543099
39 39 34 30 32 30 30 30 30 30 39 39 39 39 34 30 9940200000999940
32 20 20 20 70 54 65 6C 42 61 6E 6B 00 00 33 37 2 TelBank 37
36 45 37 31 43 44 45 31 44 38 36 36 33 36 00 00 6E71CDE1D86636
------------------------------------------------------------------------
Message ready to be sent
------------------------------------------------------------------------
HEX NORMAL
30 32 32 34 31 32 30 30 46 36 33 34 38 34 30 31 02241200F6348401
38 38 45 31 31 30 30 30 30 31 30 30 30 30 30 30 88E1100001000000
30 30 30 30 30 30 30 31 16 36 32 38 30 32 33 31 000000016280231
31 31 30 30 30 30 36 34 32 33 31 30 30 30 30 30 1100006423100000
30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000
30 30 30 30 30 30 30 30 31 31 36 30 38 30 38 34 0000000011608084
35 33 39 37 39 38 36 31 32 30 31 31 36 31 31 33 5397986120116113
38 34 35 30 30 30 30 30 31 31 36 36 31 30 35 30 8450000011661050
30 36 31 33 31 37 43 60 36 32 38 30 32 33 60 36 061317C6280236
32 38 30 32 33 35 31 34 32 34 31 34 33 32 35 34 2802351424143254
33 30 39 39 39 39 34 30 32 30 30 30 30 30 39 39 3099994020000099
39 39 34 30 32 20 20 20 70 54 65 6C 42 61 6E 6B 99402 TelBank
00 00 33 37 36 45 37 31 43 44 45 31 44 38 36 36 376E71CDE1D866
33 36 00 00 42 46 33 32 37 43 30 43 45 44 34 38 36 BF327C0CED48
46 32 36 42 00 00 00 00 F26B
------------------------------------------------------------------------
Fields
------------------------------------------------------------------------
[LLVar n ..19 0016] 002 [6280231110000642]
[Fixed n 6 0006] 003 [310000]
[Fixed n 12 0012] 004 [000000000000]
[Fixed n 12 0012] 006 [000000000000]
[Fixed n 10 0010] 007 [0116080845]
[Fixed n 6 0006] 011 [397986]
[Fixed n 12 0012] 012 [120116113845]
[Fixed n 4 0004] 014 [0000]
[Fixed n 4 0004] 017 [0116]
[Fixed an 12 0012] 022 [61050061317C]
[LLVar n ..11 0006] 032 [628023]
[LLVar n ..11 0006] 033 [628023]
[Fixed an 12 0012] 037 [514241432543]
[Fixed an 8 0008] 041 [09999402]
[Fixed ans 15 0015] 042 [000009999402 ]
[LLVar ans ..40 0007] 043 [TelBank]
[LLLVar ans ..999 0000] 048 []
[Fixed an 16 0016] 052 [376E71CDE1D86636]
[LLLVar ans ..999 0000] 072 []
[Fixed an 16 0016] 128 [BF327C0CED48F26B]
更新 2: 好吧,那些白痴忘记在他们的文档中提及字段 128 应该填充 0,然后然后被发送进行加密。通过尝试和错误发现了这一点!
I hope this question will not get closed as not constructive. I've been banging my head to the wall to solve this and still got nowhere. so, this is my last hope:
Question is basically about generating the MAC field of an ISO 8583-Rev 93 message.
I have some dumps of valid messages and I'm trying to generate the correct MAC.
- Encryption Algorithm is
DES,Mode=CBC,IV = new byte[] {0, 0, 0, 0, 0, 0, 0, 0} - Encryption key is:
new byte[] { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 } - Data To encrypt is (the message) (208 bytes long):
new byte[] { 49, 50, 48, 48, 70, 54, 51, 52, 56, 52, 48, 49, 56, 56, 69, 49, 49, 48, 48, 48, 48, 49, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 22, 54, 50, 56, 48, 50, 51, 49, 49, 49, 48, 48, 48, 48, 54, 52, 50, 51, 49, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 49, 49, 54, 48, 56, 48, 56, 52, 53, 51, 57, 55, 57, 56, 54, 49, 50, 48, 49, 49, 54, 49, 49, 51, 56, 52, 53, 48, 48, 48, 48, 48, 49, 49, 54, 54, 49, 48, 53, 48, 48, 54, 49, 51, 49, 55, 67, 6, 54, 50, 56, 48, 50, 51, 6, 54, 50, 56, 48, 50, 51, 53, 49, 52, 50, 52, 49, 52, 51, 50, 53, 52, 51, 48, 57, 57, 57, 57, 52, 48, 50, 48, 48, 48, 48, 48, 57, 57, 57, 57, 52, 48, 50, 32, 32, 32, 7, 84, 101, 108, 66, 97, 110, 107, 0, 0, 51, 55, 54, 69, 55, 49, 67, 68, 69, 49, 68, 56, 54, 54, 51, 54, 0, 0 };- I should encrypt the data and (probably after converting the result to hex) get to the valid
BF327C0CED48F26Bvalue which goes into the message's 128th field.
Here's what I have tried (along many more implementations):
var mac = Encrypt(dataToEncrypt);
// Convert to hex representation.
var hexMac = IsoUtils.ByteArrayToHex(mac);
// No BF327C0CED48F26B is in hexMac! something is probably wrong!
/// <summary>
/// Encrypts the input data. Tried many other ways with the same result.
/// </summary>
public byte[] Encrypt(byte[] input)
{
DESCryptoServiceProvider desProvider = new DESCryptoServiceProvider();
desProvider.Padding = PaddingMode.None;
desProvider.Mode = CipherMode.CBC;
ICryptoTransform cryptoTransform = desProvider.CreateEncryptor(this._key, this._iv);
MemoryStream encryptedStream = new MemoryStream();
CryptoStream cryptStream = new CryptoStream(encryptedStream, cryptoTransform, CryptoStreamMode.Write);
cryptStream.Write(input, 0, input.Length);
cryptStream.FlushFinalBlock();
encryptedStream.Position = 0;
byte[] result = new byte[encryptedStream.Length];
encryptedStream.Read(result, 0, (int)encryptedStream.Length);
cryptStream.Close();
return result;
}
/// <summary>
/// Gets the hex representation of the byte array. The length is 2xdata.Length
/// </summary>
public static string ByteArrayToHex(byte[] data)
{
string result = string.Empty;
foreach (byte ascii in data)
{
var n = (int)ascii;
result += n.ToString("X").PadLeft(2, '0');
}
return result;
}
In short, How can I achieve BF327C0CED48F26B by encrypting dataToEncrypt variable?
I'd really appreciate any help.
UPDATE: Here's the message details in case it could be of any help:
------------------------------------------------------------------------
Data For Encryption
------------------------------------------------------------------------
HEX NORMAL
31 32 30 30 46 36 33 34 38 34 30 31 38 38 45 31 1200F634840188E1
31 30 30 30 30 31 30 30 30 30 30 30 30 30 30 30 1000010000000000
30 30 30 30 16 36 32 38 30 32 33 31 31 31 30 30 000062802311100
30 30 36 34 32 33 31 30 30 30 30 30 30 30 30 30 0064231000000000
30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000
30 30 30 30 31 31 36 30 38 30 38 34 35 33 39 37 0000116080845397
39 38 36 31 32 30 31 31 36 31 31 33 38 34 35 30 9861201161138450
30 30 30 30 31 31 36 36 31 30 35 30 30 36 31 33 0000116610500613
31 37 43 60 36 32 38 30 32 33 60 36 32 38 30 32 17C62802362802
33 35 31 34 32 34 31 34 33 32 35 34 33 30 39 39 3514241432543099
39 39 34 30 32 30 30 30 30 30 39 39 39 39 34 30 9940200000999940
32 20 20 20 70 54 65 6C 42 61 6E 6B 00 00 33 37 2 TelBank 37
36 45 37 31 43 44 45 31 44 38 36 36 33 36 00 00 6E71CDE1D86636
------------------------------------------------------------------------
Message ready to be sent
------------------------------------------------------------------------
HEX NORMAL
30 32 32 34 31 32 30 30 46 36 33 34 38 34 30 31 02241200F6348401
38 38 45 31 31 30 30 30 30 31 30 30 30 30 30 30 88E1100001000000
30 30 30 30 30 30 30 31 16 36 32 38 30 32 33 31 000000016280231
31 31 30 30 30 30 36 34 32 33 31 30 30 30 30 30 1100006423100000
30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000
30 30 30 30 30 30 30 30 31 31 36 30 38 30 38 34 0000000011608084
35 33 39 37 39 38 36 31 32 30 31 31 36 31 31 33 5397986120116113
38 34 35 30 30 30 30 30 31 31 36 36 31 30 35 30 8450000011661050
30 36 31 33 31 37 43 60 36 32 38 30 32 33 60 36 061317C6280236
32 38 30 32 33 35 31 34 32 34 31 34 33 32 35 34 2802351424143254
33 30 39 39 39 39 34 30 32 30 30 30 30 30 39 39 3099994020000099
39 39 34 30 32 20 20 20 70 54 65 6C 42 61 6E 6B 99402 TelBank
00 00 33 37 36 45 37 31 43 44 45 31 44 38 36 36 376E71CDE1D866
33 36 00 00 42 46 33 32 37 43 30 43 45 44 34 38 36 BF327C0CED48
46 32 36 42 00 00 00 00 F26B
------------------------------------------------------------------------
Fields
------------------------------------------------------------------------
[LLVar n ..19 0016] 002 [6280231110000642]
[Fixed n 6 0006] 003 [310000]
[Fixed n 12 0012] 004 [000000000000]
[Fixed n 12 0012] 006 [000000000000]
[Fixed n 10 0010] 007 [0116080845]
[Fixed n 6 0006] 011 [397986]
[Fixed n 12 0012] 012 [120116113845]
[Fixed n 4 0004] 014 [0000]
[Fixed n 4 0004] 017 [0116]
[Fixed an 12 0012] 022 [61050061317C]
[LLVar n ..11 0006] 032 [628023]
[LLVar n ..11 0006] 033 [628023]
[Fixed an 12 0012] 037 [514241432543]
[Fixed an 8 0008] 041 [09999402]
[Fixed ans 15 0015] 042 [000009999402 ]
[LLVar ans ..40 0007] 043 [TelBank]
[LLLVar ans ..999 0000] 048 []
[Fixed an 16 0016] 052 [376E71CDE1D86636]
[LLLVar ans ..999 0000] 072 []
[Fixed an 16 0016] 128 [BF327C0CED48F26B]
Update 2:
Well, those idiots forgot to mention in their documents that field 128 should be filled with 0 and then be sent for encryption. Found this out by try and fault!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
MAC 只是 CBC 加密的最后 8 个字节。
您应该只计算部分消息的 MAC。我不相信 ISO 8583 指定了哪些部分,因此您需要查看银行应该为您提供的规范。
The MAC is only the last 8 bytes of the CBC-encryption.
You should only calculate the MAC over part of the message. I do not believe ISO 8583 specifies which parts, so you will need to look at the specification that you should have been provided by the bank.
CBC Mac,如果这就是他们正在做的事情,通常会做得很长 ||消息在哪里 ||是串联。所以你只需要调用 desEncrypt(length||message,key,cbcmode) 或类似的东西
CBC Mac, if that is what they are doing, is typically done over length || message where || is concatenation. So you simply need to call desEncrypt(length||message,key,cbcmode) or something analogous