当前位置: 文江博客 话题详情

使用转到SSH -RSA公共密钥加密消息,然后可以使用openssl rsautl -decrypt解密

发布于 2025-01-23 04:06:14 字数 641 浏览 0 评论 0 原文

我一直在尝试解决这个问题。 In Go code I am looking to take a ssh-rsa public key like:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGnnY4LuLq7Bs7VnFk2Vs6hNTmZLkUBRRhXNFyKZOCvmhKcM7BSHkGS7+phpIzj6mTOsJEBZKHQgac46COOT3ukO/farnnDz78KIq24U/+TZmyAyNNdzOVizK5aAApvpYTQpuSlIDDltLXQkPokedE/5vCIPiwVZW0TfqT/Rdy2XXwKewDQ05xvJhX3+nymZkyJX3GJ+pTfsDkKR+suSLDN3nupThPiWK5A1ZG9bbUkxHbsAXiTKS+qwADIWOtJvfNtPX54JjCo3Gh3/Fy0Ovxn3QSQlCF/IZNbSgm6R6adjaU4kXEF6zsLq+BjDKLtEA3A0tAIBj0T+DuuxpcV3aX

和消息类似: hello-world ,然后用该密钥加密该消息。

然后,私钥将用于使用 openssl rsautl -decrypt -inkey privateKeykeyFile -in encryptedmsgfile 解密密钥

原文

I have been trying to solve this for days. In Go code I am looking to take a ssh-rsa public key like:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGnnY4LuLq7Bs7VnFk2Vs6hNTmZLkUBRRhXNFyKZOCvmhKcM7BSHkGS7+phpIzj6mTOsJEBZKHQgac46COOT3ukO/farnnDz78KIq24U/+TZmyAyNNdzOVizK5aAApvpYTQpuSlIDDltLXQkPokedE/5vCIPiwVZW0TfqT/Rdy2XXwKewDQ05xvJhX3+nymZkyJX3GJ+pTfsDkKR+suSLDN3nupThPiWK5A1ZG9bbUkxHbsAXiTKS+qwADIWOtJvfNtPX54JjCo3Gh3/Fy0Ovxn3QSQlCF/IZNbSgm6R6adjaU4kXEF6zsLq+BjDKLtEA3A0tAIBj0T+DuuxpcV3aX

and message like: hello-world and encrypt that message with that key.

The private key is then going to be used to decrypt the key with openssl rsautl -decrypt -inkey privateKeyFile -in encryptedMsgFile

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

素食主义者 2025-01-30 04:06:14

帖子使用SSH键和Golang 加密数据,尤其是OpenSSH公共密钥的导入, ssh package 被应用。用于加密(使用PKCS#1 V1.5填充) A>使用。

以下示例代码说明了这一点。由于openssl语句从文件中读取密文,因此将密文存储在二进制文件中是最有意义的。但是,为简单起见,在此示例中,密码文本已输出十六进制:

package main

import (
    "crypto/rand"
    "crypto/rsa"
    "encoding/hex"
    "fmt"

    "golang.org/x/crypto/ssh"
)

func main() {

    // Key import
    publicKey := "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8NGcNWf6cUno2lpny36js9ynXCQ6kuJ14yIViuPwty0ZkfhpPdw3zVKWmKV0zS1/QyO6a5d85I9ywvEXHiZr4+fE4JRPxdEIQVGMz7OThs0XgluE4zZrw55ywMt/b6elPC2TkshUHQfDYQuIh1ZBqFOnvUIh8yyGc1L4sLACGY75tpvSE29RZQRmaZaV5YpzIM0SbpFirOqWsjKd3kLMjPqPr9+ISpqOP2tTfOfw9IW8gvRUYa2oRUEyE7Ju4QrwSWmKj9JK9KTeAzRiy5rsSW6issDaxQIYg2BNT8YLrNVm+FWpOVRud6KwohOpk8/YeM0EKEO3vAfGJH6tYT9Zv whatever"
    parsed, _, _, _, err := ssh.ParseAuthorizedKey([]byte(publicKey))
    if err != nil {
        panic(err)
    }
    parsedCryptoKey := parsed.(ssh.CryptoPublicKey)
    pubCrypto := parsedCryptoKey.CryptoPublicKey()
    pub := pubCrypto.(*rsa.PublicKey)

    // Encryption
    msg := "The quick brown fox jumps over the lazy dog"
    encryptedBytes, err := rsa.EncryptPKCS1v15(
        rand.Reader,
        pub,
        []byte(msg),
    )
    if err != nil {
        panic(err)
    }
    fmt.Println(hex.EncodeToString(encryptedBytes))
}

可能的十六进制编码的密文是:

7610da88661fc80b145f3bdd415cb71e73b1ad5100f7b5a9d9c5d27d9e3645d626dd784ccc5cc6c1e44aeec04b0e64072bfe1b58e88feec4b5e6ca63a14c5a23dad1370a303f2f775f4e6f349bab52a3f5883a51ac1f53247a4e05fb9989fc999878ac8f3821da0a079272738145dda7a340b7e4d44d922e563558972444b6f7400a4affffe2a6ee42d400cff51bf3eecc8cd1ffc9ea8c8d04ff6ef0e566d105a4841bcece7b16e2068a321e0c7b4cb964593fcf59795f0a14ec1ac95b941eaa452912bca2e1431992672dcdcc1ea42ff956ef7d21f126a1650c4a306817b4e094ee8c50a01dcc04a7be25e0c01b2ba678be3561774ae859353b5cc98a3b9b11

请注意,此加密不是确定性的,即执行代码时,您将获得不同的ciphertext。

在发布的OpenSSL语句中可以解密:

openssl rsautl -decrypt -inkey privateKeyFile -in encryptedMsgFile

考虑到:

  • EncryptedMsgfile 包含密文的 binary 数据,即 7610da的十六进制解码。 。(如果ciphertext直接作为二进制文件存储如上所述,则 encryptedmsgfile 将与此文件相对应)。

  • privateKeyfile 包含PEM编码的私人PKCS#1或PKCS#8密钥。如果您的密钥处于Openssh的专有格式( -----开始OpenSSH私有密钥-----... ),则必须将其转换为EG PKCS#8格式,例如, ssh_keygen 

      ssh -keygen -p -n“” -m pkcs8 -f data.key

    请注意, data.key 包含OpenSSH键,并用PKCS#8密钥覆盖。对于发布的示例, privateKeyfile 是:

      -----开始私有键------
miievwibadanbgkqhkig9w0baqefaascbkkkkkwggslageaaoibaqcc8ngcnwf6cuno2
lpny36js9ynxcq6kuj14yiviupwty0zkfhppdw3zvkwmkv0zs1/qyo6a5d85i9yw
vexhizr4+fe4jrpxdeiqvgmz7oths0xglue4zzrw55ywmt/b6elpc2tkshuhqfdy
quih1zbqfonvuih8yygc1l4slacgy75TPVSE29RZQRMAZAV5YPZIM0SBPFIROQWS
JKD3KLMJPQPR9+ISPQOP2TTFOFW9IW8GVRUYA2ORUEYEE7JU4QRWSWMKJ9JK9KTEA
Zriy5rssw6issdaxqiyg2bnt8ylrnvm+fwpovrud6kwohopk8/yem0ekeo3vafgj
H6TYT9ZVAGMBAAECGGEBAKP ++ alnuspySDXXAPD86CMLIL9LGIJ46GB+PBSPYR04
UY8IHZ8NW ++ J2/ATBRQSYUKYPCN/KOLE+CJC/GUCSDMAAJLALO5FDQ4EJADM0HYNPP
FL28U6Z2QSOU3V8+ZYJII8+F+XU4/C/KKS0XGTQ+SODVL+WKBDRR+OKHBFERSO3O
Z4SXKSTBRZKUFUZQA8HPI5KKDLOEKHVZR3M0UYXUM6OTQTGW9MZ3U+EABTBWVHEK
3cy6avi+fpkx1wj1j3gycl5kjaxjalvupxg/mhuihbjodwwtsl4qnlruqvn/qyww
G7GQB9DYJK+WCJWG0VQOH2EGEPHAF4BRWMR6DLTSEECGYEA5GENRJQKJMFXOLQM
MA5BV08TEY9C59EF11AYMRX+NGKKDDHNVY2JOKPEA3HUOA0ST4RRYLMMYNBUVXNM
UVQU8PPWRCFA58KTCCOPQO3BVSUB74GVPWOX9MSN0CZW3BRRFPFS72lO3TAG4PNG
ENUFCF1PGQTDFXHQSQCC8ZPJMWBECGYEA0XQBCF8TUEN1UHZPWNG35YPAYRPUSRXD
3PD2BMOCP8B4DHS1KU2VJWU0NISI7S8EUBGXPRJWG3C5CLQWFXWHUC // ARRB2QGL
tr1xvtnu6qjganh7jcf+tsrlwx6qc35ingodzgs8szemnzxeovmi7u4r7lmqe9q1
SX6DKZP/GH8CGYB0BZWMYTMDLB/GDSSM0QHN/K8CPID8QFGCUXWTVXGT3FT3FTF3DUXT
91GP7MMMSJCJLUHFKZDQ1NZ3NYYZFDFKEL3NYYZFKEL3OVDB+2MGOCEGB3/2TVQVFEM7KO9TA
IAOGHM7NI9S67WNRYNFQTTSYIR5JCYQEXHZM9QQ2C1HAC1+KYL+TXVLJCQKBGQC7
G0+GEQ9DT6DFXD3IBKZMFS7XTZANDXY6XR57GDK1M+NDVN4ZDAKYU5GHJASGQXZ
ttgdlmcl8abmy9si73odnmncf6d6r659szey9pfy45/hsim0bvyyscezwjkwlg51
GCT1FWG9LQTV6IKZLSSWZRSKQZZRSKQZZGN0TVDZTD7PC7OQKBGQDGTGTJ2GVZN4GWFCAQI6
ZS4ZBNXWWUQ0ZT9Y2NZVS3QWV8F2URYPNZV8DDBVDZ9DQNZCACA8BVEALQFUOPKI4P
5WPD3+TW6ECWTNZWNZ+TJXLXXELMQBEHM52RUB9WM+QZRBHIJAYEUVENZJ9IRC14
idi76vfujesxc/qjzhfxkfds3a ==
-----结束私钥-------------------

Encryption with SSH keys is described in detail in the post Encrypting Data With SSH Keys and Golang, in particular the import of the OpenSSH public key, for which the ssh package is applied. For encryption (with PKCS#1 v1.5 padding) the rsa package is used.

The following sample code illustrates this. Since the OpenSSL statement reads the ciphertext from a file, it makes most sense for the ciphertext to be stored in a binary file. For simplicity, however, in this example the cipher text is output hex encoded:

package main

import (
    "crypto/rand"
    "crypto/rsa"
    "encoding/hex"
    "fmt"

    "golang.org/x/crypto/ssh"
)

func main() {

    // Key import
    publicKey := "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8NGcNWf6cUno2lpny36js9ynXCQ6kuJ14yIViuPwty0ZkfhpPdw3zVKWmKV0zS1/QyO6a5d85I9ywvEXHiZr4+fE4JRPxdEIQVGMz7OThs0XgluE4zZrw55ywMt/b6elPC2TkshUHQfDYQuIh1ZBqFOnvUIh8yyGc1L4sLACGY75tpvSE29RZQRmaZaV5YpzIM0SbpFirOqWsjKd3kLMjPqPr9+ISpqOP2tTfOfw9IW8gvRUYa2oRUEyE7Ju4QrwSWmKj9JK9KTeAzRiy5rsSW6issDaxQIYg2BNT8YLrNVm+FWpOVRud6KwohOpk8/YeM0EKEO3vAfGJH6tYT9Zv whatever"
    parsed, _, _, _, err := ssh.ParseAuthorizedKey([]byte(publicKey))
    if err != nil {
        panic(err)
    }
    parsedCryptoKey := parsed.(ssh.CryptoPublicKey)
    pubCrypto := parsedCryptoKey.CryptoPublicKey()
    pub := pubCrypto.(*rsa.PublicKey)

    // Encryption
    msg := "The quick brown fox jumps over the lazy dog"
    encryptedBytes, err := rsa.EncryptPKCS1v15(
        rand.Reader,
        pub,
        []byte(msg),
    )
    if err != nil {
        panic(err)
    }
    fmt.Println(hex.EncodeToString(encryptedBytes))
}

A possible hex encoded ciphertext is:

7610da88661fc80b145f3bdd415cb71e73b1ad5100f7b5a9d9c5d27d9e3645d626dd784ccc5cc6c1e44aeec04b0e64072bfe1b58e88feec4b5e6ca63a14c5a23dad1370a303f2f775f4e6f349bab52a3f5883a51ac1f53247a4e05fb9989fc999878ac8f3821da0a079272738145dda7a340b7e4d44d922e563558972444b6f7400a4affffe2a6ee42d400cff51bf3eecc8cd1ffc9ea8c8d04ff6ef0e566d105a4841bcece7b16e2068a321e0c7b4cb964593fcf59795f0a14ec1ac95b941eaa452912bca2e1431992672dcdcc1ea42ff956ef7d21f126a1650c4a306817b4e094ee8c50a01dcc04a7be25e0c01b2ba678be3561774ae859353b5cc98a3b9b11

Note that this encryption is not deterministic, i.e. when you execute the code, you will get a different ciphertext.

Decryption is possible with the posted OpenSSL statement:

openssl rsautl -decrypt -inkey privateKeyFile -in encryptedMsgFile

taking into account:

  • encryptedMsgFile contains the binary data of the ciphertext, i.e. the hex decoding of 7610da... (if the ciphertext is stored directly as a binary file as mentioned above, encryptedMsgFile would correspond to this file).

  • privateKeyFile contains the PEM encoded private PKCS#1 or PKCS#8 key. If your key is in OpenSSH's proprietary format (-----BEGIN OPENSSH PRIVATE KEY-----...), it must be converted to e.g. PKCS#8 format, e.g. with ssh_keygen:

    ssh-keygen -p -N "" -m pkcs8 -f data.key

    Note that data.key contains the OpenSSH key and is overwritten with the PKCS#8 key. For the posted example, privateKeyFile is:

    -----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC8NGcNWf6cUno2
lpny36js9ynXCQ6kuJ14yIViuPwty0ZkfhpPdw3zVKWmKV0zS1/QyO6a5d85I9yw
vEXHiZr4+fE4JRPxdEIQVGMz7OThs0XgluE4zZrw55ywMt/b6elPC2TkshUHQfDY
QuIh1ZBqFOnvUIh8yyGc1L4sLACGY75tpvSE29RZQRmaZaV5YpzIM0SbpFirOqWs
jKd3kLMjPqPr9+ISpqOP2tTfOfw9IW8gvRUYa2oRUEyE7Ju4QrwSWmKj9JK9KTeA
zRiy5rsSW6issDaxQIYg2BNT8YLrNVm+FWpOVRud6KwohOpk8/YeM0EKEO3vAfGJ
H6tYT9ZvAgMBAAECggEBAKP++alNuSpYSDxXAPD86cMLIL9LGiJ46Gb+PBSpYr04
uy8IHz8NW++j2/AtbRQsYuKYpCn/koLE+CJc/GUCSDMaAJLO5FDq4EJAdm0hyNPP
Fl28u6Z2qsOu3v8+ZYjIi8+f+xu4/c/kKs0Xgtq+sOdvL+WkBDrR+okhbFErSo3O
z4SXkSTbRzKuFuZQA8HPi5kkDloEKhvZr3M0UyxUm6OtQTgW9mz3u+eabtBWVHEk
3CY6AVi+FpKX1wj1j3gYCl5kjAxJALVuPXg/MhuiHBJODWWtsl4qnlrUqVn/qYwW
G7GQb9dYjJK+WCjwG0VqoH2egEphaF4BrWMr6DLtseECgYEA5geNRjqKjmfxOlqm
mA5BV08tey9C59Ef11aYmrx+ngkKDdHNvY2JOkpEA3huoa0sT4rRylmmYNBUVxnM
UVqU8ppwRCfa58KTccopQO3BvSub74GvpwOX9MSn0CzW3brrFPfs72Lo3TAG4png
ENufcF1PGqTDFXhQsQC8ZPJmWbECgYEA0XQBcF8tuEN1UHzPwnG35YPayRPusrxd
3PD2BmOcp8B4DHS1KU2vJwu0nisi7S8eUbGxpRjwg3c5clQWFxWHuc//aRRb2QGl
TR1XvtnU6qjGAnH7jcF+tsRlWx6Qc35InGodzgS8SzemNzXEOVmI7U4r7LmQe9Q1
SX6dKzp/Gh8CgYB0bzwmYTmDLb/gDsSm0Qhn/k8CPID8QFGCuXWTVXgt3Ft3dUxT
91GP7MmSjCJLuhFkzdq1Nz3NYYZfdFKEl3ovdtb+2MGocEgb3/2TvQVFEM7ko9ta
iaogHm7nI9s67wNRYNFQttsyIr5JcyQExHZm9QQ2c1HAC1+kyL+TxVLjcQKBgQC7
g0+Geq9Dt6DfXd3iBkzMfS7xtZaNDXY6xr57GdK1m+ndvN4zDAkyu5gHwjaSgQxz
ttGDLMCl8abMY9si73ODNmNCf6d6r659Szey9PFY45/hsIm0bvYyScEzwjkwLG51
Gct1FWg9LqTv6IKzlSSwzrskQzzGn0TVdzTd7pC7oQKBgQDGTj2gvzn4gwFcAQI6
Zs4zbnXWwuQ0zt9y2Nzvs3Qwv8F2uryPnzv8DdbvdZ9dqnZCa8BvEALqfuOpKi4P
5wpd3+Tw6eCwtNZwNZ+TJXLxXelmQBehM52RUb9wM+QzRBhIJayEuveNzJ9Irc14
IDI76VfujESxC/qjZHFXkfdS3A==
-----END PRIVATE KEY-----
回复 原文
~没有更多了~

关于作者

穿透光

暂无简介

文章
评论
27 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

饮湿

文章 0 评论 0

明月

文章 0 评论 0

02

文章 0 评论 0

hs1283

文章 0 评论 0

风向决定发型

文章 0 评论 0

落花浅忆

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文