openssl-使用密钥和IV解密base64字符串 [英] openssl- decrypting a base64 string with a key and IV

问题描述

我正在尝试解密已在openssl中用aes256加密的base64字符串.为我提供了会话密钥和IV，这些密钥已用我的密钥加密了.我将它们转换为十六进制，以便可以使用以下openssl命令:

I'm trying to decrypt a base64 string which has been encrypted with aes256 in openssl. I was given the session key and IV, which were encrypted with my key. I converted them to hexadecimal so that I can use the following openssl command:

openssl enc -d -aes256 -iv iv.hex -K sessionkey.hex -in message.b64 -out message.txt

我得到一个错误，说IV是非十六进制值.我从base64中的IV和会话密钥开始，该密钥已用我的密钥加密.所以我做了以下事情:

I get the error saying the IV is a non-hex value. I started out with IV and session key in base64, which was encrypted with my key. So I did the following:

//将base64转换为二进制

//convert base64 to binary

openssl base64 -d -in iv.b64 -out iv.bin
openssl base64 -d -in sessionkey.b64 -out sessionkey.bin

//使用我的私钥解密

openssl rsautl -decrypt -inkey mykey.pem -in sessionkey.bin -out sessionkey_out.bin
openssl rsautl -decrypt -inkey mykey.pem -in iv.bin -out iv_out.bin

//使用以下C代码转换为十六进制:

//convert to hex using the following C code:

main()
{
 int c;
        while ((c=getchar())!=EOF)
                printf("%02X",c);
}

//使用十六进制IV和密钥对消息进行解密

//use the hex IV and key to decrypt the message

openssl enc -d -aes256 -iv iv.hex -K sessionkey.hex -in message.b64 -out message.txt

我在最后一步得到错误，说IV不是十六进制的.有什么想法吗?

I get the error at the last step, saying the IV is non-hex. Any ideas?

推荐答案

问题是您正在为IV和密钥指定文件，而openssl期望在命令行中以十六进制形式提供这些值.

The problem is that you are specifying files for your IV and key while openssl expects the values to be provided as hex on the command line.

例如，我尝试解密M3U8流(HLS)，并且密钥16字节文件包含我在运行时无法通过键盘输入的不可打印字符(省略-K将从键盘获取密钥) ).

For example, I was attempting to decrypt an M3U8 stream (HLS) and the key 16 byte file contained non-printable characters that I couldn't input via the keyboard at run time (omitting -K takes the key from the keyboard).

-rw-r--r--@ 1 Mufasa  staff       16 Apr 17 10:45 sequence146094144.key
-rw-r--r--  1 Mufasa  staff  3272528 Apr 17 10:48 sequence146094161.ts

因此我将密钥文件转换为十六进制:

So I converted the key file to hex:

hexdump -e '16/1 "%02x" "\n"' sequence146094144.key 
8d2aeccbefb0955ec9a75f2f051faa6e

并且我的IV已经以十六进制形式提供了，所以我只删除了0x:

And my IV was provided in hex already, so I just removed the 0x:

IV=0x00000000000000000000000008B53851

此命令成功解密了.ts文件:

Resulting with this command that successfully decrypted the .ts file:

openssl aes-128-cbc -d -in sequence146094161.ts -out output.ts -iv 00000000000000000000000008B53851 -K 8d2aeccbefb0955ec9a75f2f051faa6e

使用ffprobe检查输出:

Checking the output with ffprobe:

ffprobe output.ts 
ffprobe version 2.8.git Copyright (c) 2007-2016 the FFmpeg developers
  built with Apple LLVM version 7.0.2 (clang-700.1.81)

...

Input #0, mpegts, from 'output.ts':
  Duration: 00:00:10.04, start: 8414.107644, bitrate: 2607 kb/s
  Program 1 
    Stream #0:0[0x1e1]: Video: h264 (Main) ([27][0][0][0] / 0x001B), yuv420p, 960x540 [SAR 1:1 DAR 16:9], Closed Captions, 29.97 fps, 29.97 tbr, 90k tbn, 59.94 tbc
    Stream #0:1[0x1e2](und): Audio: aac (HE-AAC) ([15][0][0][0] / 0x000F), 44100 Hz, stereo, fltp, 60 kb/s
    Stream #0:2[0x100]: Unknown: none ([134][0][0][0] / 0x0086)

我的文件在VLC中播放.在您的情况下，如果生成的iv.bin文件是纯文本十六进制字符串，请直接在命令行上使用十六进制值，而无需进行进一步转换.如果除了十六进制外，似乎还没有其他内容，可以直接从文件将其转换为HEX.您生成的sessionkey.bin文件采用相同的逻辑.

And my file played in VLC. In your case, if the iv.bin file you generated is a plain text hex string, use the hex value on the command line as is without further conversion. If it appears to be anything else but hex convert it to HEX direct from the file. Same logic goes the sessionkey.bin file you generated.

这篇关于openssl-使用密钥和IV解密base64字符串的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！