openssl-使用密钥和IV解密base64字符串 [英] openssl- decrypting a base64 string with a key and IV
问题描述
我正在尝试解密已在openssl中用aes256加密的base64字符串.为我提供了会话密钥和IV,这些密钥已用我的密钥加密了.我将它们转换为十六进制,以便可以使用以下openssl命令:
I'm trying to decrypt a base64 string which has been encrypted with aes256 in openssl. I was given the session key and IV, which were encrypted with my key. I converted them to hexadecimal so that I can use the following openssl command:
openssl enc -d -aes256 -iv iv.hex -K sessionkey.hex -in message.b64 -out message.txt
我得到一个错误,说IV是非十六进制值.我从base64中的IV和会话密钥开始,该密钥已用我的密钥加密.所以我做了以下事情:
I get the error saying the IV is a non-hex value. I started out with IV and session key in base64, which was encrypted with my key. So I did the following:
//将base64转换为二进制
//convert base64 to binary
openssl base64 -d -in iv.b64 -out iv.bin
openssl base64 -d -in sessionkey.b64 -out sessionkey.bin
//使用我的私钥解密
openssl rsautl -decrypt -inkey mykey.pem -in sessionkey.bin -out sessionkey_out.bin
openssl rsautl -decrypt -inkey mykey.pem -in iv.bin -out iv_out.bin
//使用以下C代码转换为十六进制:
//convert to hex using the following C code:
main()
{
int c;
while ((c=getchar())!=EOF)
printf("%02X",c);
}
//使用十六进制IV和密钥对消息进行解密
//use the hex IV and key to decrypt the message
openssl enc -d -aes256 -iv iv.hex -K sessionkey.hex -in message.b64 -out message.txt
我在最后一步得到错误,说IV不是十六进制的.有什么想法吗?
I get the error at the last step, saying the IV is non-hex. Any ideas?
推荐答案
问题是您正在为IV和密钥指定文件,而openssl期望在命令行中以十六进制形式提供这些值.
The problem is that you are specifying files for your IV and key while openssl expects the values to be provided as hex on the command line.
例如,我尝试解密M3U8流(HLS),并且密钥16字节文件包含我在运行时无法通过键盘输入的不可打印字符(省略-K将从键盘获取密钥) ).
For example, I was attempting to decrypt an M3U8 stream (HLS) and the key 16 byte file contained non-printable characters that I couldn't input via the keyboard at run time (omitting -K takes the key from the keyboard).
-rw-r--r--@ 1 Mufasa staff 16 Apr 17 10:45 sequence146094144.key
-rw-r--r-- 1 Mufasa staff 3272528 Apr 17 10:48 sequence146094161.ts
因此我将密钥文件转换为十六进制:
So I converted the key file to hex:
hexdump -e '16/1 "%02x" "\n"' sequence146094144.key
8d2aeccbefb0955ec9a75f2f051faa6e
并且我的IV已经以十六进制形式提供了,所以我只删除了0x
:
And my IV was provided in hex already, so I just removed the 0x
:
IV=0x00000000000000000000000008B53851
此命令成功解密了.ts文件:
Resulting with this command that successfully decrypted the .ts file:
openssl aes-128-cbc -d -in sequence146094161.ts -out output.ts -iv 00000000000000000000000008B53851 -K 8d2aeccbefb0955ec9a75f2f051faa6e
使用ffprobe检查输出:
Checking the output with ffprobe:
ffprobe output.ts
ffprobe version 2.8.git Copyright (c) 2007-2016 the FFmpeg developers
built with Apple LLVM version 7.0.2 (clang-700.1.81)
...
Input #0, mpegts, from 'output.ts':
Duration: 00:00:10.04, start: 8414.107644, bitrate: 2607 kb/s
Program 1
Stream #0:0[0x1e1]: Video: h264 (Main) ([27][0][0][0] / 0x001B), yuv420p, 960x540 [SAR 1:1 DAR 16:9], Closed Captions, 29.97 fps, 29.97 tbr, 90k tbn, 59.94 tbc
Stream #0:1[0x1e2](und): Audio: aac (HE-AAC) ([15][0][0][0] / 0x000F), 44100 Hz, stereo, fltp, 60 kb/s
Stream #0:2[0x100]: Unknown: none ([134][0][0][0] / 0x0086)
我的文件在VLC中播放.在您的情况下,如果生成的iv.bin
文件是纯文本十六进制字符串,请直接在命令行上使用十六进制值,而无需进行进一步转换.如果除了十六进制外,似乎还没有其他内容,可以直接从文件将其转换为HEX.您生成的sessionkey.bin
文件采用相同的逻辑.
And my file played in VLC. In your case, if the iv.bin
file you generated is a plain text hex string, use the hex value on the command line as is without further conversion. If it appears to be anything else but hex convert it to HEX direct from the file. Same logic goes the sessionkey.bin
file you generated.
这篇关于openssl-使用密钥和IV解密base64字符串的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!