使用openssl命令行工具解密数据 [英] Decrypting data with openssl commandline tool

问题描述

我必须遵循以下代码，据我所知它是正确的，但是它不起作用.我正在尝试使用PHP的Mcrpyt编码数据，然后使用openssl命令行工具对其进行解码.

I have to following code and as far as I know it is correct, but it does not work. I am trying to encode data with PHP's Mcrpyt and then decode it with the openssl commandline tool.

这是我的PHP代码:

/*
 * Convert a normal ascii string to a hexadecimal string.
 * Complement of hexToString().
*/
function stringToHex($str)
{
    $hex_str = "";
    for ($i = 0; $i < strlen($str); ++$i)
    {
        $hex_str .= sprintf("%02X", ord($str[$i]));
    }

    return $hex_str;
}


    $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC), MCRYPT_DEV_RANDOM);

    $block_size = mcrypt_get_block_size("rijndael-128", "cbc");
    $pad = $block_size - (strlen($data) % $block_size);
    $data .= str_repeat(chr($pad), $pad);

    $encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, "1234567812345678", $data, MCRYPT_MODE_CBC, $iv);

    $message = stringToHex($iv) . base64_encode($encrypted);

我将IV附加到编码的消息中.假设IV为00000000000000000000000000000000(大小为32)，那么我使用以下命令进行解密:

I append the IV to the encoded message. Say for example the IV is 00000000000000000000000000000000 (size is 32), then I use the following command for decryption:

openssl enc -d -aes-128-cbc -A -nosalt -K 31323334353637383132333435363738 -iv 00000000000000000000000000000000 -in file_in > file_out

还请注意，1234567812345678是十六进制是31323334353637383383132333435363738.但是我不断收到相同的错误消息:

Also note that 1234567812345678 is hex is 31323334353637383132333435363738. But I keep getting the same error message:

错误解密 1340:错误:0606506D:数字信封程序:EVP_DecryptFinal_ex:错误的最终块长度:./crypto/evp/evp_enc.c:454:

bad decrypt 1340:error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length:./crypto/evp/evp_enc.c:454:

有人吗?

预先感谢， 全部的爱， 乔里.

Thanks in advance, all love, Jori.

推荐答案

好吧，我测试了您的代码，并进行了一些更改.

Well, I tested your code and it worked with a couple of changes.

1)openssl的输入应仅包含密文，而不包括前置的IV(因为您的代码不完整，所以我不确定在使用openssl处理它之前是否确实从密文中删除了IV).

1) Input for openssl should include only the ciphertext, not the prepended IV (as your code was incomplete I was not sure if you indeed stripped the IV from the ciphertext before processing it with openssl).

2)您的openssl命令缺少实际执行Base64解码所需的参数(-a)(仅使用-A不会启用此功能).同样，由于您的描述不完整，因此我不确定在将消息存储在file_in中之前是否确实对消息进行了Base64解码.

2) Your openssl command was missing a parameter (-a), required to actually do the Base64 decoding (just using -A won't enable this). Again, as your description was incomplete I was not sure if you indeed Base64-decoded the message before storing it in file_in.

为了完整起见，这是我用来测试您的代码的代码(我从命令行运行它，而不是使用Web服务器).

Just to be complete, this is the code I used to test your code (I run it from the command line, not using the web server).

<?php

$data = "
This is a test. This is only a test.
Stack Overflow is collaboratively built and maintained
by your fellow programmers.
";
$keybin = "1234567812345678";


//$iv = mcrypt_create_iv (mcrypt_get_iv_size (MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC), MCRYPT_DEV_RANDOM);
$iv = mcrypt_create_iv (mcrypt_get_iv_size (MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC), MCRYPT_RAND);
$block_size = mcrypt_get_block_size ("rijndael-128", "cbc");
$pad = $block_size - (strlen ($data) % $block_size);
$data .= str_repeat (chr ($pad), $pad);
$encrypted = mcrypt_encrypt (MCRYPT_RIJNDAEL_128, $keybin, $data, MCRYPT_MODE_CBC, $iv);
$message = base64_encode ($encrypted);

echo "CIPHERTEXT=  " . $message . "\n";
echo "IV=  " . bin2hex ($iv) . "\n";
echo "KEY=  " . bin2hex ($keybin) . "\n";

echo "\nTest with:\n\necho $message | openssl enc -d -aes-128-cbc -nosalt -a -A -K " . bin2hex ($keybin) . " -iv " . bin2hex ($iv) . "\n\n";

?>

其他小的区别是我使用了PHP的bin2hex.

Other minor differences was I used PHP's bin2hex.

它将产生如下输出:

CIPHERTEXT=  /e81Ua/0jxgff3j5GjKXaNilv5WqPYV7yRYy4AzsTUmGQeK0hcMjuUYp1Yrfthaox9zTI0DeDQT4fba+y/qTQahZpYRAKcZa209RVg4W1HrySfZPMRCxE+y8r8scL3Xmj+oMGFpS+cDo111OPqwHhNwWSHbMlsoJLvMr70ZiQmE=
IV=  56c7c7248c68127cee8f0e54d89b4fc1
KEY=  31323334353637383132333435363738

Test with:

echo /e81Ua/0jxgff3j5GjKXaNilv5WqPYV7yRYy4AzsTUmGQeK0hcMjuUYp1Yrfthaox9zTI0DeDQT4fba+y/qTQahZpYRAKcZa209RVg4W1HrySfZPMRCxE+y8r8scL3Xmj+oMGFpS+cDo111OPqwHhNwWSHbMlsoJLvMr70ZiQmE= | openssl enc -d -aes-128-cbc -nosalt -a -A -K 31323334353637383132333435363738 -iv 56c7c7248c68127cee8f0e54d89b4fc1

您遇到的错误(解密错误，数字信封例程EVP_DecryptFinal_ex)通常表示密钥错误或密文损坏.我认为在您的示例中，问题是由前置IV和/或缺少Base64解码引起的密文损坏.

The error you had (bad decrypt, digital envelope routines EVP_DecryptFinal_ex) usually means a wrong key or a corrupted ciphertext. I think in your example the problem was a corrupted ciphertext, caused by the prepended IV and/or lack of Base64 decoding.

这篇关于使用openssl命令行工具解密数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！