OpenSSL字符串解密问题 [英] OpenSSL string decryption issue

问题描述

我会尽量简洁.

我希望能够加密&使用我以前做过的OpenSSL解密简单的字符串.

I want to be able to encrypt & decrypt simple strings using OpenSSL, which I have done before.

但是，必须满足以下条件:

HOWEVER, the following conditions must be met:

• 使用简单的密码短语(无键)
• 没有输入/输出文件
• 没有提示输入密码短语(通过命令行选项指定任一方向)

我在那里50％.我可以通过以下方式成功执行加密:

I'm 50% there. I can successfully perform ENCRYPTION via:

echo 'someTextIWantToEncrypt' | openssl enc -e -aes-256-cbc -nosalt -pass pass:mySecretPass

输出结果是:

(??b}n??v???>??G??.?B??~?

好的，太好了.现在，我想对该字符串进行解密.因此，我这样做:

OK, great. Now I want to DECRYPT that string. So I do:

echo -n '(??b}n??v???>??G??.?B??~?' | openssl enc -d -aes-256-cbc -pass pass:mySecretPass

或什至可以替代:

openssl enc -d -aes-256-cbc -pass pass:mySecretPass <<< '(??b}n??v???>??G??.?B??~?'

但是我得到这个答复:

bad magic number

尽管我不想使用输入/输出文件，但是该方法可以100％起作用:

Though I don't want to use input/output files, that method DOES work 100%:

# encrypt to file
echo -n 'someTextIWantToEncrypt' | openssl enc -e -nosalt -out test.txt -aes-256-cbc -pass pass:mySecretPass 

# decrypt from file
openssl enc -d -nosalt -in test.txt -aes-256-cbc -pass pass:mySecretPass

# result of decryption (is successful):
someTextIWantToEncrypt

那么...我该如何使用输入/输出文件不来实现上述解密过程?我觉得我很近，但是缺少一些小细节.

So ... how can I achieve the above decryption process without using input/output files whatsoever? I feel I am close, but missing some small detail.

谢谢.

推荐答案

问题是加密使用了整个ASCII字符集，包括不可打印的字符.如果要剪切和粘贴加密的数据，则需要将其转换为仅可打印的字符.您可以使用-base64(或-a)选项进行此操作:

The problem is that encryption uses the entire ASCII character set, including unprintable characters. If you want to be able to cut and paste the encrypted data, you need to convert it to only printable characters. You can do this with the -base64 (or -a) option:

echo 'someTextIWantToEncrypt' | \
  openssl enc -base64 -e -aes-256-cbc -nosalt -pass pass:mySecretPass

KPkBkGJ9bs4YHvh24xz7m9jTlYWm1LcIFcWR0DwY4PU=

然后以相同的方式对其进行解密:

Then decrypt it the same way:

echo "KPkBkGJ9bs4YHvh24xz7m9jTlYWm1LcIFcWR0DwY4PU=" | \
  openssl enc -base64 -d -aes-256-cbc -nosalt -pass pass:mySecretPass

警告:如果您使用的是openssl，我只能假定数据的机密性，因此密码对您很重要.如果是这种情况，您应该从不在命令行上提供密码，因为任何有权限运行ps的人都可以使用该密码.

WARNING: If you're using openssl, I can only assume the confidentiality of the data, and therefore the password, is important to you. If that's the case, you should never supply a password on the command line, because it can be exposed to anyone with the privilege to run ps.

更好的解决方案是将密码存储在环境变量中，并让openssl从那里读取密码:

A better solution is to store the password in an environment variable and have openssl read it from there:

export passwd="mySecretPass"
echo "KPkBkGJ9bs4YHvh24xz7m9jTlYWm1LcIFcWR0DwY4PU=" | \
  openssl enc -base64 -d -aes-256-cbc -nosalt -pass env:passwd

这篇关于OpenSSL字符串解密问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！