如何将SecByteBlock转换为字符串? [英] How to convert SecByteBlock to string?
问题描述
尝试将 SecByteBlock 转换为字符串时遇到问题。
这是我的情况:
I'm having a problem trying to convert SecByteBlock to string.
Here's my case:
我想使用带有静态密钥和动态iv的AES加密用户访问数据。
我的代码是这样的:
I want to encrypt user access data using AES with static key and dynamic iv. My code is something like this:
AesKeyIvFactory aesKeyIvFactory;
SecByteBlock key = aesKeyIvFactory.loadKey();
SecByteBlock iv = aesKeyIvFactory.createIv();
encryptionService->encode(&userAccess, key, iv);
std::string token = std::string(iv.begin(), iv.end()) + userAccess;
上面的代码应该是:
-
从文件中加载密钥;
Load key from file;
创建iv;
加密(AES)用户访问数据;
Encrypt (AES) user access data;
将iv与加密的用户数据访问连接起来以创建令牌;
Concatenate the iv with the user data access encrypted to create a "token";
多次运行测试,有时(1至10次) std :: string(iv .begin(),iv.end())无法正常工作。 iv中似乎有一个换行符,使转换失败。
Running a test several times, sometimes (1 to 10 times) the std::string(iv.begin(), iv.end()) doesn't work correctly. It seems like there is a "line break" in the iv that makes the conversion fail.
我尝试了很多事情,但是没有任何效果,而且我没有
I tried a lot of things, but nothing works and I don't have experience with c++.
我希望有人能帮助我。
推荐答案
我认为Eric回答了您有关如何将 SecByteBlock 转换为 std :: string 的主要问题(包括 char * 和 byte * 之间的显式转换)。但是,您可以按照以下方式处理 std :: string令牌= std :: string(iv.begin(),iv.end())+ userAccess; 问题。
I think Eric answered your primary question on how to convert the SecByteBlock to a std::string (including the explicit conversions between char* and byte*). But here's how you might approach std::string token = std::string(iv.begin(), iv.end()) + userAccess; issue.
string token;
SecByteBlock iv(16), userAccess(16);
OS_GenerateRandomBlock(false, iv, iv.size());
OS_GenerateRandomBlock(false, userAccess, userAccess.size());
SecByteBlock nil;
nil.CleanNew(HMAC<SHA256>::DEFAULT_KEYLENGTH);
HMAC<SHA256> hmac;
hmac.SetKey(nil.data(), nil.size());
HashFilter filter(hmac, new HexEncoder(new StringSink(token)));
filter.Put(iv.data(), iv.size());
filter.Put(userAccess.data(), userAccess.size());
filter.MessageEnd();
cout << token << endl;
SecByteBlock nil 创建一个没有内存或大小。 nil.CleanNew(HMAC< SHA256> :: DEFAULT_KEYLENGTH)大小并将 SecByteBlock 初始化为0。否则,您有一个未初始化的内存块。
The SecByteBlock nil creates an object with no memory or size. The nil.CleanNew(HMAC<SHA256>::DEFAULT_KEYLENGTH) sizes and initializes the SecByteBlock to 0. Otherwise, you have an uninitialized block of memory.
可以声明它并使用0初始化的数组来调整大小,但是您必须熟悉源代码,因为它没有Dryptogen-docimented自Crypto ++ 5.6.2起。这种方式是使用 NULL 指针,但大小不为0。这是它的样子,但是非常不直观:
It is possible to declare it and size it with a 0-inialized array, but you have to be familiar with the sources because its no Doxygen-docimented as of Crypto++ 5.6.2. That way is to use a NULL pointer, but a non-0 size. Here's what it would look like, but its very non-intuitive:
SecByteBlock nil(NULL, HMAC<SHA256>::DEFAULT_KEYLENGTH);
诀窍取决于此 SecBlock< T> 构造函数:
The trick relies on this SecBlock<T> constructor:
00250 SecBlock(const T *t, size_type len)
00251 : m_size(len)
00252 {
00253 m_ptr = m_alloc.allocate(len, NULL);
00254 if (t == NULL)
00255 memset_z(m_ptr, 0, len*sizeof(T));
00256 else
00257 memcpy(m_ptr, t, len*sizeof(T));
00258 }
如果可能,您应该使用 HKDF 而不是 HKDF类 。
If possible, you should use HKDF instead of the HMAC<SHA> with a nil vector to extract the entropy from the security parameters. You can find the HKDF in the repo at the HKDF class. Its a stand alone header, so it will "just work".
带有随机值的程序的典型运行 iv 和 userAccess 是:
A typical run of the program with random values for iv and userAccess is:
$ ./cryptopp-test.exe
061CF705259058C4E01A2BF22830FC3F2A7E97F12FE605B38405B1E1B19A9E0F
b
另一种处理方法可能是基于 SecByteBlock 的运算符+ = 。结果是二进制字符串,而不是人类可读的ASCII字符串。
Another way to approach it could be concatenation based on SecByteBlock's operator +=. The result is a binary string, and not a human readable ASCII string.
SecByteBlock result;
result += iv;
result += SecByteBlock(userAccess.data(), userAccess.size());
string token(result.data(), result.size());
如果您需要人类可读的字符串,请通过 HexEncoder :
If you need a human readable string, then run it through a HexEncoder:
HexEncoder hex(new StringSink(token));
hex.Put(result.data(), result.size());
hex.MessageEnd();
但是它不会从参数中提取熵,所以我个人不太喜欢它。
But it does not extract the entropy from the parameters, so I personally like it less.
从 SecByteBlock 移到 std :: string ,实际上会丢失安全分配器。这意味着将数据输出到 string 对象后,副本中的数据不会归零。
When you move from a SecByteBlock to a std::string, you effectively lose your secure allocator. That means the data in the copies will not be zeroized after egressing data to the string object.
HexEncoder 是一项方便的项目,它允许您转储二进制字符串。
The HexEncoder is a convenience item, and it allows you to dump the binary string.
另一个有用的选项可能是 Base64URLEncoder 。它使用网络安全字母。
Another useful one might be the Base64URLEncoder. It uses the web safe alphabet.
这篇关于如何将SecByteBlock转换为字符串?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
