RC4 不能与 openssl 命令一起正常工作? [英] RC4 doesn't work correctly with openssl command?
问题描述
我需要使用 RC4 对执行结果进行编码.在执行 bash 脚本之前,我正在测试如何加密数据.
我正在使用下一个命令:
echo -ne "test" |openssl rc4 -k test -nosalt -e -nopad |xxd输出是:
0000000: bdb1 7f03 ....现在,如果我尝试对这个在线 RC4 编码器做同样的事情 http://www.fyneworks.com/encryption/rc4-encryption/index.asp 输出为:DA EA 54 65
不同的输出,相同的数据和相同的密钥??数据:测试"键:测试"
我还检查了一个我用 C 编写的小程序,输出与在线编码器相同......所以,问题是,我在命令 openssl 上做错了什么??
谢谢!
RC4 具有可变长度的密钥,OpenSSL 的 enc 实用程序强制您选择密钥大小.您正在测试的这些其他实现没有此类限制,因此您的密钥不匹配.
enc 实用程序的文档描述了允许的密钥大小密码:
rc4 128 位 RC4rc4-64 64 位 RC4rc4-40 40 位 RC4因此 RC4 仅适用于 128 位(16 字节)密钥.此外,-k 选项意味着从给定的密码中派生出一个密钥.它使用 EVP_BytesToKey 函数在内部执行此操作,该函数实现了密钥派生函数 (KDF).
总之,长话短说,您的 RC4 实现没有使用相同的密钥.使用 -p 选项让 OpenSSL 打印它正在使用的实际密钥:
$ echo -ne "test" |openssl rc4 -k 测试 -nosalt -e -nopad -p密钥=098F6BCD4621D373CADE4E832627B4F6此外,由于它需要 16 字节的密钥,因此即使您使用 -K(大写 K)选项指定了一个短密钥,它也会对较短的密钥进行零填充.您可以使用 xxd 再次查找test"和 -p 的 ascii 十六进制值以查看 OpenSSL 的密钥:
$ echo -ne "test" |xxd0000000: 7465 7374 测试$ echo -ne "测试" |openssl rc4 -K 74657374 -nosalt -e -nopad -p密钥=74657374000000000000000000000000因此,您必须匹配密钥长度并使用 -K 选项指定十六进制值密钥,您将看到 RC4 实现是等效的.例如,这里我使用 RC-40 将密钥长度限制为 5 个字节,并使用 5 个字节的密钥测试",或 74 65 73 74 73.
$ echo -ne "test" |openssl rc4-40 -K 7465737473 -nosalt -e -nopad |xxd0000000:dd9b 5cb9您会发现在给定关键测试"时,您的网络实现获得了相同的结果.
I need to encode the result of a execution with RC4. Before to do the bash script, I'm testing how to crypt the data.
I'm using the next command:
echo -ne "test" | openssl rc4 -k test -nosalt -e -nopad | xxd
And the output is:
0000000: bdb1 7f03 ....
now, If I try to do the same with this online RC4 encoder http://www.fyneworks.com/encryption/rc4-encryption/index.asp the output is: DA EA 54 65
Different output, with the same data and same key?? Data: "test" key: "test"
Also I checked with a small program that I have coded in C, and the output is the same that the online encoder... so, the question is, what I'm doing wrong with the command openssl??
Thanks!
RC4 has variable-length keys, and OpenSSL's enc utility forces you to pick a key size. These other implementations you're testing against make no such restriction, so your keys don't match.
The documentation for the enc utility describes the allowed key sizes for the cipher:
rc4 128 bit RC4
rc4-64 64 bit RC4
rc4-40 40 bit RC4
So RC4 works only on a 128-bit (16-byte) key. Also, the -k option means to derive a key from the given passphrase. It does this internally using the EVP_BytesToKey function, which implements a Key Derivation Function (KDF).
Anyway, long story short, your RC4 implementations aren't using the same key. Use the -p option to have OpenSSL print the actual key it is using:
$ echo -ne "test" | openssl rc4 -k test -nosalt -e -nopad -p
key=098F6BCD4621D373CADE4E832627B4F6
Further, since it's expecting 16-byte keys, it'll zero-pad shorter keys even if you specify a short key with the -K (uppercase K) option. You can use xxd to find the ascii hex values of "test" and -p again to see OpenSSL's key:
$ echo -ne "test" | xxd
0000000: 7465 7374 test
$ echo -ne "test" | openssl rc4 -K 74657374 -nosalt -e -nopad -p
key=74657374000000000000000000000000
So you must match key lengths and specify a hex-value key with the -K option and you'll see the RC4 implementations are equivalent. E.g., here I use RC-40 to restrict the key length to 5 bytes and use the 5-byte key "tests", or 74 65 73 74 73.
$ echo -ne "test" | openssl rc4-40 -K 7465737473 -nosalt -e -nopad | xxd
0000000: dd9b 5cb9
You'll find that your web implementation gets the same result when given the key "tests".
这篇关于RC4 不能与 openssl 命令一起正常工作?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
