OpenSSL的/ libcrypto AES 128编码使用KEY [英] Openssl/libcrypto AES 128 encoding using the KEY

问题描述

我使用加密AES-128-ECB一定的字符串，然后将结果保存在一个文件例如test.enc
下面是我的方法，做加密：

I am encrypting a certain string using AES-128-ECB and then save the result in a file e.g test.enc Here is my method that does the encryption:

int do_crypt(char *outfile) {
unsigned char outbuf[1024];
int outlen, tmplen;
unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
char intext[] = "Some Text";
EVP_CIPHER_CTX ctx;
FILE *out;
EVP_CIPHER_CTX_init(&ctx);

EVP_EncryptInit_ex(&ctx, EVP_aes_128_ecb(), NULL, key, NULL);
if(!EVP_EncryptUpdate(&ctx, outbuf, &outlen, intext, strlen(intext))) {
    /* Error */
    return 0;
}
/* Buffer passed to EVP_EncryptFinal() must be after data just
 * encrypted to avoid overwriting it.
 */
if(!EVP_EncryptFinal_ex(&ctx, outbuf + outlen, &tmplen))
{
    /* Error */
    return 0;
}
outlen += tmplen;
EVP_CIPHER_CTX_cleanup(&ctx);
/* Need binary mode for fopen because encrypted data is
 * binary data. Also cannot use strlen() on it because
 * it wont be null terminated and may contain embedded
 * nulls.
 */
out = fopen(outfile, "wb");
fwrite(outbuf, 1, outlen, out);
fclose(out);
return 1;

}

正如你可以看到最关键的是实际的密码，以德code中的加密文件下列命令行中执行：

As you can see the key is the actual password and in order to decode the encrypted file following command line should be executed:

openssl aes-128-ecb -in test.enc -K 000102030405060708090A0B0C0D0E0F -d

000102030405060708090A0B0C0D0E0F是一个密码六角重新presentation我在code以上0123456789191112131415.使用按我的理解，密码可以使用MD5算法来加密。

"000102030405060708090A0B0C0D0E0F" is a password hex representation I use in the code above 0123456789191112131415. As I understand the password can be encrypted as well using MD5 algorithm.

现在的问题是如何将数据从使用口令导出实际密钥，而不是使用密码加密本身libcrypto？

The question is how to encrypt data using actual KEY derived from password and not the password itself using libcrypto?

推荐答案

看看 EVP_BytesToKey 。

我在旧的应用程序的意见告诉我，BytesToKey是过时的，你也许应该考虑寻找PKCS5_v2_PBE_keyivgen或相似。但实际上，这样做的一个高度简化的方式是你派生密钥从您的密码哈希和适当的盐值：

My comments in an old app tell me that BytesToKey is out of date and you should perhaps consider looking at PKCS5_v2_PBE_keyivgen or similar. But essentially, a highly simplified way of doing it is you derive your Key as a hash from your password and a suitable salt value:

EVP_DigestInit_ex(...)
EVP_DigestUpdate(...Password...)
EVP_DigestUpdate(...Salt...)
EVP_DigestFinal_ex(...)

然后使用新生成的密钥通过向派生IV：

then you use the newly generated Key to derive your IV by:

EVP_DigestInit_ex(...)
EVP_DigestUpdate(...Key...)
EVP_DigestUpdate(...Password...)
EVP_DigestUpdate(...Salt...)
EVP_DigestFinal_ex(...)

OpenSSL的源$ C ​​$ C的浏览是用于查找这样的东西最有用的。

A browse of the OpenSSL source code is most useful for looking up stuff like this.

免责声明：我不是一个C程序员（有问题的应用程序是德尔福使用OpenSSL的DLL），也不是一个安全专家因此采取这些建议为起点，阅读，正确的文档，并尽可能使用正确的功能!!

Disclaimer: I'm not a C programmer (the app in question was Delphi using OpenSSL DLLs) nor a security expert so take these suggestions as a starting point, read the proper docs and use proper functions where possible!!...

这篇关于OpenSSL的/ libcrypto AES 128编码使用KEY的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！