如何从OpenSSL加密数据获得初始化向量(iv) [英] How do I get the initialization vector (iv) from OpenSSL encrypted data

查看:1259
本文介绍了如何从OpenSSL加密数据获得初始化向量(iv)的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

免责声明:新的密码学。

Disclaimer: New to cryptography.

我有一个外部进程使用OpenSSL来加密数据,现在,使用盐。

I have an external process that uses OpenSSL to encrypt data, which right now, uses a salt.

一个iPhone应用程序从服务器获取数据,将其下载到应用程序的文档目录,并需要解密。 iPhone操作系统不包括OpenSSL库。你可以自己建立,但它是困难和棘手。我发现,最简单的解决方案,由于Stackoverflow的帮助,是使用 CommonCrypto / CommonCryptor.h 这是安全框架的一部分。

An iPhone app grabs that data from a server, downloads it to the app's documents directory, and needs to decrypt it. The iPhone OS does not include the OpenSSL library. You can build it yourself, but it's difficult and tricky. The "easiest" solution I've found, thanks to Stackoverflow's help, is to use CommonCrypto/CommonCryptor.h which is part of the Security Framework.

但是用于解密数据的C函数需要iv才能正确解密。

But the C function to decrypt data needs an iv to correctly decrypt.

有没有办法从加密的数据导出iv(对我来说,似乎它会否定额外的安全性)?或者我需要,首先,指定iv不知何故,让iPhone应用程序知道它是什么?或者,只是不使用盐?

Is there a way to derive the iv from the encrypted data (which, to me, seems like it would negate the extra security)? Or do I need to, first, specify the iv somehow and let the iPhone app know what it is? Or, just don't use a salt?

Edit1:为了说明,我使用OpenSSL加密数据文件中的文本。使用OpenSSL的脚本加密文本,上传到 Dropbox ,然后应用从Dropbox下载该文件,对其进行解析,并尝试解密文本。

To clarify, I'm using OpenSSL to encrypt text in a data file. A script using OpenSSL encrypts the text, uploads to Dropbox, then the app downloads the file from Dropbox, parses it, and attempts to decrypt the text.

Edit2:是的,我使用了带有 -pass 选项的OpenSSL命令行实用程序。

Yes, I'm using the OpenSSL command line utility with the -pass option.

推荐答案

应对您加密的每封邮件随机选择IV。我假设你正在使用OpenSSL命令行实用程序 openssl enc ,但不清楚是否使用基于密码的加密( -pass -salt 选项)或明确指定键( -K -IV 选项)。

The IV should be chosen randomly for each message you encrypt. I assume you are using the OpenSSL command line utility, openssl enc, but it's not clear whether you are using password-based encryption (the -pass and -salt options) or specifying the key explicitly (the -K and -IV options).

为了获得最佳安全性,我建议您使用-K选项, IV为每个消息。发送IV和密文。例如,您可以在一个文件中将密文附加到IV,然后在准备解密时从文件的开头剥离IV。

For the best security, I recommend that you use the -K option, and randomly generate a new IV for each message. Send the IV along with the ciphertext. For example, you could append the ciphertext to the IV in one file, and then strip the IV from the beginning of the file when you are ready to decrypt.

IV可以是公开的;你不必隐藏它。重要的是,你对每个消息使用不可预测的IV。

The IV can be public; you don't have to hide it. The important thing is that you use an unpredictable IV for each message.

这篇关于如何从OpenSSL加密数据获得初始化向量(iv)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆