Node.js中的AES加密,以匹配Python中的预期解密 [英] AES encryption in Node.js to match expected decryption in Python
本文介绍了Node.js中的AES加密,以匹配Python中的预期解密的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我有以下Python脚本进行解密:
从Crypto.Cipher导入AES
shared_secret = raw_input('Enter crypted_shared_secret:').strip()
cipher = AES.new(shared_secret.decode('base64'),AES.MODE_ECB)
blob = raw_input('
$ / code > 我正在尝试生成使用该脚本生成原始 blob 的值,使用Node。这是我的尝试:
const Crypto = require('crypto');
var shared_secret = Crypto.randomBytes(32);
var cipher = Crypto.createCipher('aes-256-ecb',shared_secret);
crypted_blob = cipher.update(blob,'utf8','base64')+ cipher.final('base64');
我只能修改Node.js脚本,但我不知道它出错了。
解决方案
您需要将之后的共享密钥编码为Base64才能用于加密:
var shared_secret = Crypto.randomBytes(32);
var cipher = Crypto.createCipheriv('aes-256-ecb',shared_secret,);
crypted_blob = cipher.update(blob,'utf8','base64')+ cipher.final('base64');
//发送`shared_secret.toString('base64')`
其他问题: / p>
-
crypto.createCipher假定共享密码是密码而不是密钥,为什么它会使用不好的密钥导出(OpenSSL兼容)。 - Node.js的加密模块自动应用PKCS#7填充(与PKCS#5填充相同),但PyCrypto不不要自己使用任何填充。因此,您需要在Python中使用相同的unpadding,或者您可以使用
Cipher.setAutoPadding(false);禁用node.js中的填充,但是您必须提供明文这是块大小(AES的16个字节)的倍数。
安全注意事项:
- 切勿使用 ECB模式 。它是确定性的,因此不是语义上的安全。至少应该使用 CBC 或CTR 。最好验证你的密文,以免像填充oracle攻击这样的攻击是不可能的。这可以通过认证模式(如GCM或EAX)完成,也可以使用加密 - 然后MAC 方案来完成。 li>
I have the following Python script for decryption:
from Crypto.Cipher import AES
shared_secret = raw_input('Enter crypted_shared_secret: ').strip()
cipher = AES.new(shared_secret.decode('base64'), AES.MODE_ECB)
blob = raw_input('Enter crypted_blob: ').strip()
plain = cipher.decrypt(blob.decode('base64'))
print(plain)
I'm trying to generate the values that would produce the original blob using that script, using Node. Here is my attempt:
const Crypto = require('crypto');
var shared_secret = Crypto.randomBytes(32);
var cipher = Crypto.createCipher('aes-256-ecb', shared_secret);
crypted_blob = cipher.update(blob, 'utf8', 'base64') + cipher.final('base64');
I can only modify the Node.js script, but I'm not sure where it's going wrong.
解决方案
You need to encode the shared secret key to Base64 only after you use it for encryption:
var shared_secret = Crypto.randomBytes(32);
var cipher = Crypto.createCipheriv('aes-256-ecb', shared_secret, "");
crypted_blob = cipher.update(blob, 'utf8', 'base64') + cipher.final('base64');
// send `shared_secret.toString('base64')`
Other problems:
crypto.createCipherassumes the shared secret is a password and not a key, which is why it will use a bad key derivation (OpenSSL-compatible).- Node.js' crypto module automatically applies PKCS#7 padding (same as PKCS#5 padding), but PyCrypto doesn't apply any padding on its own. So you either need to use the same unpadding in Python or you can disable padding in node.js with
Cipher.setAutoPadding(false);, but then you will have to provide plaintexts that are a multiple of the block size (16 byte for AES).
Security considerations:
- Never use ECB mode. It's deterministic and therefore not semantically secure. You should at the very least use a randomized mode like CBC or CTR. It is better to authenticate your ciphertexts so that attacks like a padding oracle attack are not possible. This can be done with authenticated modes like GCM or EAX, or with an encrypt-then-MAC scheme.
这篇关于Node.js中的AES加密,以匹配Python中的预期解密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
