如何使用'-nosalt'参数解密AES加密文件 [英] How to decrypt AES encrypted file with '-nosalt' param

问题描述

我刚刚加密。这个问题是我之前的一个问题。我有一个使用OpenSSL util加密的文件：

  openssl aes-256-cbc -in fileIn -out fileOUT -p -k KEY 
  

我正在使用此代码解密它：

  byte [] encrypted = IOUtils.toByteArray（inputStream）; 
 Security.addProvider（new BouncyCastleProvider（））; 
 
 String password =abc; 
 
密码c = Cipher.getInstance（AES / CBC / PKCS5Padding，BC）; 
 
 // Openssl将SALTED__放入
 //文件开头的8字节盐。我们只是把它复制出来。 
 byte [] salt = new byte [8]; 
 System.arraycopy（encrypted，8，salt，0，8）; 
 SecretKeyFactory fact = SecretKeyFactory.getInstance（
PBEWITHMD5AND256BITAES-CBC-OPENSSL，BC）; 
 c.init（Cipher.DECRYPT_MODE，fact.generateSecret（new PBEKeySpec（
 password.toCharArray（），salt，100）））; 
 
 //解密剩下的字节数组（剥离盐后）
 byte [] data = c.doFinal（encrypted，16，encrypted.length  -  16）; 
  

它的工作原理。但这是一个测试用例。真实的情况是我已经使用这些参数加密文件：

openssl aes-256-cbc -nosalt -in fileIn -out fileOUT - p -k KEY

请注意，出现'-nosalt'参数。问题是PBEKeySpec不需要空，而不是空的 salt 和 iterationsCount params。它也有没有这些参数的构造函数，但如果我使用它然后我得到一个错误：

02-11 11：25：06.108：W /System.err(2155）：java.security.InvalidKeyException：PBE要求设置PBE参数。

问题是如何解密这些文件？如何正确处理'-nosalt'参数？

解决方案

使用空 null ，并相应地设置偏移量

  Security.addProvider（new BouncyCastleProvider（））; 
 
 final char [] password =pass.toCharArray（）; 
 final int saltLength = 8; 
 final String saltedPrefix =Salted__; 
 
 String [] files = {file0.txt.enc，file0.txt.enc.nosalt}; 
（String file：files）{
 byte [] encrypted = Files.readAllBytes（Paths.get（testData，openssl，file））; 
 
 byte [] salt = new byte [0]; 
 int offset = 0; 
 if（new String（encrypted，0，saltLength，ASCII）。equals（saltedPrefix））{
 salt = new byte [saltLength]; 
 System.arraycopy（encrypted，saltedPrefix.length（），salt，0，saltLength）; 
 offset = saltedPrefix.length（）+ saltLength; 
} 
 
 SecretKeyFactory keyFactory = SecretKeyFactory.getInstance（PBEWITHMD5AND256BITAES-CBC-OPENSSL，BC）; 
 PBEKeySpec keySpec = new PBEKeySpec（password）; 
 PBEParameterSpec paramSpec = new PBEParameterSpec（salt，0）; 
密码密码= Cipher.getInstance（AES / CBC / PKCS5Padding，BC）; 
 cipher.init（Cipher.DECRYPT_MODE，keyFactory.generateSecret（keySpec），paramSpec）; 
 
 byte [] data = cipher.doFinal（encrypted，offset，encrypted.length- offset）; 
 System.out.println（new String（data））; 
} 
  

I'm new to encryption. This question is subquestion of my previous one. I have a file encrypted with OpenSSL util:

openssl aes-256-cbc -in fileIn -out fileOUT -p -k KEY

I'm using this code to decrypt it:

        byte[] encrypted = IOUtils.toByteArray(inputStream);
        Security.addProvider(new BouncyCastleProvider());

        String password = "abc";

        Cipher c = Cipher.getInstance("AES/CBC/PKCS5Padding", "BC");

        // Openssl puts SALTED__ then the 8 byte salt at the start of the
        // file. We simply copy it out.
        byte[] salt = new byte[8];
        System.arraycopy(encrypted, 8, salt, 0, 8);
        SecretKeyFactory fact = SecretKeyFactory.getInstance(
                "PBEWITHMD5AND256BITAES-CBC-OPENSSL", "BC");
        c.init(Cipher.DECRYPT_MODE, fact.generateSecret(new PBEKeySpec(
                password.toCharArray(), salt, 100)));

        // Decrypt the rest of the byte array (after stripping off the salt)
        byte[] data = c.doFinal(encrypted, 16, encrypted.length - 16);

And it works. But this is a test case. The real situation is that I have file encrypted with these params:

openssl aes-256-cbc -nosalt -in fileIn -out fileOUT -p -k KEY

Notice that '-nosalt' param appeared. The issue is that PBEKeySpec requires not null and not empty salt and iterationsCount params. It also have constructor without these params but if I use it then I get an error:

02-11 11:25:06.108: W/System.err(2155): java.security.InvalidKeyException: PBE requires PBE parameters to be set.

The question is how to decrypt these files? How to handle '-nosalt' param correctly?

解决方案

Use empty salt instead of null and set offset accordingly

Security.addProvider(new BouncyCastleProvider());

final char[] password = "pass".toCharArray();
final int saltLength = 8;
final String saltedPrefix = "Salted__";

String[] files = { "file0.txt.enc", "file0.txt.enc.nosalt" };
for (String file : files) {
    byte[] encrypted = Files.readAllBytes(Paths.get("testData", "openssl", file));

    byte[] salt = new byte[0];
    int offset = 0;
    if (new String(encrypted, 0, saltLength, "ASCII").equals(saltedPrefix)) {
        salt = new byte[saltLength];
        System.arraycopy(encrypted, saltedPrefix.length(), salt, 0, saltLength);
        offset = saltedPrefix.length() + saltLength;
    }

    SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("PBEWITHMD5AND256BITAES-CBC-OPENSSL", "BC");
    PBEKeySpec keySpec = new PBEKeySpec(password);
    PBEParameterSpec paramSpec = new PBEParameterSpec(salt, 0);
    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding", "BC");
    cipher.init(Cipher.DECRYPT_MODE, keyFactory.generateSecret(keySpec), paramSpec);

    byte[] data = cipher.doFinal(encrypted, offset, encrypted.length- offset);
    System.out.println(new String(data));
}

这篇关于如何使用'-nosalt'参数解密AES加密文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！