Blowfish在Java / Scala中加密,并以bash解密 [英] Blowfish encrypt in Java/Scala and decrypt in bash
问题描述
但是,首先,我必须成功编码同一封邮件两种语言并使它们相等:
给定密码0123456789abcdef
(hex:30313233343536373839616263646566和byte []:[48,49,50,51 ,52,53,54,55,56,57,97,98,99,100,101,102])
阶> import javax.crypto.Cipher/ pre>
scala> import javax.crypto.spec.SecretKeySpec
scala> val cipher = Cipher.getInstance(Blowfish)
scala> cipher.init(Cipher.ENCRYPT_MODE,new SecretKeySpec(0123456789abcdef.getBytes(utf-8),Blowfish))
scala> javax.xml.bind.DatatypeConverter.printBase64Binary(cipher.doFinal(message.getBytes(utf-8)))
res7:String = K679Jz06jmc =
但是,我无法使用bash中的
openssl重现相同的内容。$ echomessage| openssl enc -a -e -lowfish -nosalt -nopad -k0123456789abcdef
LJ3iFJ2 / mYk =
$ echomessage| openssl enc -a -e -lowfish -nosalt -nopad -k30313233343536373839616263646566
JkkJgYv3fQg =
任何提示?
谢谢!解决方案标记OpenSSL(从任何shell或没有shell运行相同)会更准确
OpenSSL
enc默认情况下,基于密码的加密,关键(加IV)派生类似(但不完全)PBKDF1。要使用键加密,而不是密码,您需要使用带有十六进制的UPPERCASE-K,您需要指定至少部分-iv;另一方面-nosalt是无用的。
另外,
echo命令向其回显的数据添加换行符,消息NL的加密与messag e的加密完全不同。某些操作系统和shell,取决于您正在使用的echo是内置还是外部的,有办法省略换行符,但它们并不完全相同。 OTOH所有POSIX系统支持printf,所以:$ printf%s消息| openssl enc-lowfish -K 30313233343536373839616263646566 -iv 00 -a
K679Jz06jmc =
编辑:Artjom是正确的; Java / Scala(可能)默认为ECB,这是一个坏主意;您应该指定
/ CBC或/ CTR和填充。不像aventurin,我看不到理由,你应该强迫自己进入/ NoPadding的夹克; Java/ PKCS5Padding与OpenSSL的默认值兼容。对于CBC或CTR,您需要明确设置IV(第三个参数为Cipher.init)以获得确定性结果 - 您必须设置IV, em>或检索默认随机的,以产生人们通常想要的可解密结果。 OpenSSLenc -blowfish默认为CBC,但更明确地说明-bf-cbc或-BF-CTR。或-bf-ecb如果您真的想要ECB,以上是不推荐的。I'm trying to build a tool to decrypt content in bash encrypted in a scala application:
But first, I've to succeed encoding the same message in both languages and make them equal:
Given the passphrase "0123456789abcdef"
(hex: "30313233343536373839616263646566" and byte[]:[48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 97, 98, 99, 100, 101, 102])scala> import javax.crypto.Cipher scala> import javax.crypto.spec.SecretKeySpec scala> val cipher = Cipher.getInstance("Blowfish") scala> cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec("0123456789abcdef".getBytes("utf-8"), "Blowfish")) scala> javax.xml.bind.DatatypeConverter.printBase64Binary(cipher.doFinal("message".getBytes("utf-8"))) res7: String = K679Jz06jmc=But I can't reproduce the same with
opensslin bash.$ echo "message" | openssl enc -a -e -blowfish -nosalt -nopad -k "0123456789abcdef" LJ3iFJ2/mYk= $ echo "message" | openssl enc -a -e -blowfish -nosalt -nopad -k "30313233343536373839616263646566" JkkJgYv3fQg=Any hint? Thanks!
解决方案It would be more accurate to tag OpenSSL, which runs the same from any shell or no shell at all.
OpenSSL
encby default does password-based encryption, with a key (plus IV) derivation similar to (but not exactly) PBKDF1. To encrypt with a key, not password, you need to use UPPERCASE-Kwith hex, and you need to specify at least part of-iv; on the other hand-nosaltis useless.Also the
echocommand adds a newline to the data it echoes, and encryption of 'm e s s a g e NL' is entirely different from encryption of 'm e s s a g e'. Some OSes and shells, depending on whether theechoyou are using is builtin or external, have ways to omit the newline, but they aren't all the same. OTOH all POSIX systems supportprintf, so:$ printf %s message | openssl enc -blowfish -K 30313233343536373839616263646566 -iv 00 -a K679Jz06jmc=EDIT: Artjom is correct; Java/Scala (probably) defaults to ECB, which is a Bad Idea; you should specify
/CBCor/CTRand padding. Unlike aventurin I see no reason you should force yourself into the straightjacket of/NoPadding; Java/PKCS5Paddingis compatible with OpenSSL's default. For CBC or CTR you need to explicitly set the IV (with the third argument toCipher.init) to get a deterministic result -- and you must either set the IV, or retrieve the default random one, to produce a decryptable result, which people usually want. OpenSSLenc -blowfishdefaults to CBC, but it's clearer to explicitly state-bf-cbcor-bf-ctr. Or-bf-ecbif you really want ECB, which as above is Unrecommended.这篇关于Blowfish在Java / Scala中加密,并以bash解密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
