用于加密私钥的JCEKS PBE的算法是什么? [英] What is the algorithm for the JCEKS PBE used to encrypt the private key?
问题描述
我可以找到PBEWithMD5AndTripleDES的描述,但是
此评论据称解释了导出:
/ **
*此类实现了基于密码的专有加密算法。
*它基于PKCS#5
*标准定义的基于密码的加密,但使用三重DES而不是DES。
*
*这是算法的工作原理:
*
* 1.创建随机盐并将其分成两半。如果这两半是
*相同,则反转其中之一。
* 2.将密码与每一半连接。
* 3.用c次迭代对每个级联进行摘要,其中c是
* iterationCount。使用
*密码将每个摘要循环的输出连接起来,并将结果作为下一个摘要操作的输入。
*摘要算法是MD5。
* 4.在c次迭代后,使用以下2个生成的摘要:
*第一个摘要的16个字节和第二个摘要的第一个8个字节
*形成三重DES密钥,第二个摘要的最后8个字节形成
* IV。
*
* @author Jan Luehe
* @see javax.crypto.Cipher
* /
但是,这是第一个连接,密码+半盐,还是的盐+密码?是以下回合的输入 password + digest ,或者是 digest + password 。
在8位字符或完整的16位字符之间,以及可能的并置组合,您会认为通过反复尝试,我应该已经完成了。
我知道盐和迭代和密码,甚至明文密文应该解密(即我有解密的数据)。
派生一个24字节的DES3密钥,无论是修复奇偶还是单独存在,还有一个8字节IV,在DES3 CBC模式下解密,我无法重新创建我的明文。
该评论描述的算法是什么?
谢谢erikson 1回覆评论这个答案另一个问题,和Ebbe M. Pedersen。最后,我应该尝试不同的组合,但不知何故错过了答案。
对于有兴趣的人,一旦打开JKS并找到条目,加密的PKCS#8显示了JCEKS算法1.3.6.1.4.1.42.2.19.1以及盐和迭代计数参数,并使用这些和您的8位/ char密码,可以解密密文以找到内部,未加密的PKCS# 8保存你的私钥。
def jce_pbkdf1(password,salt,iterations)
salts = [copy = salt] dup,copy.slice!((copy.length / 2)..- 1)]
octets = salts.map {| half | (迭代).times.inject(half){| digest | OpenSSL :: Digest.digest('md5',digest + password)}} .join
返回八位字节[0..23],八位字节[24 ..- 1] //键(奇偶校验未设置)和IV
end
I want to decrypt the private key in a Java JCEKS Keystore, and I do not want to use Java.
I can find a description of the PBEWithMD5AndTripleDES, but not the actual implementation.
This comment purportedly explains the derivation:
/**
* This class implements a proprietary password-based encryption algorithm.
* It is based on password-based encryption as defined by the PKCS #5
* standard, except that is uses triple DES instead of DES.
*
* Here's how this algorithm works:
*
* 1. Create random salt and split it in two halves. If the two halves are
* identical, invert one of them.
* 2. Concatenate password with each of the halves.
* 3. Digest each concatenation with c iterations, where c is the
* iterationCount. Concatenate the output from each digest round with the
* password, and use the result as the input to the next digest operation.
* The digest algorithm is MD5.
* 4. After c iterations, use the 2 resulting digests as follows:
* The 16 bytes of the first digest and the 1st 8 bytes of the 2nd digest
* form the triple DES key, and the last 8 bytes of the 2nd digest form the
* IV.
*
* @author Jan Luehe
* @see javax.crypto.Cipher
*/
But, is that first concatenation, password + half-of-salt, or is it half-of-salt + password? Is the input of the following rounds password + digest, or is it digest + password.
Between 8-bit chars, or full 16-bit chars, and the possible combinations of concatenation, you would think that by trial and error I should have worked it out by now.
I know the salt, and the iterations, and the password, and even the plaintext that the ciphertext should decrypt to (i.e. I have the decrypted data).
Deriving a 24-byte DES3 key, whether fixing parity or leaving it alone, and an 8-byte IV, decrypting in DES3 CBC mode, I cannot recreate my plaintext.
What is the algorithm that this comment describes?
Thank you to erikson 1 who replied to a comment on this answer to another question, and to Ebbe M. Pedersen. In the end, I should have tripped over the answer in trying the different combinations but somehow missed it.
For those interested, once you open up the JKS and find the entry, the encrypted PKCS#8 shows the JCEKS algorithm 1.3.6.1.4.1.42.2.19.1 along with salt and iteration count parameters and with those and your 8-bit/char password you can decrypt the ciphertext to find the inner, unencrypted PKCS#8 holding your private key.
def jce_pbkdf1(password, salt, iterations)
salts = [copy = salt.dup, copy.slice!((copy.length / 2)..-1)]
octets = salts.map { |half| (iterations).times.inject(half) { |digest| OpenSSL::Digest.digest('md5', digest + password) } }.join
return octets[0..23], octets[24..-1] // key (parity not set) and IV
end
这篇关于用于加密私钥的JCEKS PBE的算法是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
