RC4无法与openssl命令一起正常工作? [英] RC4 doesn't work correctly with openssl command?
问题描述
我需要使用RC4对执行结果进行编码.在执行bash脚本之前,我正在测试如何加密数据.
我正在使用下一条命令:
echo -ne "test" | openssl rc4 -k test -nosalt -e -nopad | xxd
输出为:
0000000: bdb1 7f03 ....
现在,如果我尝试使用此在线RC4编码器 http: //www.fyneworks.com/encryption/rc4-encryption/index.asp 输出为:DA EA 54 65
不同的输出,具有相同的数据和相同的键?数据:测试"键:测试"
我还检查了一个用C编写的小程序,其输出与在线编码器相同...所以,问题是,我在用openssl命令做错了什么??
谢谢!
RC4具有可变长度的密钥,而OpenSSL的enc实用程序会强制您选择密钥大小.您要测试的其他实现没有这种限制,因此您的密钥不匹配.
enc实用程序的文档描述了密码允许的密钥大小:
rc4 128 bit RC4
rc4-64 64 bit RC4
rc4-40 40 bit RC4
因此RC4仅适用于128位(16字节)密钥.同样,-k选项意味着从给定的密码短语中派生密钥.它使用 EVP_BytesToKey 函数在内部完成此功能,该函数实现了密钥派生功能(KDF).
总之,总之,您的RC4实现没有使用相同的密钥.使用-p选项使OpenSSL打印它正在使用的实际密钥:
$ echo -ne "test" | openssl rc4 -k test -nosalt -e -nopad -p
key=098F6BCD4621D373CADE4E832627B4F6
此外,由于期望使用16个字节的键,因此即使您使用-K(大写K)选项指定了短键,它也会将短键归零.您可以使用xxd查找"test"的ascii十六进制值,并再次使用-p查找OpenSSL的密钥:
$ echo -ne "test" | xxd
0000000: 7465 7374 test
$ echo -ne "test" | openssl rc4 -K 74657374 -nosalt -e -nopad -p
key=74657374000000000000000000000000
因此,您必须匹配键长度,并使用-K选项指定一个十六进制值键,您将看到RC4实现是等效的.例如,在这里我使用RC-40将密钥长度限制为5个字节,并使用5个字节的密钥测试"或74 65 73 74 73.
$ echo -ne "test" | openssl rc4-40 -K 7465737473 -nosalt -e -nopad | xxd
0000000: dd9b 5cb9
您会发现,在给定键测试"的情况下,您的Web实施会获得相同的结果.
I need to encode the result of a execution with RC4. Before to do the bash script, I'm testing how to crypt the data.
I'm using the next command:
echo -ne "test" | openssl rc4 -k test -nosalt -e -nopad | xxd
And the output is:
0000000: bdb1 7f03 ....
now, If I try to do the same with this online RC4 encoder http://www.fyneworks.com/encryption/rc4-encryption/index.asp the output is: DA EA 54 65
Different output, with the same data and same key?? Data: "test" key: "test"
Also I checked with a small program that I have coded in C, and the output is the same that the online encoder... so, the question is, what I'm doing wrong with the command openssl??
Thanks!
RC4 has variable-length keys, and OpenSSL's enc utility forces you to pick a key size. These other implementations you're testing against make no such restriction, so your keys don't match.
The documentation for the enc utility describes the allowed key sizes for the cipher:
rc4 128 bit RC4
rc4-64 64 bit RC4
rc4-40 40 bit RC4
So RC4 works only on a 128-bit (16-byte) key. Also, the -k option means to derive a key from the given passphrase. It does this internally using the EVP_BytesToKey function, which implements a Key Derivation Function (KDF).
Anyway, long story short, your RC4 implementations aren't using the same key. Use the -p option to have OpenSSL print the actual key it is using:
$ echo -ne "test" | openssl rc4 -k test -nosalt -e -nopad -p
key=098F6BCD4621D373CADE4E832627B4F6
Further, since it's expecting 16-byte keys, it'll zero-pad shorter keys even if you specify a short key with the -K (uppercase K) option. You can use xxd to find the ascii hex values of "test" and -p again to see OpenSSL's key:
$ echo -ne "test" | xxd
0000000: 7465 7374 test
$ echo -ne "test" | openssl rc4 -K 74657374 -nosalt -e -nopad -p
key=74657374000000000000000000000000
So you must match key lengths and specify a hex-value key with the -K option and you'll see the RC4 implementations are equivalent. E.g., here I use RC-40 to restrict the key length to 5 bytes and use the 5-byte key "tests", or 74 65 73 74 73.
$ echo -ne "test" | openssl rc4-40 -K 7465737473 -nosalt -e -nopad | xxd
0000000: dd9b 5cb9
You'll find that your web implementation gets the same result when given the key "tests".
这篇关于RC4无法与openssl命令一起正常工作?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
