OpenSSL加密无法解密C# [英] OpenSSL encryption failing to decrypt C#
问题描述
我一直在努力解密通过SSL在Unix机器上加密的某些数据,我不断收到填充错误,并且不确定我丢失了什么.
I have been struggling with decrypting some data that is being encrypted on a Unix machine via SSL, I keep getting padding errors, and am unsure what it is that I am missing.
加密文件是一个简单的文本文件,只显示"Hello World".
The encrypted file is a simple text file just saying "Hello World".
unix中使用的加密命令为:
The encryption command used in unix is:
openssl enc -base64 -aes-256-cbc -k 12345678901234567890123456789012 -in test.txt -out cbc64.txt
我有2种解密方法:
private static CipherMode sCipherMode = CipherMode.CBC;
private static PaddingMode sPaddingMode = PaddingMode.PKCS7;
private const int HigKeyLen = 32;
private const int HigKeySiz = 256;
public static string decrypt(string text, //the text to be decrypt
int cipherindex// the strength of the original encryption
)
{
byte[] plainText = null;
try
{
string tempText = Regex.Replace(text, @"\n", "");
//get the cipher strength--from cipherindex
CipherKey Key = CipherKey.getCipherKey(cipherindex);
//build and init the Decryptor
RijndaelManaged rijndaelCipher = new RijndaelManaged();
rijndaelCipher.Mode = sCipherMode;
rijndaelCipher.Padding = sPaddingMode;
rijndaelCipher.KeySize = Key.Size;
rijndaelCipher.BlockSize = Key.Size;
byte[] encryptedData = Convert.FromBase64String(tempText);
byte[] pwdBytes = System.Text.Encoding.UTF8.GetBytes(pass);
byte[] keyBytes = new byte[Key.Len];
int len = pwdBytes.Length;
if (len > keyBytes.Length)
{
len = keyBytes.Length;
}
Array.Copy(pwdBytes, keyBytes, len);
rijndaelCipher.Key = keyBytes;
rijndaelCipher.IV = keyBytes;
ICryptoTransform transform = rijndaelCipher.CreateDecryptor();
plainText = transform.TransformFinalBlock(encryptedData, 0, encryptedData.Length);
}
catch (Exception e)
{
// test code, do nothing
}
return System.Text.Encoding.UTF8.GetString(plainText);
}
这将返回以下错误:填充无效,无法删除.
This returns the following error: Padding is invalid and cannot be removed.
第二种方法:
public static string Decryptor(string TextToDecrypt)
{
byte[] EncryptedBytes = Convert.FromBase64String(Regex.Replace(TextToDecrypt, @"\n", ""));
//Setup the AES provider for decrypting.
AesCryptoServiceProvider aesProvider = new AesCryptoServiceProvider();
//aesProvider.Key = System.Text.Encoding.ASCII.GetBytes(strKey);
//aesProvider.IV = System.Text.Encoding.ASCII.GetBytes(strIV);
aesProvider.BlockSize = 128;
aesProvider.KeySize = 256;
//My key and iv that i have used in openssl
aesProvider.Key = System.Text.Encoding.UTF8.GetBytes(pass);
aesProvider.IV = System.Text.Encoding.UTF8.GetBytes(pass);
aesProvider.Padding = PaddingMode.PKCS7;
aesProvider.Mode = CipherMode.CBC;
ICryptoTransform cryptoTransform = aesProvider.CreateDecryptor(aesProvider.Key, aesProvider.IV);
byte[] DecryptedBytes = cryptoTransform.TransformFinalBlock(EncryptedBytes, 0, EncryptedBytes.Length);
return System.Text.Encoding.ASCII.GetString(DecryptedBytes);
}
第二种方法由于密码的长度不适合块大小而出现问题.
The second method gives an issue due to the password not being the right length for the blocksize.
我做错了什么?
推荐答案
您的openssl命令错误,我认为应该是:
openssl enc -base64 -aes-256-cbc -k 12345678901234567890123456789012 -in test.txt -out cbc64.txt
You openssl command is wrong, I assume it should be:
openssl enc -base64 -aes-256-cbc -k 12345678901234567890123456789012 -in test.txt -out cbc64.txt
阅读代码,我发现您做出了一些错误的假设:
reading your code I see you made a few wrong assumptions:
- 您正在使用密码作为密钥和IV(您从哪里得到的?) 密码不是关键
- 您已假定输出为纯密文
- You are using the password as a key and as IV (where did you get that?) Password is not key
- you've assumed the output is pure ciphertext
尝试将-p
参数添加到openssl enc命令,它将同时显示salt和派生密钥以及iv
try to add -p
parameter to the openssl enc command and it will display as well salt and derived key and iv
因此,请解决此问题:
- OpenSSL生成随机的8字节盐
- OpenSSL使用其魔术"函数EVP_BytesToKey从密码和盐中导出密钥和IV, 查看全文