在libgcrypt中使用Crypto ++解密加密数据的步骤 [英] Steps to decrypt encrypted data in Crypto++ in libgcrypt
问题描述
由于目标平台上的C语言限制,我需要使用libgcrypt中的Crypto ++解密加密的数据.因此,我决定使用libgcrypt,因为它支持AES128和GCM模式.
I need to decrypt the encrypted data by Crypto++ in libgcrypt due to C language restriction on target platform. So I've decided to use libgcrypt since it supporting the AES128 and GCM mode.
在Crypto ++中,数据是通过以下方式加密的:
In Crypto++, the data is encrypted this way:
std::string encrypt_data(const std::string &data,
const std::vector<unsigned char> &iv,
const std::vector<unsigned char> &key)
{
CryptoPP::GCM<CryptoPP::AES>::Encryption encryptor;
encryptor.SetKeyWithIV(&key[0], key.size(), &iv[0]);
std::string ciphertext;
CryptoPP::StringSource ss( data, true,
new CryptoPP::AuthenticatedEncryptionFilter(
encryptor,
new CryptoPP::StringSink(ciphertext)
)
);
return ciphertext;
}
并以这种方式成功解密:
and successfully decrypted this way:
std::string decrypt_data(const std::string &data,
const std::vector<unsigned char> &iv,
const std::vector<unsigned char> &key)
{
CryptoPP::GCM<CryptoPP::AES>::Decryption decryptor;
decryptor.SetKeyWithIV(&key[0], key.size(), &iv[0]);
std::string recovered;
CryptoPP::StringSource ss( data, true,
new CryptoPP::AuthenticatedDecryptionFilter(
decryptor,
new CryptoPP::StringSink( recovered )
)
);
return recovered;
}
但是,当我尝试通过以下步骤使用libgcrypt解码ciphertext时,解码的数据是错误的:
But the decoded data is wrong when I try to decode ciphertext using libgcrypt by these steps:
-
gcry_cipher_open() -
gcry_cipher_setkey() -
gcry_cipher_setiv() - 分隔密文和身份验证标签
-
gcry_cipher_decrypt(cipher text) -
gcry_cipher_checktag(authentication tag)
gcry_cipher_open()gcry_cipher_setkey()gcry_cipher_setiv()- Seperate the cipher text and authentication tag
gcry_cipher_decrypt(cipher text)gcry_cipher_checktag(authentication tag)
复制Crypto ++解码过程是否缺少任何步骤?
Is there any steps I missed to replicate the Crypto++ decoding process?
Gcrypt解密代码(预期输出Decrypted cipher = password):
Gcrypt decryption code (Expected output Decrypted cipher = password):
#include <stdio.h>
#include <stdlib.h>
#include <gcrypt.h>
static unsigned char const aesSymKey[] = { 0x38, 0xb4, 0x8f, 0x1f, 0xcd, 0x63, 0xef, 0x32, 0xc5, 0xd1, 0x3f, 0x52, 0xbc, 0x4f, 0x5b, 0x24 };
static unsigned char const aesIV[] = { 0xE4, 0xEF, 0xC8, 0x08, 0xEB, 0xB8, 0x69, 0x95, 0xF3, 0x44, 0x6C, 0xE9, 0x15, 0xE4, 0x99, 0x7E };
static unsigned char const aesPass[] = { 0xda, 0x84, 0x3f, 0x01, 0xa0, 0x14, 0xfd, 0x85 };
static unsigned char const aesTag[] = { 0xdf, 0x5f, 0x9f, 0xe2, 0x9d, 0x7e, 0xc3, 0xdf, 0x7a, 0x1e, 0x59, 0xd8, 0xe6, 0x61, 0xf7, 0x7e };
#define GCRY_CIPHER GCRY_CIPHER_AES128
#define GCRY_MODE GCRY_CIPHER_MODE_GCM
int main(){
gcry_error_t gcryError;
gcry_cipher_hd_t gcryCipherHd;
if (!gcry_check_version(GCRYPT_VERSION))
{
fputs("libgcrypt version mismatch\n", stderr);
exit(2);
}
gcry_control(GCRYCTL_DISABLE_SECMEM, 0);
gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
if(!gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P))
{
fputs("libgcrypt has not been initialized\n", stderr);
abort();
}
size_t keyLength = gcry_cipher_get_algo_keylen(GCRY_CIPHER);
size_t blkLength = gcry_cipher_get_algo_blklen(GCRY_CIPHER);
char * outBuffer = malloc(blkLength);
gcryError = gcry_cipher_open(
&gcryCipherHd, // gcry_cipher_hd_t *
GCRY_CIPHER, // int
GCRY_MODE, // int
0); // unsigned int
if (gcryError)
{
printf("gcry_cipher_open failed: %s/%s\n",
gcry_strsource(gcryError),
gcry_strerror(gcryError));
return;
}
gcryError = gcry_cipher_setkey(gcryCipherHd, aesSymKey, keyLength);
if (gcryError)
{
printf("gcry_cipher_setkey failed: %s/%s\n",
gcry_strsource(gcryError),
gcry_strerror(gcryError));
return;
}
gcryError = gcry_cipher_setiv(gcryCipherHd, aesIV, blkLength);
if (gcryError)
{
printf("gcry_cipher_setiv failed: %s/%s\n",
gcry_strsource(gcryError),
gcry_strerror(gcryError));
return;
}
gcryError = gcry_cipher_decrypt(
gcryCipherHd, // gcry_cipher_hd_t
outBuffer, // void *
blkLength, // size_t
aesPass, // const void *
8); // size_t
if (gcryError)
{
printf("gcry_cipher_decrypt failed: %s/%s\n",
gcry_strsource(gcryError),
gcry_strerror(gcryError));
return;
}
gcryError = gcry_cipher_checktag(
gcryCipherHd,
aesTag,
blkLength);
if (gcryError)
{
printf("gcry_cipher_checktag failed: %s/%s\n",
gcry_strsource(gcryError),
gcry_strerror(gcryError));
return;
}
printf("Decrypted cipher = %s\n", outBuffer);
// clean up after ourselves
gcry_cipher_close(gcryCipherHd);
free(outBuffer);
return 0;
}
为了清楚起见,我正在搜索的解密步骤是上面显示的Crypto ++加密函数的ciphertext输出; encrypt_data().所以我不会接受任何无法成功解密ciphertext的答案.
Just to be clear, the steps to decrypt I'm searching for is for the ciphertext output of the Crypto++ encryption function shown above; the encrypt_data(). So I won't accept any answer where it can't be applied to successfully decrypt ciphertext.
推荐答案
执行此代码以设置IV的Crpto ++加密实现:
The Crpto++ encryption implementation executing this code to set the IV:
encryptor.SetKeyWithIV(&key[0], key.size(), &iv[0]);
由于未通过IV大小,因此将使用默认长度12.这是基于规范建议的IV大小,即96位.
Since the IV size is not passed, the default length is used which is 12. This is based on the recommended IV size by the specification which is 96bits.
因此,为了使我的libgrcrypt正确解码密码,我只需要更改此行:
So in order for my libgrcrypt to decode the cipher correctly, I just need to change this line:
gcryError = gcry_cipher_setiv(gcryCipherHd, aesIV, blkLength);
对此:
gcryError = gcry_cipher_setiv(gcryCipherHd, aesIV, 12);
所以我将获得预期的输出:
So I'll get the expected output:
$ ./decrypt
Decrypted cipher = password
这篇关于在libgcrypt中使用Crypto ++解密加密数据的步骤的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
