使用Bouncycastle解密AES-256-CBC [英] Decrypting aes-256-cbc using bouncycastle

问题描述

bouncyCastle的新手，感谢您的帮助。我正在尝试使用bounncycastle java API解密系统上第三方加密的文件。

New to bouncyCastle, any help appreciated. I am trying to decrypt a file encrypted by third party on my system using bounncycastle java API. It seems to decrypt file fine except for the blob of junk data at the beginning on the decrypted file.Code below

PaddedBufferedBlockCipher aes = new PaddedBufferedBlockCipher(new CBCBlockCipher(
                    new AESEngine()));
            CipherParameters ivAndKey = new ParametersWithIV(new KeyParameter(DatatypeConverter.parseHexBinary(keyInfo.getKey())),
                    DatatypeConverter.parseHexBinary(keyInfo.getInitializationVector()));
            aes.init(false, ivAndKey);

            byte[] decryptedBytes = cipherData(aes, Base64.decodeBase64(inputStreamToByteArray(new FileInputStream(encryptedFile))));

            return new ByteArrayInputStream(decryptedBytes);

private static byte[] cipherData(PaddedBufferedBlockCipher cipher, byte[] data)
        throws Exception {
    int minSize = cipher.getOutputSize(data.length);
    byte[] outBuf = new byte[minSize];
    int length1 = cipher.processBytes(data, 0, data.length, outBuf, 0);
    int length2 = cipher.doFinal(outBuf, length1);
    int actualLength = length1 + length2;
    byte[] result = new byte[actualLength];
    System.arraycopy(outBuf, 0, result, 0, result.length);
    return result;
}
private byte[] inputStreamToByteArray(InputStream is) throws IOException {

    ByteArrayOutputStream buffer = new ByteArrayOutputStream();

    int numberRead;
    byte[] data = new byte[16384];

    while ((numberRead = is.read(data, 0, data.length)) != -1) {
        buffer.write(data, 0, numberRead);
    }

    buffer.flush();

    return buffer.toByteArray();
}

除开头的
之外，解密的数据blob看起来不错 ？& ?? ovKw ????? C ??：？8？06 ?? 85042 | |

Decrypted data blob looks fine except for the beginning "???&??ovKw?????C??:?8?06??85042| | "

openssl命令解密文件效果很好下面。实际上，我在解密时使用的是opensl打印的密钥和iv。

The openssl command to decrypt the file works fine command below. In fact I am using the key and iv printed out by openssl when decrypting.

openssl aes-256-cbc -d -salt -incryptedfile.txt -pass pass：密码-a -p

openssl aes-256-cbc -d -salt -in encryptedfile.txt -pass pass:password -a -p

推荐答案

解决方案很简单：跳过密文blob的前16个字节。加密的Blob以魔术开头（您可以尝试读取前8个字节作为ASCII文本），然后使用8个字节的随机盐与密码一起使用以得出密钥和IV（使用OpenSSL专有密码哈希机制）称为 EVP_BytesToKey ）

The solution is simple: skip the first 16 bytes of the ciphertext blob. The encrypted blob starts with a magic (you can try and read the first 8 bytes as ASCII text), then 8 bytes of random salt that are used together with the password to derive the key and the IV (using an OpenSSL proprietary password hashing mechanism called EVP_BytesToKey).

由于前一个块被用作CBC中下一个块的向量，因此16个字节的后续块也将受到影响，从而在开始时为您提供32个随机字节。相反，应该将字节16到31与IV进行异或。

Because the previous block is used as a vector for the next block in CBC the followup block of 16 bytes is also affected, giving you 32 random bytes at the start. Instead byte 16 to 31 should have been XOR'ed with the IV.

这里是使用我的旧昵称发布的 BytesToKey 的Java实现。

Here's a Java implementation of BytesToKey posted by using my old nickname.

这篇关于使用Bouncycastle解密AES-256-CBC的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！