使用PBKDF2密钥派生用rust-crypto正确创建用户可读的盐 [英] Using PBKDF2 key derivation to properly create user-readable salt with rust-crypto
问题描述
我目前正在为标准文件创建客户端,其中涉及使用PBKDF2来提高安全性。我正在使用 rust-crypto ,尽管我已经试验了ring和rust-openssl。
I am currently working on creating a client for Standard File, which involves using PBKDF2 for security. I'm using rust-crypto, although I have experimented with ring and rust-openssl.
首先,您要获取盐,成本和服务器通过 / auth / param
端点的版本号。我将这些序列化为带有Serde的结构。
First, you retrieve a salt, cost and version number from the server through the /auth/param
endpoint. I have these serialized into a struct with Serde.
#[derive(Serialize, Deserialize, Clone, Debug)]
pub struct PWHash {
pub pw_salt: String,
pub pw_cost: u32,
pub version: String,
}
我看过的以前的客户端是使用Python实现的,其中PBKDF2函数似乎都接受字符串。但是,对于带有Rust的PBKDF2,它们都接受& [u8]
作为参数。
Previous clients I have looked at implemented using Python, where the PBKDF2 functions all seem to accept strings. However, for PBKDF2 with Rust, they all accept &[u8]
as the parameter.
我使用 .as_bytes()
,然后再调用 str :: from_utf8
输出派生密钥。但是,这样做时会失败,并显示 Err(Utf8Error {valid_up_to:0,error_len:Some(1)})
。
I use .as_bytes()
when calling the function, and then str::from_utf8
to output the derived key. However, when doing so, it fails with Err(Utf8Error { valid_up_to: 0, error_len: Some(1) })
.
这是一个代码段:
pub fn hashcompute(&self, password: String) {
let mut dk = [0u8; 768]; // derived key
let mut mac = Hmac::new(Sha512::new(), password.as_bytes());
pbkdf2::pbkdf2(&mut mac, self.pw_salt.as_bytes(), self.pw_cost, &mut dk);
println!("{:?}", str::from_utf8(&dk));
}
甚至 String :: from_utf8_lossy
返回不可读字符的结果。
Even String::from_utf8_lossy
returns a result of unreadable characters.
如何正确格式化Rust字符串以正确使用密码?还有另一个功能正常的库吗?还是这是一个丢失的原因?
How do I properly format a Rust string for proper cryptographic use? Is there another library that is functional? Or is this a lost cause?
推荐答案
根据标准文件文档,密钥应进行十六进制编码(请参见代码示例中的注释)。所以这样的事情应该起作用:
According to the Standard File documentation, the key should be hex-encoded (see the comments in the code sample). So something like this should work:
extern crate rustc_serialize as serialize;
use serialize::hex::{FromHex, ToHex};
pub fn hashcompute(&self, password: String) {
let mut dk = [0u8; 768]; // derived key
let mut mac = Hmac::new(Sha512::new(), password.as_bytes());
pbkdf2::pbkdf2(&mut mac, self.pw_salt.from_hex().unwrap(), self.pw_cost, &mut dk);
println!("{}", dk.to_hex());
}
请注意,我也使用了 from_hex
将盐从字符串转换为& [u8]
,因为看起来盐也应进行十六进制编码。
Note that I've also used from_hex
to convert the salt from a string to a &[u8]
since it looks like the salt should also be hex-encoded.
这篇关于使用PBKDF2密钥派生用rust-crypto正确创建用户可读的盐的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!