如何找到用于对数据进行AES加密的初始化向量CAPICOM? [英] How can I find the initialization vector CAPICOM used to AES-encrypt my data?
问题描述
我有一个用Classic ASP编写的应用程序,该应用程序通过CAPICOM加密数据并将其存储在数据库中.加密代码如下所示(经典ASP,VB.为简便起见,简化了一下):
I have an application written in Classic ASP that encrypts data via CAPICOM and stores it in a database. The encryption code looks something like this (Classic ASP, VB. Simplified a bit for brevity):
set encryptObject = Server.CreateObject("CAPICOM.EncryptedData")
encryptObject.Algorithm.Name = 4 ' 4 is AES
encryptObject.Algorithm.KeyLength = ' 0 is MAX
encryptObject.SetSecret(sharedSecret) ' sharedSecret was set earlier
encryptObject.Content = stringToEncrypt
encryptedString = encryptObject.Encrypt()
现在,我有一个.NET应用程序,需要读取此数据并将其解密.在使用 RijndaelManaged 类之前,我已经在.NET中完成了与AES兼容的加密/解密,我希望可以使用相同的方法来解密此数据.但是,我不知道如何使它与CAPICOM的加密数据一起使用,因为 RijndaelManaged 要求您在调用 RijndaelManaged.CreateEncryptor 时传递密钥和初始化矢量,并且CAPICOM不采用初始化向量.我假设CAPICOM必须使用初始化向量,但不公开它.我怎么找到那个向量?
Now, I have a .NET application that needs to read this data and decrypt it. I've done AES-compatible encryption/decryption in .NET before using the RijndaelManaged class, and I'm hoping I can use that same method to decrypt this data. However, I can't figure out how to get this to work with CAPICOM's encrypted data, because RijndaelManaged requires that you pass a key AND an intialization vector when calling RijndaelManaged.CreateEncryptor, and CAPICOM doesn't take an initialization vector. I assume CAPICOM must be using an initialization vector, but not exposing it. How can I find that vector?
推荐答案
首先将全零IV传递给.NET解密例程.
Start by passing an all-zeros IV to the .NET decryption routine.
如果整个邮件都可以解密,则原始加密还使用了空IV.
If the whole message decrypts fine, then the original encryption also used a null IV.
您很有可能会获得错误的第一个块(16字节)以及可读的第二个和后续块.
It is more likely that you will get a mangled first block (16 bytes) and readable second and subsequent blocks.
如果第二个块看起来好像是消息的实际开始,则原始的IV作为加密消息的第一个块被传递.那是很普通的技术.
If the second block looks as if it is the actual start of the message then the original IV was passed as the first block of the encrypted message. That is a pretty common technique.
如果不是,那么您将必须询问谁加密了消息,他们使用了什么IV.否则,活的消息将不包含消息的前16个字节.
If not then you are going to have to ask whoever encrypted the message what IV they used. Or else live without the first 16 bytes of the message.
这篇关于如何找到用于对数据进行AES加密的初始化向量CAPICOM?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
