OpenSSL 字符串解密问题 [英] OpenSSL string decryption issue

问题描述

我会尽量做到简洁.

我希望能够加密 &使用 OpenSSL 解密简单字符串，我之前做过.

I want to be able to encrypt & decrypt simple strings using OpenSSL, which I have done before.

但是，必须满足以下条件:

HOWEVER, the following conditions must be met:

• 简单的密码短语使用(无密钥)
• 没有输入/输出文件
• 不提示输入密码(通过命令行选项指定任一方向)

我占了 50%.我可以通过以下方式成功执行加密:

I'm 50% there. I can successfully perform ENCRYPTION via:

echo 'someTextIWantToEncrypt' | openssl enc -e -aes-256-cbc -nosalt -pass pass:mySecretPass

输出结果为:

(??b}n??v???>??G??.?B??~?

好的，太好了.现在我想解密那个字符串.所以我这样做:

OK, great. Now I want to DECRYPT that string. So I do:

echo -n '(??b}n??v???>??G??.?B??~?' | openssl enc -d -aes-256-cbc -pass pass:mySecretPass

甚至作为替代方案:

openssl enc -d -aes-256-cbc -pass pass:mySecretPass <<< '(??b}n??v???>??G??.?B??~?'

但我得到了这样的回应:

But I get this response:

bad magic number

虽然我不想使用输入/输出文件，但该方法确实 100% 有效:

Though I don't want to use input/output files, that method DOES work 100%:

# encrypt to file
echo -n 'someTextIWantToEncrypt' | openssl enc -e -nosalt -out test.txt -aes-256-cbc -pass pass:mySecretPass 

# decrypt from file
openssl enc -d -nosalt -in test.txt -aes-256-cbc -pass pass:mySecretPass

# result of decryption (is successful):
someTextIWantToEncrypt

那么...我如何不使用输入/输出文件来实现上述解密过程?我觉得我很接近，但缺少一些小细节.

So ... how can I achieve the above decryption process without using input/output files whatsoever? I feel I am close, but missing some small detail.

提前致谢.

推荐答案

问题是加密使用了整个 ASCII 字符集，包括不可打印的字符.如果您希望能够剪切和粘贴加密数据，则需要将其转换为仅可打印的字符.您可以使用 -base64(或 -a)选项来做到这一点:

The problem is that encryption uses the entire ASCII character set, including unprintable characters. If you want to be able to cut and paste the encrypted data, you need to convert it to only printable characters. You can do this with the -base64 (or -a) option:

echo 'someTextIWantToEncrypt' | 
  openssl enc -base64 -e -aes-256-cbc -nosalt -pass pass:mySecretPass

KPkBkGJ9bs4YHvh24xz7m9jTlYWm1LcIFcWR0DwY4PU=

然后用同样的方法解密:

Then decrypt it the same way:

echo "KPkBkGJ9bs4YHvh24xz7m9jTlYWm1LcIFcWR0DwY4PU=" | 
  openssl enc -base64 -d -aes-256-cbc -nosalt -pass pass:mySecretPass

警告:如果您使用的是 openssl，我只能假设数据的机密性，因此密码对您很重要.如果是这种情况，您应该永远不要在命令行上提供密码，因为它可能会暴露给任何有权运行 ps 的人.

WARNING: If you're using openssl, I can only assume the confidentiality of the data, and therefore the password, is important to you. If that's the case, you should never supply a password on the command line, because it can be exposed to anyone with the privilege to run ps.

更好的解决方案是将密码存储在环境变量中，并让 openssl 从那里读取:

A better solution is to store the password in an environment variable and have openssl read it from there:

export passwd="mySecretPass"
echo "KPkBkGJ9bs4YHvh24xz7m9jTlYWm1LcIFcWR0DwY4PU=" | 
  openssl enc -base64 -d -aes-256-cbc -nosalt -pass env:passwd

这篇关于OpenSSL 字符串解密问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！