使用bash openssl的纯文本密钥的AES加密 [英] AES encryption with plain text key using bash openssl
问题描述
我尝试使用AES CBC加密字符串。在线工具的输出( http://aes.online-domain-tools.com/)和bash openssl命令不匹配。任何人可以帮助我,我做错了什么?
key = 12345678912345678912345678912345
iv =e90e89a2277f4f3b6a2080d27f734266#using由在线工具生成的一个
openssl enc -aes- 256-cbc -in input.txt -out output.txt -K $ key -iv $ iv
EDIT - 有关设置的详细信息在网站上选择 -
输入类型 - 纯文本
功能 - AES
模式 - CBC
- (plain) - 12345678912345678912345678912345
Init Vector - e9 0e 89 a2 27 7f 4f 3b 6a 20 80 d2 7f 73 42 66
两者
openssl aes-128-cbc -d -in odt- e90e89a2277f4f3b6a2080d27f734266.dat -K12345678912345678912345678912345-ive90e89a2277f4f3b6a2080d27f734266-nopad
及
openssl enc -aes-128-cbc -d -in odt-IV-e90e89a2277f4f3b6a2080d27f734266.dat -K12345678912345678912345678912345-ive90e89a2277f4f3b6a2080d27f734266-nopad
适用于在线计算器使用以下设置:
-
输入类型:文本
-
输入(纯文字):TESTTESTTESTTEST
功能:AES -
模式:CBC
-
金钥(HEX):12345678912345678912345678912345
-
Init。向量:e90e89a2277f4f3b6a2080d27f734266
-
操作:ENCRYPT
编辑:
我确认在线工具 zero padding ,但openssl希望 PKCS#5(也称为PKCS#7)填充:
密码通常使用PKCS#5填充也称为
标准块填充:这允许执行初步完整性或
密码检查。然而,由于随机
数据通过测试的机会比256更好,这不是一个很好的
测试。
因此需要以下参数:
-nopad禁用标准块填充
参见例如此处。
请注意,您的输出纯文本最多有15个额外的二进制零字节( \x00
)
EDIT2:
(对不起,我误解了这个问题,想想要检查在线工具的结果)
执行与在线工具相同的操作:
-nTESTTESTTESTTEST| openssl aes-128-cbc -e -K12345678912345678912345678912345-ive90e89a2277f4f3b6a2080d27f734266-nopad> odt-IV-e90e89a2277f4f3b6a2080d27f734266-1.dat
这个使用 echo -n
以输入输入数据。如果你不是在一个有能力的系统上工作,你必须准备一个文件 input.txt
,其中包含字符串 TESTTESTTESTTEST
(请检查它的长度是16字节,即在末尾没有换行符)。然后使用 -in input.txt
选项:
openssl aes- 128-cbc -in input.txt -e -K12345678912345678912345678912345-ive90e89a2277f4f3b6a2080d27f734266-nopad> odt-IV-e90e89a2277f4f3b6a2080d27f734266-2.dat
消息不是块大小对齐(即其长度不能被16除尽,没有余数)您必须应用零填充(追加到结束许多二进制零,使其块对齐)。
http://aes.online-domain-tools.com/link/40e351gOhKnRXuxdY/ =nofollow>加密字符串TESTTESTTEST(其长度为12,必须添加4个二进制零以阻止-align to 16):
echo -neTESTTESTTEST\x00\x00\x00\x00| openssl aes-128-cbc -e -K12345678912345678912345678912345-ive90e89a2277f4f3b6a2080d27f734266-nopad> odt-IV-e90e89a2277f4f3b6a2080d27f734266-3.dat
( -e
在
echo
中启用对 \x00
工作的反斜线转义的解释)
EDIT3(奖金一):
使用shell执行零填充:
input =TESTTESTTEST
(echo -n$ {input}; head -c 15 / dev / zero)| head -c$(((($ {#input} +15)/ 16)* 16))| openssl aes-128-cbc -e -K12345678912345678912345678912345-ive90e89a2277f4f3b6a2080d27f734266-nopad> odt-IV-e90e89a2277f4f3b6a2080d27f734266-4.dat
I am trying to encrypt a string using AES CBC. The output of the online tool (http://aes.online-domain-tools.com/) and the bash openssl command do not match. Can anyone help me with what I am doing wrong?
key = 12345678912345678912345678912345
iv="e90e89a2277f4f3b6a2080d27f734266" #using the one generated by online tool
openssl enc -aes-256-cbc -in input.txt -out output.txt -K $key -iv $iv
EDIT - more info on the settings chosen on the site -
Input type - plain text
Function - AES
Mode - CBC
Key - (plain) - 12345678912345678912345678912345
Init Vector - e9 0e 89 a2 27 7f 4f 3b 6a 20 80 d2 7f 73 42 66
Both
openssl aes-128-cbc -d -in odt-IV-e90e89a2277f4f3b6a2080d27f734266.dat -K "12345678912345678912345678912345" -iv "e90e89a2277f4f3b6a2080d27f734266" -nopad
and
openssl enc -aes-128-cbc -d -in odt-IV-e90e89a2277f4f3b6a2080d27f734266.dat -K "12345678912345678912345678912345" -iv "e90e89a2277f4f3b6a2080d27f734266" -nopad
work for me for the file generated by the online calculator using the following settings:
Input type: Text
Input(Plaintext): TESTTESTTESTTEST
Function: AES
Mode: CBC
Key(HEX): 12345678912345678912345678912345
Init. vector: e90e89a2277f4f3b6a2080d27f734266
Operation: ENCRYPT
EDIT:
I confirmed that the online tool does zero padding, but openssl expects PKCS#5 (also known as PKCS#7) padding:
All the block ciphers normally use PKCS#5 padding also known as standard block padding: this allows a rudimentary integrity or password check to be performed. However since the chance of random data passing the test is better than 1 in 256 it isn't a very good test.
So the following argument is needed:
-nopad disable standard block padding
See e.g. here.
Beware that your output plaintext will have up to 15 extra binary zero bytes (\x00
)
EDIT2:
(I am sorry I misunderstood the question, thought you wanted to check the result of the online tool)
To perform the same operation as the online tool:
echo -n "TESTTESTTESTTEST" | openssl aes-128-cbc -e -K "12345678912345678912345678912345" -iv "e90e89a2277f4f3b6a2080d27f734266" -nopad > odt-IV-e90e89a2277f4f3b6a2080d27f734266-1.dat
This one uses echo -n
to feed the input data. If you are not working on a system capable of this, you will have to prepare a file input.txt
, which contains the string TESTTESTTESTTEST
(please do check that its length is 16 bytes -- i.e. no newline at the end). Then use the -in input.txt
option:
openssl aes-128-cbc -in input.txt -e -K "12345678912345678912345678912345" -iv "e90e89a2277f4f3b6a2080d27f734266" -nopad > odt-IV-e90e89a2277f4f3b6a2080d27f734266-2.dat
When the message is not block-size aligned (i.e. its length is not divisible by 16 without a remainder) you have to apply zero padding (append to end that many binary zeroes, to make it block-aligned).
So to encrypt the string "TESTTESTTEST" (its length is 12, you must add 4 binary zeroes to block-align it to 16):
echo -ne "TESTTESTTEST\x00\x00\x00\x00" | openssl aes-128-cbc -e -K "12345678912345678912345678912345" -iv "e90e89a2277f4f3b6a2080d27f734266" -nopad > odt-IV-e90e89a2277f4f3b6a2080d27f734266-3.dat
(The -e
in echo
enables interpretation of backslash escapes for the \x00
to work)
EDIT3(bonus one):
To perform the zero padding using shell:
input="TESTTESTTEST"
( echo -n "${input}" ; head -c 15 /dev/zero ) | head -c "$((((${#input}+15)/16)*16))" | openssl aes-128-cbc -e -K "12345678912345678912345678912345" -iv "e90e89a2277f4f3b6a2080d27f734266" -nopad > odt-IV-e90e89a2277f4f3b6a2080d27f734266-4.dat
这篇关于使用bash openssl的纯文本密钥的AES加密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!