解码iOS中的OpenSSL AES256字符串 [英] Decode OpenSSL AES256 string in iOS

问题描述

CLI

$ echo -n "TEST1" | openssl enc -aes256 -k FUUU -nosalt -a
bYbkQJcDFZt3y3UQEMbEeg==

iOS

iOS

NSString *leSYT = @"bYbkQJcDFZt3y3UQEMbEeg==";
NSData *data = [NSData dataFromBase64String:leSYT];
NSLog(@"%@",[data AES256DecryptWithKey:@"FUUU"]);

由于iOS失败，iOS不会输出任何内容。
我缺少什么？

iOS doesn't output anything since it failed. What am I missing?

NSData添加： http： //pastie.org/426530 //由Matt Gallagher提供NSData + Base64

NSData additions: http://pastie.org/426530 // NSData+Base64 by Matt Gallagher

推荐答案

-k 选项在OpenSSL的 enc 实用程序从您的密码FUUU中导出AES密钥和IV。您可以使用 -p 选项让OpenSSL打印AES256键及其衍生的IV：

The -k option in OpenSSL's enc utility derives an AES key and IV from your passphrase "FUUU". You can use the -p option to have OpenSSL print the AES256 key and IV that it derived:

$ echo -n "TEST1" | openssl enc -aes256 -k FUUU -nosalt -a -p
key=59C12FFF74992ED40F4DF80A56AB55AE7C513B17CB4B8CF8342E9444C7F7AF3B
iv =0BEE68AD25123B7076B91A5AFB549E33
bYbkQJcDFZt3y3UQEMbEeg==

AES256DecryptWithKey期待一个32字节的AES密钥，如评论所示：

AES256DecryptWithKey is expecting a 32-byte AES key, as the comments say:

- (NSData *)AES256DecryptWithKey:(NSString *)key {
    // 'key' should be 32 bytes for AES256, will be null-padded otherwise
    char keyPtr[kCCKeySizeAES256+1]; // room for terminator (unused)
    bzero(keyPtr, sizeof(keyPtr)); // fill with zeroes (for padding)

但即使将密钥字符串从OpenSSL转换为字符串（不是64个ASCII字符，32个字节），您仍然无法解密它并将原始字符串恢复。这是因为OpenSSL正在使用IV，但AES256DecryptWithKey不是：

But even if you convert the key string from OpenSSL to a string of bytes (not 64 ASCII characters. 32 bytes), you still won't be able to decrypt it and get your original string back. That's because OpenSSL is using an IV, but AES256DecryptWithKey is not:

CCCryptorStatus cryptStatus = CCCrypt(kCCDecrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding,
                                 keyPtr, kCCKeySizeAES256,
                                 NULL /* initialization vector (optional) */,
                                 [self bytes], dataLength, /* input */
                                 buffer, bufferSize, /* output */
                                 &numBytesDecrypted);

（请参阅为IV传递的NULL？这不会为您工作）

(See the NULL being passed for the IV? That's not going to work for you)

因此，您需要使用加密和解密方法，使用相同的AES密钥和IV才能正常工作。

So you need to use an encryption and decryption method that both use the same AES key and IV for this to work.

这篇关于解码iOS中的OpenSSL AES256字符串的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！