使用aes_256_cbc加密加密时的默认IV是什么? [英] What is the default IV when encrypting with aes_256_cbc cipher?

查看:7552
本文介绍了使用aes_256_cbc加密加密时的默认IV是什么?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我在文件中生成了一个随机的256位对称密钥,用于使用OpenSSL命令行对某些数据进行加密,我需要使用OpenSSL库以编程方式进行解密。我没有成功,我认为问题可能在我正在使用的初始化向量(或不使用)中。



我使用此命令加密数据:

  / usr / bin / openssl enc -aes-256-cbc -salt -in input_filename -out output_filename -pass file: keyfile 

我正在使用以下调用来初始化数据的解密:

  EVP_DecryptInit_ex(ctx,EVP_aes_256_cbc(),nullptr,keyfile.data(),nullptr))
/ pre>

keyfile 是一个向量< unsigned char> 保存该键的32个字节。我的问题是关于最后一个参数。它应该是密码算法的初始化向量。加密时没有指定IV,所以必须使用默认值。



为该参数传递nullptr是否意味着使用默认值?默认为空,并且没有任何内容添加到第一个密码块?



我应该提到,我可以从命令行解密而不提供IV。 / p>

解决方案


使用EVP_aes_256_cbc()[sic] cipher ...加密时的默认IV是什么? br>

为该参数传递nullptr意味着使用默认值?默认为null,并且没有添加到第一个密码块?


没有。你必须提供它为了完整,IV应该是不可预测的。



不可预测的 随机。例如,SSLv3用于在下一个块的IV中使用最后一个密文块。这是唯一,但它既不是随机的也不是不可预测的,它使SSLv3容易受到选定的明文攻击。



其他库做一些聪明的事情,例如提供一个空的向量(一个0的字符串)。他们的攻击者感谢他们。另请参阅为什么在CBC模式下使用非随机IV,一个漏洞? Stack Overflow和如果使用已知和/或固定的IV,则CBC模式下的AES是否安全? Crypto.SE。







/ usr / bin / openssl enc -aes-256-cbc ...


我应该提到,我可以从命令行解密而不提供IV。


OpenSSL使用内部的mashup / key派生函数,它接受密码,并导出一个密钥和iv。它被称为 EVP_BytesToKey ,您可以在手册页中阅读。手册页还说:


如果总键和IV长度小于摘要长度,则使用MD5,则派生算法为与PKCS#5 v1.5兼容,否则使用非标准扩展来导出额外的数据。


有很多例子一旦您知道要查找什么, EVP_BytesToKey Openssl密码是一个C. 如何使用Java中的AES打开使用openssl命令加密的Java中的文件







EVP_DecryptInit_ex(ctx,EVP_aes_256_cbc(),nullptr,keyfile.data(),nullptr))


I加密时没有指定IV,因此必须使用默认值。


检查您的返回值。呼叫应该在路径的某处失败。可能不在 EVP_DecryptInit_ex ,但肯定在 EVP_DecryptFinal 之前。



如果没有失败,请提交错误报告。


I've generated a random 256 bit symmetric key, in a file, to use for encrypting some data using the OpenSSL command line which I need to decrypt later programmatically using the OpenSSL library. I'm not having success, and I think the problem might be in the initialization vector I'm using (or not using).

I encrypt the data using this command:

/usr/bin/openssl enc -aes-256-cbc -salt -in input_filename -out output_filename -pass file:keyfile

I'm using the following call to initialize the decrypting of the data:

EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), nullptr, keyfile.data(), nullptr))

keyfile is a vector<unsigned char> that holds the 32 bytes of the key. My question is regarding that last parameter. It's supposed to be an initialization vector to the cipher algorithm. I didn't specify an IV when encrypting, so some default must have been used.

Does passing nullptr for that parameter mean "use the default"? Is the default null, and nothing is added to the first cipher block?

I should mention that I'm able to decrypt from the command line without supplying an IV.

解决方案

What is the default IV when encrypting with EVP_aes_256_cbc() [sic] cipher...

Does passing nullptr for that parameter mean "use the default"? Is the default null, and nothing is added to the first cipher block?

There is none. You have to supply it. For completeness, the IV should be non-predictable.

Non-Predictable is slightly different than both Unique and Random. For example, SSLv3 used to use the last block of ciphertext for the next block's IV. It was Unique, but it was neither Random nor Non-Predictable, and it made SSLv3 vulnerable to chosen plaintext attacks.

Other libraries do clever things like provide a null vector (a string of 0's). Their attackers thank them for it. Also see Why is using a Non-Random IV with CBC Mode a vulnerability? on Stack Overflow and Is AES in CBC mode secure if a known and/or fixed IV is used? on Crypto.SE.


/usr/bin/openssl enc -aes-256-cbc...

I should mention that I'm able to decrypt from the command line without supplying an IV.

OpenSSL uses an internal mashup/key derivation function which takes the password, and derives a key and iv. Its called EVP_BytesToKey, and you can read about it in the man pages. The man pages also say:

If the total key and IV length is less than the digest length and MD5 is used then the derivation algorithm is compatible with PKCS#5 v1.5 otherwise a non standard extension is used to derive the extra data.

There are plenty of examples of EVP_BytesToKey once you know what to look for. Openssl password to key is one in C. How to decrypt file in Java encrypted with openssl command using AES in one in Java.


EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), nullptr, keyfile.data(), nullptr))

I didn't specify an IV when encrypting, so some default must have been used.

Check your return values. A call should have failed somewhere along the path. Maybe not at EVP_DecryptInit_ex, but surely before EVP_DecryptFinal.

If its not failing, then please file a bug report.

这篇关于使用aes_256_cbc加密加密时的默认IV是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆