使用bash openssl的纯文本密钥进行AES加密 [英] AES encryption with plain text key using bash openssl
问题描述
key = 12345678912345678912345678912345
iv =e90e89a2277f4f3b6a2080d27f734266#使用在线工具生成的一个
openssl enc -aes- 256-cbc -in input.txt -out output.txt -K $ key -iv $ iv
编辑 - 有关设置的更多信息在网站上选择 -
输入类型 - 纯文本
功能 - AES
模式 - CBC
键 - (plain) - 12345678912345678912345678912345
初始向量 - e9 0e 89 a2 27 7f 4f 3b 6a 20 80 d2 7f 73 42 66
两者
openssl aes-128-cbc -d -in odt-IV- e90e89a2277f4f3b6a2080d27f734266.dat -K12345678912345678912345678912345-ive90e89a2277f4f3b6a2080d27f734266-nopad
和
openssl enc -aes-128-cbc -d -in odt-IV-e90e89a2277f4f3b6a2080d27f734266.dat -K12345678912345678912345678912345-ive90e89a2277f4f3b6a2080d27f734266-nopad
为在线计算器生成的文件使用以下设置:
-
输入类型:文本
-
输入(明文):TESTTESTTESTTEST
-
功能:AES
-
模式:CBC
-
键(HEX):12345678912345678912345678912345
-
向量:e90e89a2277f4f3b6a2080d27f734266
-
操作:ENCRYPT
< >
编辑:
我确认了在线工具零填充,但openssl希望 PKCS#5(也称为PKCS#7)填充:
全部块密码通常使用PKCS#5填充,也称为
标准块填充:这允许执行基本的完整性或
密码检查。然而,由于随机
数据通过测试的机会优于256中的1,这不是一个非常好的
测试。
所以需要以下参数:
-nopad禁用标准块填充
请参见eg 此处。
请注意,您的输出明文最多可以有15个额外的二进制零字节( \x00
)
EDIT2:
(对不起,我误解了这个问题,以为你想检查在线工具的结果)
执行与在线工具相同的操作:
echo -nTESTTESTTESTTEST| openssl aes-128-cbc -e -K12345678912345678912345678912345-ive90e89a2277f4f3b6a2080d27f734266-nopad> odt-IV-e90e89a2277f4f3b6a2080d27f734266-1.dat
这一个使用 echo -n
来提供输入数据。如果您没有使用能够执行此操作的系统,则必须准备一个文件 input.txt
,其中包含字符串 TESTTESTTESTTEST
(请检查它的长度是16个字节 - 即末尾没有换行符)。然后使用 -in input.txt
选项:
openssl aes- 128-cbc -in input.txt -e -K12345678912345678912345678912345-ive90e89a2277f4f3b6a2080d27f734266-nopad> odt-IV-e90e89a2277f4f3b6a2080d27f734266-2.dat
消息不是块大小对齐(即其长度不能被16除以余数),您必须应用零填充(附加结束许多二进制零,使其对齐)。
所以到加密字符串TESTTESTTEST(其长度为12,您必须添加4个二进制零阻止对齐到16):
echo -neTESTTESTTEST\x00\x00\x00\x00 | openssl aes-128-cbc -e -K12345678912345678912345678912345-ive90e89a2277f4f3b6a2080d27f734266-nopad> odt-IV-e90e89a2277f4f3b6a2080d27f734266-3.dat
( -e
echo
中的code>可以为 \x00
的反斜杠转义解释工作)
EDIT3(加值一):
使用shell执行零填充
input =TESTTESTTEST
(echo -n$ {input}; head -c 15 / dev / zero)| head -c$(((($ {#input} +15)/ 16)* 16))| openssl aes-128-cbc -e -K12345678912345678912345678912345-ive90e89a2277f4f3b6a2080d27f734266-nopad> odt-IV-e90e89a2277f4f3b6a2080d27f734266-4.dat
I am trying to encrypt a string using AES CBC. The output of the online tool (http://aes.online-domain-tools.com/) and the bash openssl command do not match. Can anyone help me with what I am doing wrong?
key = 12345678912345678912345678912345
iv="e90e89a2277f4f3b6a2080d27f734266" #using the one generated by online tool
openssl enc -aes-256-cbc -in input.txt -out output.txt -K $key -iv $iv
EDIT - more info on the settings chosen on the site -
Input type - plain text
Function - AES
Mode - CBC
Key - (plain) - 12345678912345678912345678912345
Init Vector - e9 0e 89 a2 27 7f 4f 3b 6a 20 80 d2 7f 73 42 66
Both
openssl aes-128-cbc -d -in odt-IV-e90e89a2277f4f3b6a2080d27f734266.dat -K "12345678912345678912345678912345" -iv "e90e89a2277f4f3b6a2080d27f734266" -nopad
and
openssl enc -aes-128-cbc -d -in odt-IV-e90e89a2277f4f3b6a2080d27f734266.dat -K "12345678912345678912345678912345" -iv "e90e89a2277f4f3b6a2080d27f734266" -nopad
work for me for the file generated by the online calculator using the following settings:
Input type: Text
Input(Plaintext): TESTTESTTESTTEST
Function: AES
Mode: CBC
Key(HEX): 12345678912345678912345678912345
Init. vector: e90e89a2277f4f3b6a2080d27f734266
Operation: ENCRYPT
EDIT:
I confirmed that the online tool does zero padding, but openssl expects PKCS#5 (also known as PKCS#7) padding:
All the block ciphers normally use PKCS#5 padding also known as standard block padding: this allows a rudimentary integrity or password check to be performed. However since the chance of random data passing the test is better than 1 in 256 it isn't a very good test.
So the following argument is needed:
-nopad disable standard block padding
See e.g. here.
Beware that your output plaintext will have up to 15 extra binary zero bytes (\x00
)
EDIT2:
(I am sorry I misunderstood the question, thought you wanted to check the result of the online tool)
To perform the same operation as the online tool:
echo -n "TESTTESTTESTTEST" | openssl aes-128-cbc -e -K "12345678912345678912345678912345" -iv "e90e89a2277f4f3b6a2080d27f734266" -nopad > odt-IV-e90e89a2277f4f3b6a2080d27f734266-1.dat
This one uses echo -n
to feed the input data. If you are not working on a system capable of this, you will have to prepare a file input.txt
, which contains the string TESTTESTTESTTEST
(please do check that its length is 16 bytes -- i.e. no newline at the end). Then use the -in input.txt
option:
openssl aes-128-cbc -in input.txt -e -K "12345678912345678912345678912345" -iv "e90e89a2277f4f3b6a2080d27f734266" -nopad > odt-IV-e90e89a2277f4f3b6a2080d27f734266-2.dat
When the message is not block-size aligned (i.e. its length is not divisible by 16 without a remainder) you have to apply zero padding (append to end that many binary zeroes, to make it block-aligned).
So to encrypt the string "TESTTESTTEST" (its length is 12, you must add 4 binary zeroes to block-align it to 16):
echo -ne "TESTTESTTEST\x00\x00\x00\x00" | openssl aes-128-cbc -e -K "12345678912345678912345678912345" -iv "e90e89a2277f4f3b6a2080d27f734266" -nopad > odt-IV-e90e89a2277f4f3b6a2080d27f734266-3.dat
(The -e
in echo
enables interpretation of backslash escapes for the \x00
to work)
EDIT3(bonus one):
To perform the zero padding using shell:
input="TESTTESTTEST"
( echo -n "${input}" ; head -c 15 /dev/zero ) | head -c "$((((${#input}+15)/16)*16))" | openssl aes-128-cbc -e -K "12345678912345678912345678912345" -iv "e90e89a2277f4f3b6a2080d27f734266" -nopad > odt-IV-e90e89a2277f4f3b6a2080d27f734266-4.dat
这篇关于使用bash openssl的纯文本密钥进行AES加密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!