如何在 pyOpenSSL 中设置密码模式?
[英]How to set cipher mode in pyOpenSSL?
问题描述
I am trying to translate this cli command into python: openssl genpkey -aes-256-cbc -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out my-private-key.pem
我正在尝试将此 cli 命令转换为 python: openssl genpkey -aes-256-cbc -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out my-private-key.pem
So far, the best option I have found is pyOpenSSL, however, I cannot seem to set the cbc cipher mode.到目前为止,我发现的最佳选择是 pyOpenSSL,但是,我似乎无法设置 cbc 密码模式。 At the moment this is how my code looks:目前这是我的代码的样子:
gen_key = OpenSSL.crypto.PKey()
gen_key.generate_key(OpenSSL.crypto.TYPE_RSA, 2048)
OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM, gen_key, cipher='aes256', passphrase=b"some_passphrase")
This however only specifies the cipher, not its mode.然而,这仅指定密码,而不是其模式。 When I try to specify the cipher with cipher='aes256-cbc' or cipher='aescbc256' I get an invalid cipher name error.当我尝试使用cipher='aes256-cbc'或cipher='aescbc256'指定密码时,我收到一个无效的密码名称错误。 I would be extremely grateful if someone could help me setup my aes256 cipher to cbc mode.如果有人能帮我将 aes256 密码设置为 cbc 模式,我将不胜感激。
1 个解决方案
解决方案1
0 已采纳 2021-03-16 01:49:13
For the ciphername argument, you can use the algorithm names printed out by the command openssl list -cipher-commands .对于ciphername参数,您可以使用命令openssl list -cipher-commands打印出的算法名称。 There you will see mentioned aes-256-cbc , which is the name that you were looking for.在那里您会看到提到aes-256-cbc ,这是您要查找的名称。
You can use those ciphers in a case insensitive way and most of them listed have aliases that you can use as well.您可以以不区分大小写的方式使用这些密码,并且列出的大多数密码都有您也可以使用的别名。 For example if you use openssl -list -cipher-algorithms , you will notice例如,如果您使用openssl -list -cipher-algorithms ,您会注意到
aes256 => AES-256-CBC
so it turns out you were using CBC mode already.所以事实证明你已经在使用 CBC 模式了。
You can verify this also by feeding the generated PEM into the openssl asn1parse command, which starts like this (I added a print statement to the code to print the PEM):您也可以通过将生成的 PEM 输入openssl asn1parse命令来验证这一点,该命令的开头如下(我在代码中添加了一条打印语句来打印 PEM):
$ python dumpkey.py | openssl asn1parse
0:d=0 hl=4 l=1325 cons: SEQUENCE
4:d=1 hl=2 l= 87 cons: SEQUENCE
6:d=2 hl=2 l= 9 prim: OBJECT :PBES2
17:d=2 hl=2 l= 74 cons: SEQUENCE
19:d=3 hl=2 l= 41 cons: SEQUENCE
21:d=4 hl=2 l= 9 prim: OBJECT :PBKDF2
32:d=4 hl=2 l= 28 cons: SEQUENCE
34:d=5 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:DAA5C15B1DB3C8CF
44:d=5 hl=2 l= 2 prim: INTEGER :0800
48:d=5 hl=2 l= 12 cons: SEQUENCE
50:d=6 hl=2 l= 8 prim: OBJECT :hmacWithSHA256
60:d=6 hl=2 l= 0 prim: NULL
62:d=3 hl=2 l= 29 cons: SEQUENCE
64:d=4 hl=2 l= 9 prim: OBJECT :aes-256-cbc
I do not know for sure whether all names mentioned in the list -cipher-commands are compatible with dump_privatekey() and also not whether that list is exhaustive (barring the aliases).我不确定list -cipher-commands中提到的所有名称是否与dump_privatekey()兼容,也不知道该列表是否详尽(除了别名)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.