使用 C# 中的 OpenSSL 使用 PBKDF2 解密 AES-256-CBC
[英]Decrypt AES-256-CBC with PBKDF2 from OpenSSL in C#
问题描述
I need to decrypt a string that was encrypted with OpenSSL as following:
我需要解密一个用 OpenSSL 加密的字符串,如下所示:
openssl rand -out secret.key -hex 192
openssl aes-256-cbc -pbkdf2 -in file_to_encrypt -out encrypted_file -pass file:secret.key
And i can't get it to work in C#我不能让它在 C# 中工作
public void OnStartup()
{
using var rsa = RSA.Create();
var privateKeyContent = File.ReadAllText("/cert/customer.pem");
rsa.ImportFromPem(privateKeyContent);
var encryptedSecret = File.ReadAllBytes("license/secret.key.enc");
var decrypted = rsa.Decrypt(encryptedSecret, RSAEncryptionPadding.Pkcs1);
_logger.LogInformation(Encoding.UTF8.GetString(decrypted));
var bytes = File.ReadAllBytes("license/license.json.enc");
var license = DecryptAesCbc(bytes, decrypted);
_logger.LogInformation(license);
}
public string DecryptAesCbc(byte[] cipheredData, byte[] passphrase)
{
string decrypted = null;
using (var ms = new MemoryStream(cipheredData))
{
// Get salt
var salt = new byte[8];
ms.Seek(8, SeekOrigin.Begin);
ms.Read(salt, 0, 8);
_logger.LogInformation("Salt: {Salt}", string.Concat(Array.ConvertAll(salt, x => x.ToString("X2"))));
// Derive key and IV
var pbkdf2 = new Rfc2898DeriveBytes(passphrase, salt, 10000, HashAlgorithmName.SHA256);
byte[] key = pbkdf2.GetBytes(32);
byte[] iv = pbkdf2.GetBytes(16);
_logger.LogInformation("Key: {Key}", string.Concat(Array.ConvertAll(key, x => x.ToString("X2"))));
_logger.LogInformation("IV: {IV}", string.Concat(Array.ConvertAll(iv, x => x.ToString("X2"))));
using Aes aes = Aes.Create();
aes.KeySize = 256;
aes.Padding = PaddingMode.PKCS7;
aes.Mode = CipherMode.CBC;
aes.Key = key;
aes.IV = iv;
// Decrypt
ICryptoTransform decipher = aes.CreateDecryptor(aes.Key, aes.IV);
using var cs = new CryptoStream(ms, decipher, CryptoStreamMode.Read);
using var sr = new StreamReader(cs, Encoding.UTF8);
decrypted = sr.ReadToEnd();
}
return decrypted;
}
With this code i receive an exception at decrypted = sr.ReadToEnd() Padding is invalid and cannot be removed.使用此代码,我在decrypted = sr.ReadToEnd()处收到异常Padding is invalid and cannot be removed.
The secret is encrypted via RSA and decrypted, the result is the same as the the decrypted file, so this should be working.秘密通过RSA加密并解密,结果与解密文件相同,所以这应该可以工作。
Im very thankful for help我非常感谢您的帮助
1 个解决方案
解决方案1
1 已采纳 2021-07-19 14:34:01
Solution:解决方案:
public static string DecryptLicense(byte[] cipherData, byte[] passphrase)
{
string decrypted = null;
using (var ms = new MemoryStream(cipherData))
{
// Get salt
var salt = new byte[8];
ms.Seek(8, SeekOrigin.Begin);
ms.Read(salt, 0, 8);
// Derive key and IV
var pbkdf2 = new Rfc2898DeriveBytes(passphrase, salt, 10000, HashAlgorithmName.SHA256);
byte[] key = pbkdf2.GetBytes(32);
byte[] iv = pbkdf2.GetBytes(16);
using Aes aes = Aes.Create();
aes.KeySize = 256;
aes.Padding = PaddingMode.PKCS7;
aes.Mode = CipherMode.CBC;
aes.Key = key;
aes.IV = iv;
// Decrypt
ICryptoTransform decipher = aes.CreateDecryptor(aes.Key, aes.IV);
using var cs = new CryptoStream(ms, decipher, CryptoStreamMode.Read);
using var sr = new StreamReader(cs, Encoding.UTF8);
decrypted = sr.ReadToEnd();
}
return decrypted;
}
and generate the passphrase with: openssl rand 192 | openssl enc -A -base64 -out secret.key并使用以下命令生成密码: openssl rand 192 | openssl enc -A -base64 -out secret.key openssl rand 192 | openssl enc -A -base64 -out secret.key
The problem was a passphrase which was generated with newlines and openssl uses just the first line from a passphrase file, but C# uses the whole file to derive the keys.问题是一个用换行符生成的密码,openssl 只使用密码文件的第一行,但 C# 使用整个文件来派生密钥。 In order to prevent that, i now generate a file with no linebreaks.为了防止这种情况,我现在生成一个没有换行符的文件。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.