堆栈内存溢出
  繁体   English   中英

使用OpenSSL兼容格式在C#中加密,在Poco中解密

[英]Encrypt in C# using OpenSSL compatible format, decrypt in Poco

 原文  2015-01-27 10:31:47       c#/ c++/ cryptography/ openssl/ poco

问题描述

我正在尝试使用OpenSSL兼容格式在Win OS中加密(aes-128-cbc),并使用Poco :: Crypto在Linux OS上解密,这是OpenSSL的包装。 我正在使用pwd和盐。

挖掘Stack Overflow,OpenSSL和Poco我发现:

1)从Win端(我使用C#方法)需要创建一个标题为“Salted__1 ..... 8 ”字节的文件,其中1..8字节是随机模式下生成的盐。 标头字节总数= 16.事实上,OpenSSL函数EVP_BytesToKey(..)从标头中提取的盐生成密钥。 我将所有字节(标题+ salt +加密)保存在文件中。

我要感谢Antanas Veiverys在https://antanas.veiverys.com/encrypt-data-with-net-decrypt-with-openssl/上的代码。 我使用他的课程如下(片段): 

public static class AESEncryption
{
    private static byte[] randomBytes(int size)
    {
        byte[] array = new byte[size];
        new Random().NextBytes(array);
        return array;
    }

    /// Encrypt a string
    public static string Encrypt(string plainText, string password)
    {
        byte[] plainTextBytes = Encoding.UTF8.GetBytes(plainText);
        byte[] encryptedBytes = Encrypt(plainTextBytes, password);
        return Convert.ToBase64String(encryptedBytes);
    }

    public static byte[] Encrypt(byte[] plainTextBytes, string password)
    {
        byte[] salt = randomBytes(8);
        // if salt is same during every encryption, same key is used. May be useful for testing, must not be used in production code
        //salt = new byte[8]; //set {0,0...}

        byte[] passwordBytes = Encoding.UTF8.GetBytes(password);

        MD5 md5 = MD5.Create();

        int preKeyLength = password.Length + salt.Length;
        byte[] preKey = new byte[preKeyLength];

        Buffer.BlockCopy(passwordBytes, 0, preKey, 0, passwordBytes.Length);
        Buffer.BlockCopy(salt, 0, preKey, passwordBytes.Length, salt.Length);

        byte[] key = md5.ComputeHash(preKey);

        int preIVLength = key.Length + preKeyLength;
        byte[] preIV = new byte[preIVLength];

        Buffer.BlockCopy(key, 0, preIV, 0, key.Length);
        Buffer.BlockCopy(preKey, 0, preIV, key.Length, preKey.Length);

        byte[] iv = md5.ComputeHash(preIV);

        md5.Clear();
        md5 = null;

        //debug
        Console.WriteLine("Key:");
        foreach(byte b in key){
            Console.WriteLine("Hex: {0:X}", b);
        }
        Console.WriteLine("--------------------");
        AesManaged aes = new AesManaged();
        aes.Mode = CipherMode.CBC;
        aes.Padding = PaddingMode.PKCS7;
        aes.KeySize = 128;
        aes.BlockSize = 128;
        aes.Key = key;
        aes.IV = iv;

        byte[] encrypted = null;

        using (ICryptoTransform Encryptor = aes.CreateEncryptor())
        {
            using (MemoryStream MemStream = new MemoryStream())
            {
                using (CryptoStream CryptoStream = new CryptoStream(MemStream, Encryptor, CryptoStreamMode.Write))
                {
                    CryptoStream.Write(plainTextBytes, 0, plainTextBytes.Length);
                    CryptoStream.FlushFinalBlock();

                    encrypted = MemStream.ToArray();
                    CryptoStream.Close();
                }
                MemStream.Close();
            }
        }
        aes.Clear();

        int resultLength = encrypted.Length + 8 + 8;
        byte[] salted = Encoding.UTF8.GetBytes("Salted__");
        byte[] result = new byte[resultLength];

        Buffer.BlockCopy(salted, 0, result, 0, salted.Length);
        Buffer.BlockCopy(salt, 0, result, 8, salt.Length);
        Buffer.BlockCopy(encrypted, 0, result, 16, encrypted.Length);

        return result;
    }

2)此时,要在Poco中创建右键,我必须将ItererationCount = 1而不是2000设置为默认值: 

CipherKeyImpl
{
    const std::string & name,
    const std::string & passphrase,
    const std::string & salt,
    int iterationCount = 2000
);

这样,我将从头文件中提取salt,生成密钥并尝试使用以下代码解密: 

ifstream myfile(FILE_TO_DECRYPT, ios::binary);
//get the length
myfile.seekg(0, myfile.end);
int length = myfile.tellg();
myfile.seekg(0, myfile.beg);

//read the encrypted file
char buffer = new char[lenght]();
myfile.read(buffer, lenght);

 //get the salt from the header
string toDecrypt(buffer);
string salt = toDecrypt.substr(8, 8); //the salt is 8 bytes start from 8th in header in OpenSSL

//decode
CipherFactory& factory = CipherFactory::defaultFactory();
Chipher key("aes-128-cbc", PASSWORD, salt, 1);
//key is well generated!

unique_ptr<Cipher> uptrCipher(factory.createCipher(key));
string decrypted = uptrChiper->decryptString(toDecrypt, Cipher::ENC_BASE64);

我检查了盐和密钥是否正常:它们与我在C#代码中使用的相同。

最后一行生成错误: “EVP_DecryptFinal_ex:错误的最终块长度”。

我不知道我错在哪里。 任何帮助表示赞赏。

1 个解决方案

解决方案1
 1 已采纳  2015-01-27 14:09:24

有两个问题。 首先,我犯了一个错误。 我需要传递给解密方法只有没有标题的字节:所以我补充说: 

toDecrypt = toDectrypt.substr(16);

到代码,否则解密不起作用,因为标题。

其次,我使用了ENC_BASE64,所以我需要在解密前对字符串中的字节进行编码。 为此,我使用了Poco :: Base64Encoder。

在这一点......它的作品! 我使用C#中的AES-128-CBC在Windows上加密,并使用C ++,Poco和OpenSSL格式在Linux上解密。 我道歉:代码可能更好,但我需要时间来优化它。 

#include <iostream>
#include <memory>
#include <fstream>
#include <sstream>
#include "Poco/Crypto/OpenSSLInitializer.h"
#include "Poco/Crypto/Cipher.h"
#include "Poco/Crypto/CipherKey.h"
#include "Poco/Crypto/CipherFactory.h"
#include "Poco/Base64Encoder.h"

using namespace std;
using namespace Poco;
using namespace Poco::Net;
using namespace Poco::Crypto;

const string FILE_TO_DECRYPT = {"/home/myuser/Documents/CryptoTest/EncryptedText.txt"};

void decrypt() {
    OpenSSLInitializer();
    string PASSWORD = "1234567890123456"; //example! I know that is FORBIDDEN to embed the pwd :-)

    try {
        const size_t len = 17;

        std::ifstream fileImage(FILE_TO_DECRYPT);
        if(!fileImage.good())
            return;

        //get lenght of file
        fileImage.seekg(0, fileImage.end);
        int length = fileImage.tellg();
        fileImage.seekg(0, fileImage.beg);

        char* buffer = new char[length];
        fileImage.read(buffer, length);

        ostringstream ostringstr;
        Base64Encoder base64 (ostringstr);

        string toDecrypt(buffer, length);
        string salt = toDecrypt.substr(8, 8);
        cout<<endl<<"salt length = "<<salt.length()<<endl;

        //Debug 
        for(unsigned k = 0; k < salt.length(); k++)
            cout<<endl<<"["<<k<<"]"<<hex<<(unsigned)(unsigned char)salt[k]<<flush;

        CipherFactory& factory = CipherFactory::defaultFactory();
        CipherKey key("aes-128-cbc", PASSWORD, salt, 1);

        auto k = key.getKey();
        //Debug
        cout<<endl<<"KEY---";
        for(auto i : k)
            cout<<endl<<std::hex<<(unsigned)i<<std::dec<<flush;

        unique_ptr<Cipher> uptrCipher(factory.createCipher(key));

        toDecrypt=toDecrypt.substr(16);

        base64<<toDecrypt;
        base64.close();
        string toDecryptEncoded = ostringstr.str();

        string decrypted = uptrCipher->decryptString(toDecryptEncoded, Cipher::ENC_BASE64); //Cipher::ENC_BASE64);
        cout<<endl<<"Decrypted= "<<decrypted<<endl;

        delete []buffer;
    }
    catch(const Poco::Exception& exc)
    {
        cerr << endl<< "Decryption error: " << exc.message() << endl;
        delete []buffer; //in case of error...
    }
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用C#加密并使用OpenSSL解密 C#,Dapper,POCO和加密/解密 AES 使用 OpenSSL 加密,使用 C# .Net 解密 使用RSACryptoServiceProvide在C#中加密,并在PHP中使用openssl_private_decrypt解密 使用 openssl_encrypt/openssl_decrypt 将 C# TripleDES ECB 解密/加密为 PHP 在C ++(OpenSSL)中加密AES,在C#中解密 使用c#加密数据并使用openssl api对其进行解密,为什么解密数据末尾有大量无用的填充? 解压缩使用PHP openssl_encrypt加密的C#中的字符串 相当于 PHP7 openssl 的 C# 加密/解密方法 使用C#加密使用jQuery和Decrypt
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM