我想在Windows CryptoAPI中导入会话密钥和解密数据。会话密钥和openssl命令创建的加密数据。
在linux上:
% openssl enc -e -aes-128-cbc -kfile randtxt -in text.txt -out text.enc -nosalt -p > session.dat
session.dat
看起来像这样:
key = 1234567890ABCDEF1234567890ABCDEF
iv = 0102030405060708090A0B0C0D0E0F00
我想在text.enc
中解密此数据 - 在Windows应用程序中。
如何使用CryptImportKey
(或其他方式)导入会话密钥来解密数据?
答案 0 :(得分:2)
有一个specific page on MSDN解释了如何导入纯文本键。它直接使用CryptImportKey
,但您可能有不同的配置或上下文,因此请尝试将其与示例匹配。
它还告诉您它使用PLAINTEXTKEYBLOB
,但由于我没有看到任何代码引用,我不确定这是否属实。示例是DES密钥。
要说明如何为AES密钥执行此操作,请尝试this Q/A。可能最好先尝试将此代码转换为AES-128位密钥。
答案 1 :(得分:2)
我可以像这样导入会话密钥。
BYTE pbBuffer[] = { 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF, 0x12, 0x34
, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF };
BYTE iv[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x00, 0x0A
, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F };
HCRYPTPROV hProvider;
HCRYPTKEY hKey;
struct KEYBLOB {
BLOBHEADER bh;
DWORD dwKeyLen;
BYTE bytes[16];
}blob;
blob.bh.bType = PLAINTEXTKEYBLOB;
blob.bh.reserved = 0;
blob.bh.bVersion = CUR_BLOB_VERSION;
blob.bh.aiKeyAlg = CALG_AES_128;
blob.dwKeyLen = 16;
memcpy(blob.bytes, pbBuffer, 16);
if (!CryptAcquireContext(&hProvider, NULL, MS_ENH_RSA_AES_PROV, PROV_RSA_AES, CRYPT_VERIFYCONTEXT)) {
printf("CryptAcquireContext Error\n");
return FALSE;
}
if (!CryptImportKey(hProvider, (BYTE*)&blob, sizeof(KEYBLOB), NULL, CRYPT_NO_SALT, &hKey)){
printf("CryptImportKey Error\n");
CryptReleaseContext(hProvider, 0);
return FALSE;
}
if (!CryptSetKeyParam(hKey, KP_IV, iv, 0)){
printf("CryptSetKeyParam2 Error\n");
CryptDestroyKey(hKey);
CryptReleaseContext(hProvider, 0);
return FALSE;
}
BYTE pbDataBuff[1024 * 2 + 1];
DWORD dwSize, dwWritten;
HANDLE hEncryptFile, hDecryptFile;
BOOL bEnd;
hEncryptFile = CreateFile(_T("data.aes"), GENERIC_READ, FILE_SHARE_READ, NULL,
OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
hDecryptFile = CreateFile(_T("outdata.txt"), GENERIC_WRITE, FILE_SHARE_READ, NULL,
CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
while (1) {
ReadFile(hEncryptFile, pbDataBuff, 1024 * 2, &dwSize, NULL);
if (dwSize < 1024 * 2)
bEnd = TRUE;
else
bEnd = FALSE;
if (!CryptDecrypt(hKey, 0, bEnd, 0, pbDataBuff, &dwSize)) {
printf("CryptDecrypt Error\n");
CryptDestroyKey(hKey);
CryptReleaseContext(hProvider, 0);
CloseHandle(hEncryptFile);
CloseHandle(hDecryptFile);
return FALSE;
}
WriteFile(hDecryptFile, pbDataBuff, dwSize, &dwWritten, NULL);
if (bEnd)
break;
}
CryptDestroyKey(hKey);
CryptReleaseContext(hProvider, 0);
CloseHandle(hEncryptFile);
CloseHandle(hDecryptFile);
return TRUE;