如何将使用openssl命令行创建的会话密钥导入Windows CryptoAPI

时间:2014-07-01 14:39:16

标签: encryption openssl cryptoapi

我想在Windows CryptoAPI中导入会话密钥和解密数据。会话密钥和openssl命令创建的加密数据。

在linux上:

% openssl enc -e -aes-128-cbc -kfile randtxt -in text.txt -out text.enc -nosalt -p > session.dat

session.dat看起来像这样:

key = 1234567890ABCDEF1234567890ABCDEF

iv = 0102030405060708090A0B0C0D0E0F00

我想在text.enc中解密此数据 - 在Windows应用程序中。

如何使用CryptImportKey(或其他方式)导入会话密钥来解密数据?

2 个答案:

答案 0 :(得分:2)

有一个specific page on MSDN解释了如何导入纯文本键。它直接使用CryptImportKey,但您可能有不同的配置或上下文,因此请尝试将其与示例匹配。

它还告诉您它使用PLAINTEXTKEYBLOB,但由于我没有看到任何代码引用,我不确定这是否属实。示例是DES密钥。

要说明如何为AES密钥执行此操作,请尝试this Q/A。可能最好先尝试将此代码转换为AES-128位密钥。

答案 1 :(得分:2)

我可以像这样导入会话密钥。

BYTE pbBuffer[] = { 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF, 0x12, 0x34
    , 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF };
BYTE iv[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x00, 0x0A
    , 0x0B, 0x0C, 0x0D, 0x0E, 0x0F };
HCRYPTPROV hProvider;
HCRYPTKEY hKey;

struct KEYBLOB {
    BLOBHEADER bh;
    DWORD dwKeyLen;
    BYTE bytes[16];
}blob;

blob.bh.bType = PLAINTEXTKEYBLOB;
blob.bh.reserved = 0;
blob.bh.bVersion = CUR_BLOB_VERSION;
blob.bh.aiKeyAlg = CALG_AES_128;
blob.dwKeyLen = 16;
memcpy(blob.bytes, pbBuffer, 16);


if (!CryptAcquireContext(&hProvider, NULL, MS_ENH_RSA_AES_PROV, PROV_RSA_AES, CRYPT_VERIFYCONTEXT)) {
    printf("CryptAcquireContext Error\n");
    return FALSE;
}

if (!CryptImportKey(hProvider, (BYTE*)&blob, sizeof(KEYBLOB), NULL, CRYPT_NO_SALT, &hKey)){
    printf("CryptImportKey Error\n");
    CryptReleaseContext(hProvider, 0);
    return FALSE;
}

if (!CryptSetKeyParam(hKey, KP_IV, iv, 0)){
    printf("CryptSetKeyParam2 Error\n");
    CryptDestroyKey(hKey);
    CryptReleaseContext(hProvider, 0);
    return FALSE;
}

BYTE pbDataBuff[1024 * 2 + 1];
DWORD dwSize, dwWritten;
HANDLE hEncryptFile, hDecryptFile;
BOOL bEnd;

hEncryptFile = CreateFile(_T("data.aes"), GENERIC_READ, FILE_SHARE_READ, NULL,
                OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
hDecryptFile = CreateFile(_T("outdata.txt"), GENERIC_WRITE, FILE_SHARE_READ, NULL,
    CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);

while (1) {
    ReadFile(hEncryptFile, pbDataBuff, 1024 * 2, &dwSize, NULL);
    if (dwSize < 1024 * 2)
        bEnd = TRUE;
    else
        bEnd = FALSE;
    if (!CryptDecrypt(hKey, 0, bEnd, 0, pbDataBuff, &dwSize)) {
        printf("CryptDecrypt Error\n");
        CryptDestroyKey(hKey);
        CryptReleaseContext(hProvider, 0);
        CloseHandle(hEncryptFile);
        CloseHandle(hDecryptFile);
        return FALSE;
    }
    WriteFile(hDecryptFile, pbDataBuff, dwSize, &dwWritten, NULL);

    if (bEnd)
        break;
}
CryptDestroyKey(hKey);
CryptReleaseContext(hProvider, 0);
CloseHandle(hEncryptFile);
CloseHandle(hDecryptFile);
return TRUE;