我使用base64创建了一个解密脚本,用我之前使用不同脚本加密的Chef数据库解密密码。
解密脚本符合规定,但不会丢失任何错误,尽管它返回带有奇怪符号的垃圾字符串。
加密字符串:
的示例fff: T3UZSkX4vsJxnWEaIMWK3w==
解码时:
ᄒヨ5pチᄒミᄒワᄒᆰ`ᄒᄆ,Chホᄌᄂ
我用来解密的脚本部分是,
#Call decryption method
item = decryptDatabag(project, domain)
puts(item["chef_password"])
puts(item["Password"])
secret = Chef::EncryptedDataBagItem.load_secret("\\\\############\\ChefEncryptedDatabagKey\\#{@project}\\secret.txt") .
item = Chef::EncryptedDataBagItem.load(project, "EncryptedItem", secret)
它也来自文件encrypted_data_bag_item.rb。
ALGORITHM = 'aes-256-cbc'
def [](key)
value = @enc_hash[key]
if key == "id" || value.nil?
value
else
self.class.decrypt(value, @secret)
end
end
def self.decrypt(value, key)
YAML.load(self.decipher(:decrypt, Base64.decode64(value), key))
end
def self.decipher(direction, data, key)
decipher = OpenSSL::Cipher::Cipher.new(ALGORITHM)
decipher.decrypt
decipher.padding = 0
decipher.send(direction)
decipher.pkcs5_keyivgen(key)
ans = decipher.update(data)
ans << decipher.final
ans
end
我用来加密的脚本部分是,
@sourceDatabag = nil
@sourceItems = Hash.new
@sourceDatabag = @sourcerest.get_rest("/data/#{@databag}")
if @sourceDatabag.has_key?("EncryptedItem")
sourceItem = @sourcerest.get_rest("/data/#{@databag}/EncryptedItem")
targetItem = Chef::DataBagItem.new
targetItem.data_bag(@databag)
sourceItem.each do |key, value|
if value.end_with? ".lock"
print "#{@databag_name}: #{key} has already been encrypted!\n"
targetItem[key] = value
elsif key != "id"
targetItem[key] = Chef::EncryptedDataBagItem.encrypt_value(value, @databag)
puts "Encrypted the #{key} item, and saved Databag #{@databag}\n"
else
targetItem[key] = value
end
end
else
puts "EncryptedKey item not found, quitting"
exit(1)
end
return
rescue Net::HTTPServerException => hse
puts "The #{@databag} databag does not exist, please create one before running this job"
end
端
有人可以帮我解决这个问题吗?