使用OpenSSL兼容格式在C#中加密,在Poco中解密

时间:2015-01-27 10:31:47

标签: c# c++ cryptography openssl poco

我尝试使用OpenSSL兼容格式在Win OS中加密(aes-128-cbc),并使用作为OpenSSL包装的Poco :: Crypto在Linux OS上解密。 我使用了一个pwd和盐。

深入了解Stack Overflow,OpenSSL和Poco我发现:

1)从Win端(我使用C#方法)需要创建一个带有标题" Salted__1 ..... 8 "字节,其中1..8字节是随机模式下生成的盐。标头字节总数= 16.事实上,OpenSSL函数EVP_BytesToKey(..)从标头中提取的盐生成密钥。我将所有字节(标题+盐+加密)保存在一个文件中。

我要感谢Antanas Veiverys在https://antanas.veiverys.com/encrypt-data-with-net-decrypt-with-openssl/的代码。我使用他的课程如下(片段):

public static class AESEncryption
{
    private static byte[] randomBytes(int size)
    {
        byte[] array = new byte[size];
        new Random().NextBytes(array);
        return array;
    }

    /// Encrypt a string
    public static string Encrypt(string plainText, string password)
    {
        byte[] plainTextBytes = Encoding.UTF8.GetBytes(plainText);
        byte[] encryptedBytes = Encrypt(plainTextBytes, password);
        return Convert.ToBase64String(encryptedBytes);
    }

    public static byte[] Encrypt(byte[] plainTextBytes, string password)
    {
        byte[] salt = randomBytes(8);
        // if salt is same during every encryption, same key is used. May be useful for testing, must not be used in production code
        //salt = new byte[8]; //set {0,0...}

        byte[] passwordBytes = Encoding.UTF8.GetBytes(password);

        MD5 md5 = MD5.Create();

        int preKeyLength = password.Length + salt.Length;
        byte[] preKey = new byte[preKeyLength];

        Buffer.BlockCopy(passwordBytes, 0, preKey, 0, passwordBytes.Length);
        Buffer.BlockCopy(salt, 0, preKey, passwordBytes.Length, salt.Length);

        byte[] key = md5.ComputeHash(preKey);

        int preIVLength = key.Length + preKeyLength;
        byte[] preIV = new byte[preIVLength];

        Buffer.BlockCopy(key, 0, preIV, 0, key.Length);
        Buffer.BlockCopy(preKey, 0, preIV, key.Length, preKey.Length);

        byte[] iv = md5.ComputeHash(preIV);

        md5.Clear();
        md5 = null;

        //debug
        Console.WriteLine("Key:");
        foreach(byte b in key){
            Console.WriteLine("Hex: {0:X}", b);
        }
        Console.WriteLine("--------------------");
        AesManaged aes = new AesManaged();
        aes.Mode = CipherMode.CBC;
        aes.Padding = PaddingMode.PKCS7;
        aes.KeySize = 128;
        aes.BlockSize = 128;
        aes.Key = key;
        aes.IV = iv;

        byte[] encrypted = null;

        using (ICryptoTransform Encryptor = aes.CreateEncryptor())
        {
            using (MemoryStream MemStream = new MemoryStream())
            {
                using (CryptoStream CryptoStream = new CryptoStream(MemStream, Encryptor, CryptoStreamMode.Write))
                {
                    CryptoStream.Write(plainTextBytes, 0, plainTextBytes.Length);
                    CryptoStream.FlushFinalBlock();

                    encrypted = MemStream.ToArray();
                    CryptoStream.Close();
                }
                MemStream.Close();
            }
        }
        aes.Clear();

        int resultLength = encrypted.Length + 8 + 8;
        byte[] salted = Encoding.UTF8.GetBytes("Salted__");
        byte[] result = new byte[resultLength];

        Buffer.BlockCopy(salted, 0, result, 0, salted.Length);
        Buffer.BlockCopy(salt, 0, result, 8, salt.Length);
        Buffer.BlockCopy(encrypted, 0, result, 16, encrypted.Length);

        return result;
    }

2)此时,要在Poco中创建右键,我必须将ItererationCount = 1而不是2000设置为默认值:

CipherKeyImpl
{
    const std::string & name,
    const std::string & passphrase,
    const std::string & salt,
    int iterationCount = 2000
);

通过这种方式,我将从头文件中提取salt,生成密钥并尝试使用此代码进行解密:

ifstream myfile(FILE_TO_DECRYPT, ios::binary);
//get the length
myfile.seekg(0, myfile.end);
int length = myfile.tellg();
myfile.seekg(0, myfile.beg);

//read the encrypted file
char buffer = new char[lenght]();
myfile.read(buffer, lenght);

 //get the salt from the header
string toDecrypt(buffer);
string salt = toDecrypt.substr(8, 8); //the salt is 8 bytes start from 8th in header in OpenSSL

//decode
CipherFactory& factory = CipherFactory::defaultFactory();
Chipher key("aes-128-cbc", PASSWORD, salt, 1);
//key is well generated!

unique_ptr<Cipher> uptrCipher(factory.createCipher(key));
string decrypted = uptrChiper->decryptString(toDecrypt, Cipher::ENC_BASE64);

我检查了盐和密钥是否正常:它们与我在C#代码中使用的相同。

最后一行产生错误:&#34; EVP_DecryptFinal_ex:错误的最终块长度。&#34;

我不知道我错在哪里。任何帮助表示赞赏。

1 个答案:

答案 0 :(得分:1)

有两个问题。首先,我犯了一个错误。我需要传递给解密方法只有没有标题的字节:所以我补充说:

toDecrypt = toDectrypt.substr(16);

代码,否则解密不起作用,因为标题。

其次,我使用了ENC_BASE64,所以我需要在解密前对字符串中的字节进行编码。为此,我使用了Poco :: Base64Encoder。

此时......它有效!我使用C#中的AES-128-CBC在Windows上加密,并使用C ++,Poco和OpenSSL格式在Linux上解密。我道歉:代码可能更好,但我需要时间来优化它。

#include <iostream>
#include <memory>
#include <fstream>
#include <sstream>
#include "Poco/Crypto/OpenSSLInitializer.h"
#include "Poco/Crypto/Cipher.h"
#include "Poco/Crypto/CipherKey.h"
#include "Poco/Crypto/CipherFactory.h"
#include "Poco/Base64Encoder.h"

using namespace std;
using namespace Poco;
using namespace Poco::Net;
using namespace Poco::Crypto;

const string FILE_TO_DECRYPT = {"/home/myuser/Documents/CryptoTest/EncryptedText.txt"};

void decrypt() {
    OpenSSLInitializer();
    string PASSWORD = "1234567890123456"; //example! I know that is FORBIDDEN to embed the pwd :-)

    try {
        const size_t len = 17;

        std::ifstream fileImage(FILE_TO_DECRYPT);
        if(!fileImage.good())
            return;

        //get lenght of file
        fileImage.seekg(0, fileImage.end);
        int length = fileImage.tellg();
        fileImage.seekg(0, fileImage.beg);

        char* buffer = new char[length];
        fileImage.read(buffer, length);

        ostringstream ostringstr;
        Base64Encoder base64 (ostringstr);

        string toDecrypt(buffer, length);
        string salt = toDecrypt.substr(8, 8);
        cout<<endl<<"salt length = "<<salt.length()<<endl;

        //Debug 
        for(unsigned k = 0; k < salt.length(); k++)
            cout<<endl<<"["<<k<<"]"<<hex<<(unsigned)(unsigned char)salt[k]<<flush;

        CipherFactory& factory = CipherFactory::defaultFactory();
        CipherKey key("aes-128-cbc", PASSWORD, salt, 1);

        auto k = key.getKey();
        //Debug
        cout<<endl<<"KEY---";
        for(auto i : k)
            cout<<endl<<std::hex<<(unsigned)i<<std::dec<<flush;

        unique_ptr<Cipher> uptrCipher(factory.createCipher(key));

        toDecrypt=toDecrypt.substr(16);

        base64<<toDecrypt;
        base64.close();
        string toDecryptEncoded = ostringstr.str();

        string decrypted = uptrCipher->decryptString(toDecryptEncoded, Cipher::ENC_BASE64); //Cipher::ENC_BASE64);
        cout<<endl<<"Decrypted= "<<decrypted<<endl;

        delete []buffer;
    }
    catch(const Poco::Exception& exc)
    {
        cerr << endl<< "Decryption error: " << exc.message() << endl;
        delete []buffer; //in case of error...
    }
}