我需要在C#中加密一个值,然后在经典的ASP中解密它。最接近我的工作就是使用Blowfish。但问题是两个实现产生的结果略有不同,我不确定原因。
正在使用的实施:
C#:https://defuse.ca/blowfish.htm
vbscript:http://www.di-mgt.com.au/cryptoBlowfishASP.html
C#代码:
sh -c: line 0: syntax error near unexpected token '('
sh -c: line 0: 'strings -n 3 < Binaryfile.c_str() > ascii.txt
的VBScript:
var input = "Hello World";
var key = "04B915BA43FEB5B6";
BlowFish b = new BlowFish(key);
string enc, dec;
enc = b.Encrypt_ECB(input);
dec = b.Decrypt_ECB(enc);
C#输出:
Dim aKey()
Dim nKeyLen, szTxtKey, szTxtPlain, szTxtKeyAsString, szTxtCipher, szTxtCipherHex, szTxtCipher64, szTxtDecrypt
szTxtKey = "04B915BA43FEB5B6"
szTxtPlain = "Hello World"
ReDim aKey((Len(szTxtKey) \ 2) - 1)
nKeyLen = bu_HexStr2Bytes(szTxtKey, aKey)
Call blf_Key(aKey, nKeyLen)
szTxtKeyAsString = bu_Bytes2HexStr(aKey, nKeyLen)
szTxtCipher = blf_StringEnc(szTxtPlain)
szTxtCipherHex = bu_Str2Hex(szTxtCipher)
VBScript输出:
819dd50a925a5eb83ed723bea6d84984
输出的前半部分是相同的:“819DD50A925A5EB8”
有趣的是,如果我使用C#库解密vbscript输出,我会得到: 你好世界♣♣♣♣♣
所以...它几乎可以工作,但是有某种填充或者某些事情正在发生。我不知道如何解决这个问题。
答案 0 :(得分:2)
如果你可以从VBScript到命令行,你可以使用加密字符串的相同C#库创建一个控制台应用程序。有点变通方法,但您使用的是相同的库。
答案 1 :(得分:2)
由于@artjom-b有already mentioned in the comments,罪魁祸首是不同的填充。
对不同的填充方法here有很好的解释。
分析blowfish.cs文件显示它使用NULL填充(请注意文件中的此片段);
/// <summary>
/// Decrypts a string (ECB)
/// </summary>
/// <param name="ct">hHex string of the ciphertext</param>
/// <returns>Plaintext ascii string</returns>
public string Decrypt_ECB(string ct)
{
return Encoding.ASCII.GetString(Decrypt_ECB(HexToByte(ct))).Replace("\0", "");
}
相比之下,Classic ASP实现使用PKCS5填充(来自basBlowfishFns.asp的代码段显示PKCS5方法)
来自Using Padding in Encryption
Pad,其字节数与填充字节数相同(PKCS5填充)
' Get # of padding bytes from last char
nPad = Asc(Right(strData, 1))
If nPad > 8 Then nPad = 0 ' In case invalid
strData = Left(strData, nLen - nPad)
修复方法是对c#库使用的NULL填充应用解决方法。
以下是修改后的basBlowfishFns.asp (仅显示已修改的函数);
Public Function blf_StringEnc(strData, padMethod)
' Encrypts plaintext strData after adding RFC 2630 padding
' Returns encrypted string.
' Requires key and boxes to be already set up.
' Version 5. Completely revised.
' The speed improvement here is due to Robert Garofalo.
Dim strIn
Dim strOut
Dim nLen
Dim sPad
Dim nPad
Dim nBlocks
Dim i
Dim j
Dim aBytes(7)
Dim sBlock
Dim iIndex
' Pad data string to multiple of 8 bytes
strIn = PadString(strData, padMethod)
' Calc number of 8-byte blocks
nLen = Len(strIn)
nBlocks = nLen \ 8
' Allocate output string here so we can use Mid($ below
' strOut = String(nLen, " ")
strOut = "" ' Fix for VBScript
' Work through string in blocks of 8 bytes
iIndex = 0
For i = 1 To nBlocks
sBlock = Mid(strIn, iIndex + 1, 8)
' Convert to bytes
' aBytes() = StrConv(sBlock, vbFromUnicode)
Call bu_String2Bytes(sBlock, aBytes)
' Encrypt the block
Call blf_EncryptBytes(aBytes)
' Convert back to a string
' sBlock = StrConv(aBytes(), vbUnicode)
sBlock = bu_Bytes2String(aBytes, 8)
' Copy to output string
' Mid(strOut, iIndex + 1, 8) = sBlock
strOut = strOut & sBlock
iIndex = iIndex + 8
Next
blf_StringEnc = strOut
End Function
Public Function blf_StringDec(strData, padMethod)
' Decrypts ciphertext strData and removes RFC 2630 padding
' Returns decrypted string.
' Requires key and boxes to be already set up.
' Version 5. Completely revised.
' The speed improvement here is due to Robert Garofalo.
Dim strIn
Dim strOut
Dim nLen
Dim sPad
Dim nPad
Dim nBlocks
Dim i
Dim j
Dim aBytes(7)
Dim sBlock
Dim iIndex
strIn = strData
' Calc number of 8-byte blocks
nLen = Len(strIn)
nBlocks = nLen \ 8
' Allocate output string here so we can use Mid($ below
'strOut = String(nLen, " ")
strOut = ""
' Work through string in blocks of 8 bytes
iIndex = 0
For i = 1 To nBlocks
sBlock = Mid(strIn, iIndex + 1, 8)
' Convert to bytes
' aBytes() = StrConv(sBlock, vbFromUnicode)
Call bu_String2Bytes(sBlock, aBytes)
' Encrypt the block
Call blf_DecryptBytes(aBytes)
' Convert back to a string
'sBlock = StrConv(aBytes(), vbUnicode)
sBlock = bu_Bytes2String(aBytes, 8)
' Copy to output string
' Mid(strOut, iIndex + 1, 8) = sBlock
strOut = strOut & sBlock
iIndex = iIndex + 8
Next
' Strip padding, if valid
strOut = UnpadString(strOut, padMethod)
blf_StringDec = strOut
End Function
Public Function PadString(strData, method)
' Pad data string to next multiple of 8 bytes as per RFC 2630
Dim nLen
Dim sPad
Dim nPad
nLen = Len(strData)
nPad = ((nLen \ 8) + 1) * 8 - nLen
Select Case method
Case "PKCS5"
sPad = String(nPad, Chr(nPad)) ' Pad with # of pads (1-8)
Case "NULL"
sPad = String(nPad, Chr(0)) ' Pad with # of NULL characters
End Select
PadString = strData & sPad
End Function
Public Function UnpadString(strData, method)
' Strip RFC 2630-style padding
Dim nLen
Dim nPad
nLen = Len(strData)
If nLen = 0 Then Exit Function
Select Case method
Case "PKCS5"
' Get # of padding bytes from last char
nPad = Asc(Right(strData, 1))
If nPad > 8 Then nPad = 0 ' In case invalid
strData = Left(strData, nLen - nPad)
Case "NULL"
'Remove any NULL characters, obviously, this method isn't ideal if
'the data contains valid NULLs. This shouldn't be an issue with
'ASCII text.
strData = Replace(strData, Chr(0), "")
End Select
UnpadString = strData
End Function
对PadString()和UnpadString()函数进行了主要修改。我添加了一个参数method,允许您传递标识符NULL或PKCS5,以确定我们如何填充/取消填充数据。这些函数已经存在但由于某些原因未被blf_StringEnc()和blf_StringDec()函数使用,因此为了DRY principle的利益,我修改了它们以便使用它们。
使用以下代码修改(这只是为了使代码更加灵活);
Dim aKey()
Dim nKeyLen, szTxtKey, szTxtPlain, szTxtKeyAsString, szTxtCipher, szTxtCipherHex, szTxtCipher64, szTxtDecrypt
szTxtKey = "04B915BA43FEB5B6"
szTxtPlain = "Hello World"
ReDim aKey((Len(szTxtKey) \ 2) - 1)
nKeyLen = bu_HexStr2Bytes(szTxtKey, aKey)
Call blf_Key(aKey, nKeyLen)
szTxtKeyAsString = bu_Bytes2HexStr(aKey, nKeyLen)
'Encrypt using NULL padding method.
szTxtCipher = blf_StringEnc(szTxtPlain, "NULL")
szTxtCipherHex = bu_Str2Hex(szTxtCipher)
Call Response.Write(szTxtCipherHex)
会导致;
819DD50A925A5EB83ED723BEA6D84984
与原先预期的一样。