始终使用CryptoAPI获取相同的加密字符串

时间:2017-09-22 11:27:30

标签: encryption cryptoapi

有没有办法从CryptoAPI获得非确定性输出?换句话说,在加密字符串时输出不同的字符串。

例如,在导出密码为“password”的密码和使用字符串加密“a”时使用CALG_AES_256,它总是返回“SnÆwÞ¢L \ x1e?6FÏLþw”

我在使用CryptoAPI方面有点n00b,所以我们非常感谢您的帮助。

编辑: 以下是Microsoft示例代码decrypteencrypt中的加密代码。这是相同的代码,只是缩短/压缩。此代码在VS 2017中编译为Win32控制台应用程序。 pszSource和pszDest是C:\ temp文件夹中的两个文件。 source.txt包含我们正在尝试加密的字母。

我遇到的问题是来自CryptoAPI 的此加密/解密代码允许某些字符串被加密然后解密(即n,t,L,p,aa,ab ,ac,ad,ae等)。如果有人能告诉我原因,那将非常有帮助。

#include <windows.h>
#include <tchar.h>
#include <wincrypt.h>

#define KEYLENGTH  0x00800000
#define ENCRYPT_BLOCK_SIZE 8 

bool MyDecryptFile(LPTSTR szSource,LPTSTR szDestination,LPTSTR szPassword);
bool MyEncryptFile(LPTSTR szSource,LPTSTR szDestination,LPTSTR szPassword);

int _tmain(int argc, _TCHAR* argv[])
{

    LPTSTR pszSource = L"c:\\temp\\source.txt";
    LPTSTR pszDestination = L"c:\\temp\\dest.txt";
    LPTSTR pszPassword = L"t";

    if (MyEncryptFile(pszSource, pszDestination, pszPassword))
        {
        _tprintf(TEXT("Encryption of the file %s was successful. \n"),pszSource);
        _tprintf(TEXT("The encrypted data is in file %s.\n"),pszDestination);
        }

    if (MyDecryptFile(pszSource, pszDestination, pszPassword))
        {
        _tprintf(TEXT("Encryption of the file %s was successful. \n"),pszSource);
        _tprintf(TEXT("The encrypted data is in file %s.\n"),pszDestination);
        }

    return 0;
}

bool MyEncryptFile(LPTSTR pszSourceFile,LPTSTR pszDestinationFile,LPTSTR pszPassword)
{
    bool fReturn = false;
    HANDLE hSourceFile = INVALID_HANDLE_VALUE, hDestinationFile = INVALID_HANDLE_VALUE;
    HCRYPTPROV hCryptProv = NULL;
    HCRYPTKEY hKey = NULL, hXchgKey = NULL;
    HCRYPTHASH hHash = NULL;
    PBYTE pbBuffer = NULL;
    DWORD dwBlockLen, dwBufferLen, dwCount;

    hSourceFile = CreateFile(pszSourceFile,FILE_READ_DATA,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);
    if (INVALID_HANDLE_VALUE == hSourceFile)
        goto Exit_MyEncryptFile;

    hDestinationFile = CreateFile(pszDestinationFile,FILE_WRITE_DATA,FILE_SHARE_READ,NULL,OPEN_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL);
    if (INVALID_HANDLE_VALUE == hDestinationFile)
        goto Exit_MyEncryptFile;

    CryptAcquireContext(&hCryptProv,NULL,MS_ENH_RSA_AES_PROV,PROV_RSA_AES,0);
    CryptCreateHash(hCryptProv,CALG_SHA_256,0,0,&hHash);
    CryptHashData(hHash,(BYTE *)pszPassword,lstrlen(pszPassword),0);
    CryptDeriveKey(hCryptProv,CALG_AES_256,hHash,CRYPT_EXPORTABLE,&hKey);

    dwBlockLen = 1000 - 1000 % ENCRYPT_BLOCK_SIZE;
    if (ENCRYPT_BLOCK_SIZE > 1)
        dwBufferLen = dwBlockLen + ENCRYPT_BLOCK_SIZE;
    else
        dwBufferLen = dwBlockLen;
    pbBuffer = (BYTE *)malloc(dwBufferLen);

    bool fEOF = FALSE;
    do
    {
        if (ReadFile(hSourceFile,pbBuffer,dwBlockLen,&dwCount,NULL))
            {
            if (dwCount < dwBlockLen)
                fEOF = TRUE;
            if (CryptEncrypt(hKey,NULL,fEOF,0,pbBuffer,&dwCount,dwBufferLen))
                WriteFile(hDestinationFile,pbBuffer,dwCount,&dwCount,NULL);
            }
    } 
    while (!fEOF);

    fReturn = true;

Exit_MyEncryptFile:
    if (hSourceFile) CloseHandle(hSourceFile);
    if (hDestinationFile) CloseHandle(hDestinationFile);
    if (pbBuffer) free(pbBuffer);
    if (hHash) {CryptDestroyHash(hHash);hHash = NULL;}
    if (hKey) CryptDestroyKey(hKey);
    if (hCryptProv) CryptReleaseContext(hCryptProv, 0);

    return fReturn;
}


bool MyDecryptFile(LPTSTR pszSourceFile,LPTSTR pszDestinationFile,LPTSTR pszPassword)
{
    bool fReturn = false;
    HANDLE hSourceFile = INVALID_HANDLE_VALUE, hDestinationFile = INVALID_HANDLE_VALUE;
    HCRYPTKEY hKey = NULL;
    HCRYPTHASH hHash = NULL;
    HCRYPTPROV hCryptProv = NULL;
    PBYTE pbBuffer = NULL;
    DWORD dwCount, dwBlockLen, dwBufferLen;

    hSourceFile = CreateFile(pszDestinationFile,FILE_READ_DATA,FILE_SHARE_READ,NULL,OPEN_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL);
    if (INVALID_HANDLE_VALUE == hSourceFile)
        goto Exit_MyDecryptFile;

    hDestinationFile = CreateFile(pszSourceFile,FILE_WRITE_DATA,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);
    if (INVALID_HANDLE_VALUE == hDestinationFile)
        goto Exit_MyDecryptFile;

    CryptAcquireContext(&hCryptProv,NULL,MS_ENH_RSA_AES_PROV,PROV_RSA_AES,0);
    CryptCreateHash(hCryptProv,CALG_SHA_256,0,0,&hHash);
    CryptHashData(hHash,(BYTE *)pszPassword,lstrlen(pszPassword),0);
    CryptDeriveKey(hCryptProv,CALG_AES_256,hHash,CRYPT_EXPORTABLE,&hKey);

    dwBlockLen = 1000 - 1000 % ENCRYPT_BLOCK_SIZE;
    dwBufferLen = dwBlockLen;

    pbBuffer = (PBYTE)malloc(dwBufferLen);
    bool fEOF = false;
    do
    {
        if (!ReadFile(hSourceFile,pbBuffer,dwBlockLen,&dwCount,NULL))
            goto Exit_MyDecryptFile;

        if (dwCount <= dwBlockLen)
            fEOF = TRUE;

        LONG rv = CryptDecrypt(hKey,0,fEOF,0,pbBuffer,&dwCount);
        if (rv==0)
            {
            DWORD dwErr = GetLastError();       // <--- fails if password and string are n, t, L, p, aa, ab, ac, ad , ae
            goto Exit_MyDecryptFile;
            }

        if (!WriteFile(hDestinationFile,pbBuffer,dwCount,&dwCount,NULL))
            goto Exit_MyDecryptFile;
    } 
    while (!fEOF);

    fReturn = true;

Exit_MyDecryptFile:

    if (pbBuffer) free(pbBuffer);
    if (hSourceFile) CloseHandle(hSourceFile);
    if (hDestinationFile) CloseHandle(hDestinationFile);
    if (hHash) {CryptDestroyHash(hHash);hHash = NULL;}
    if (hKey) CryptDestroyKey(hKey);
    if (hCryptProv) CryptReleaseContext(hCryptProv, 0);

    return fReturn;
}

使用它来获取KP_IV选项怎么样?

BOOL bRV;
bRV = CryptAcquireContextW(&hCryptProv, NULL, MS_ENH_RSA_AES_PROV, PROV_RSA_AES, 0);
bRV = CryptGenKey(hCryptProv, CALG_AES_256,0,&hKey);
DWORD dwMode = CRYPT_MODE_CBC;
bRV = CryptSetKeyParam(hKey,KP_MODE,(BYTE*)&dwMode,0);
BYTE pbData[16];
memcpy(pbData,"n",sizeof("n"));  // <--- Hard coded password
bRV = CryptSetKeyParam(hKey,KP_IV,pbData,0);
enter code here

1 个答案:

答案 0 :(得分:0)

如果要在使用相同密钥加密相同明文时获取不同的cypertext,则必须使用 CBC操作模式https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation

为了使用CBC正确加密,您需要每次都生成不同的随机初始化向量(IV)。 为了解密,您需要知道加密期间使用的IV。 因此,IV必须(明确地)与密文相关联。

参考您的示例,在调用CryptDeriveKey函数时,CBC是默认模式,但它使用IV设置为零,这使CBC操作模式的实用程序无效: https://msdn.microsoft.com/en-us/library/windows/desktop/aa379916(v=vs.85).aspx

为了设置随机IV,你需要调用CryptSetKeyParam函数,它接受KP_IV参数: https://msdn.microsoft.com/en-us/library/windows/desktop/aa380272(v=vs.85).aspx

再见   乔瓦尼

相关问题
最新问题