OpenResty lua-resty-string：无法解密由Crypto-JS加密的密码（默认为AES）

Question

https://github.com/openresty/lua-resty-string

我无法解密使用浏览器Javascript / NodeJS中的Crypto-JS加密的内容：

// Encrypt
var ciphertext = CryptoJS.AES.encrypt('testingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtesting', '&&nH8P3bxk+?C4gR');

// Decrypt
var bytes  = CryptoJS.AES.decrypt(ciphertext.toString(), '&&nH8P3bxk+?C4gR');
var plaintext = bytes.toString(CryptoJS.enc.Utf8);

console.log(plaintext);

我可以使用以下方法在Java中对其进行解密：

Cipher.getInstance("AES/CBC/PKCS5Padding")

但是，我明白了

nil

当我尝试使用resty.aes进行操作时。这是代码：

local aes = require "resty.aes"
local cipher = aes.cipher(256)
local aes_256_cbc_md5 = aes:new('&&nH8P3bxk+?C4gR', nil, cipher)

local cipherText = 'U2FsdGVkX1859eIyt4M7VHNBl9BGMdsemPYAADKmqs9sltwKINfzVMci0Vw1NLr73Iti67zQ0+JoqVcL59Gcp+4R5NY6wg2n3r0wqLcQRc7PkIGpgup1UJp4DzhXSIGHz08Eu/nEbt3jAh3S4GVUoVFbXLluf/BvedTGdsqcN2EPL9S/WQOc5QDyl9OQjpBl+QS56nWL0DO6iR/6CIoEuQ+zC/7KTpBw2jQf8sxuDNptZzwKLlDi2sWSaeCkvPj+m8zheAlnZzVc+L5JeLdcx7WkIRQImNs9P5bkhXmiK2nZnw4yco3QHbzRkRBJiB3HgdYDauHsuKmR21zv9VLjAcGTrZjiUbtrBfuTRawKOiAFm599Inbq+Ugu9n4RelQ2CTdxwDfe3ZE3kscP3dyAmg=='
ngx.say(aes_256_cbc_md5:decrypt(cipherText))

有人可以帮助我进行服务器端解密吗？

Answer 1

首先，您需要将base64编码的加密数据解码为字节。

第二，您的加密数据会按照here的说明进行加密和存储：

  

文件具有8字节签名，后跟8（？）字节盐。盐之后是加密的数据。

     

文件以8字节签名开头：ASCII字符“ Salted__”。

因此，您应该从“ OpenSSL盐腌格式” -ted字符串（Salted__{salt}{data}）中提取盐腌和实际加密的数据：

-- aes_demo.lua
local aes = require "resty.aes"


local encrypted = ngx.decode_base64('U2FsdGVkX1859eIyt4M7VHNBl9BGMdsemPYAADKmqs9sltwKINfzVMci0Vw1NLr73Iti67zQ0+JoqVcL59Gcp+4R5NY6wg2n3r0wqLcQRc7PkIGpgup1UJp4DzhXSIGHz08Eu/nEbt3jAh3S4GVUoVFbXLluf/BvedTGdsqcN2EPL9S/WQOc5QDyl9OQjpBl+QS56nWL0DO6iR/6CIoEuQ+zC/7KTpBw2jQf8sxuDNptZzwKLlDi2sWSaeCkvPj+m8zheAlnZzVc+L5JeLdcx7WkIRQImNs9P5bkhXmiK2nZnw4yco3QHbzRkRBJiB3HgdYDauHsuKmR21zv9VLjAcGTrZjiUbtrBfuTRawKOiAFm599Inbq+Ugu9n4RelQ2CTdxwDfe3ZE3kscP3dyAmg==')

local salt = encrypted:sub(9, 16)   -- skip first 8 bytes, get salt value (8 bytes)
local data = encrypted:sub(17)      -- rest of data is actual encrypted data
local cipher = aes.cipher(256)
local aes_256_cbc_md5 = aes:new('&&nH8P3bxk+?C4gR', salt, cipher)

ngx.say(aes_256_cbc_md5:decrypt(data))

---

$ resty aes_demo.lua

testingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtestingtesting