在.Net(C#)
我已经有一段时间成为C#爱好者了,并且会考虑具有中级开发技能,但是几乎没有加密知识。作为附带项目的一部分,我需要解密使用MCrypt加密的文件。似乎没有任何特殊参数传递给命令。例如,这很常见(密钥和文件名已更改),并且密钥的长度不同,从14至18个字符不等。
mcrypt -a rijndael-256 fileToEncrypt.tar.gz -k 0123456789abcdef1
到目前为止,我已经采取了两种方法来完成此任务。第一种是使用mcrypt.exe,然后使用Process启动该过程。但是,我觉得这使得代码(和程序流)非常笨拙。第二种是尝试直接从我的内部程序解密文件,并使外部程序依赖性为零;我想走这条路。
我对MCrypt格式有些困惑。我已经查看了源代码中的FORMAT文档(here以在线查看),并且我相信标头的开头部分已得到妥善处理。但是,我似乎无法解密文件中的加密数据。
1)IV有多大,如何将其传递给解密器?
2)文件末尾的校验和有多大,我需要吗?
3)上面的长度是静态的吗?
4)什么是密钥模式(mcrypt-sha1)以及如何使用?
5)我注意到正确解密(使用mcrypt.exe)时,加密和解密文件之间存在140字节的差异。这140个字节由什么组成?
代码和下面加密文件的开头;毫无疑问,我的代码从注释“获取数据”开始是错误的 任何朝着正确方向的指针将不胜感激。
/// <summary>
/// Decrypt an mcrypt file using rijndael-256
/// </summary>
/// <param name="inputFile">File to decrypt</param>
/// <param name="encryptionKey">Password</param>
/// <param name="purge"></param>
public static bool Decrypt (string inputFile, string encryptionKey)
{
var rv = false;
if (File.Exists(inputFile) == true)
{
using (FileStream stream = new FileStream(inputFile, FileMode.Open))
{
var buffer = new byte[1024];
// MCrypt header
stream.Read(buffer, 0, 3);
if (buffer[0] == 0x00 && buffer[1] == 0x6D && buffer[2] == 0x03)
{
// Flag
// Bit 7 - Salt Used
// Bit 8 - IV not used
var flag = (byte)stream.ReadByte();
byte[] saltVal = null;
var saltUsed = Utils.GetBit(flag, 6);
byte[] ivVal = new byte[16];
var ivUsed = (Utils.GetBit(flag, 7) == false);
var algorithmName = Utils.GetNullTerminatedString(stream);
stream.Read(buffer, 0, 2);
var keyLen = (buffer[1] << 8) + buffer[0];
var algorithModeName = Utils.GetNullTerminatedString(stream);
var keygenName = Utils.GetNullTerminatedString(stream);
if (saltUsed)
{
var saltFlag = (byte)stream.ReadByte();
if (Utils.GetBit(saltFlag, 0))
{
// After clearing the first bit the salt flag is now the length
Utils.ClearBit (ref saltFlag, 0);
saltVal = new byte[saltFlag];
stream.Read(saltVal, 0, saltFlag);
}
}
var algorithmModeName = Utils.GetNullTerminatedString(stream);
if (ivUsed)
{
stream.Read(ivVal, 0, ivVal.Length);
}
// Get the data - how much to get???
buffer = new byte[stream.Length - stream.Position + 1];
var bytesRead = stream.Read(buffer, 0, buffer.Length);
using (MemoryStream ms = new MemoryStream())
{
using (RijndaelManaged rijndael = new RijndaelManaged())
{
rijndael.KeySize = 256;
rijndael.BlockSize = 128;
var key = new Rfc2898DeriveBytes(System.Text.Encoding.ASCII.GetBytes(encryptionKey), saltVal, 1000);
rijndael.Key = key.GetBytes(rijndael.KeySize / 8);
//AES.Key = System.Text.Encoding.ASCII.GetBytes(encryptionKey);
//AES.IV = key.GetBytes(AES.BlockSize / 8);
rijndael.IV = ivVal;
rijndael.Mode = CipherMode.CBC;
rijndael.Padding = PaddingMode.None;
using (var cs = new CryptoStream(ms, rijndael.CreateDecryptor(), CryptoStreamMode.Write))
{
cs.Write(buffer, 0, buffer.Length);
cs.Close();
using (FileStream fs = new FileStream(inputFile + Consts.FILE_EXT, FileMode.Create))
{
byte[] decryptedBytes = ms.ToArray();
fs.Write(decryptedBytes, 0, decryptedBytes.Length);
fs.Close();
rv = true;
}
}
}
}
}
}
}
return rv;
}
修改
打开其详细模式且未指定rijndael-256时,会收到以下消息。当我指定算法时,它的确会在详细输出中反映出来。都可以正确解密文件。情节变厚...
算法:rijndael-128
密钥大小:32
模式:cbc
关键字模式:mcrypt-sha1
文件格式:mcrypt
另外,用于加密软件各个部分的“密码”范围从12到28个字符。
1 个答案:
答案 0 :(得分:1)
MCrypt文件格式
使用mcrypt-2.6.7-win32进行观察,并使用命令mcrpyt.exe --no-openpgp -V test_in.txt加密以下文件
test_in.txt的未加密长度为25个字节,并且上述命令按如下所示进行加密,从而导致文件test_out.txt.nc的长度为125个字节。
+-------------+----------------------+----------------+---------------------------------------------+
| File Offset | Field Length (bytes) | Field Content | Description |
+-------------+----------------------+----------------+---------------------------------------------+
| 0 | 1 | 0x0 | Zero byte |
+-------------+----------------------+----------------+---------------------------------------------+
| 1 | 1 | 0x6d | m |
+-------------+----------------------+----------------+---------------------------------------------+
| 2 | 1 | 0x3 | Version |
+-------------+----------------------+----------------+---------------------------------------------+
| 3 | 1 | 0x40 | Flags - bit 7 set = salt, bit 8 set = no IV |
+-------------+----------------------+----------------+---------------------------------------------+
| 4 | 13 | rijndael-128 | Algorithm name |
+-------------+----------------------+----------------+---------------------------------------------+
| 17 | 2 | 32 | Key Size |
+-------------+----------------------+----------------+---------------------------------------------+
| 19 | 4 | cbc | Algorithm mode |
+-------------+----------------------+----------------+---------------------------------------------+
| 23 | 12 | mcrypt-sha1 | Key generator algorithm |
+-------------+----------------------+----------------+---------------------------------------------+
| 35 | 1 | 21 | Salt length + 1 |
+-------------+----------------------+----------------+---------------------------------------------+
| 36 | 20 | Salt data | Salt |
+-------------+----------------------+----------------+---------------------------------------------+
| 56 | 5 | sha1 | Check sum algorithm |
+-------------+----------------------+----------------+---------------------------------------------+
| 61 | 16 | IV data | Initialisation vector |
+-------------+----------------------+----------------+---------------------------------------------+
| 77 | 48 | Encrypted data | 25 original data + 20 check sum + 3 padding |
+-------------+----------------------+----------------+---------------------------------------------+
| TOTAL | 125 | | |
+-------------+----------------------+----------------+---------------------------------------------+
在不同情况下观察输出,将使用以下块/键/ IV大小:
+--------------+--------------------+------------+------------------+
| Algorithm | Block Size (bytes) | IV (bytes) | Key Size (bytes) |
+--------------+--------------------+------------+------------------+
| rijndael-128 | 16 | 16 | 32 |
+--------------+--------------------+------------+------------------+
| rijndael-256 | 32 | 32 | 32 |
+--------------+--------------------+------------+------------------+
在加密之前对原始数据进行校验和,并将校验和附加到原始数据的末尾。使用的默认校验和算法为SHA-1,这会导致20字节的哈希。因此,25字节的原始数据变为45字节。块大小为128位(16字节)时,填充3个字节即可达到48个字节的块大小。块大小为256位(32字节)时,将填充19个字节以达到64个字节。零字节用于填充,这在解密期间很重要,因为由于原始数据的大小未知,所以不会自动删除这些字节。
读取标题
这是读取文件尾部的标头和加密数据的代码示例。为了简洁起见,并未包括所有辅助功能。
public void ReadHeader(Stream stream)
{
byte[] buffer = new byte[512];
stream.Read(buffer, 0, 3);
if (buffer[0] != 0x0) throw new FormatException($"First byte is not 0x0, invalid MCrypt file");
if ((char)buffer[1] != 'm') throw new FormatException($"Second byte is not null, invalid MCrypt file");
if (buffer[2] != 0x3) throw new FormatException($"Third byte is not 0x3, invalid MCrypt file");
byte flags = (byte)stream.ReadByte();
KeyGeneratorUsesSalt = (flags & (1 << 6)) != 0;
HasInitialisationVector = (flags & (1 << 7)) != 1;
AlgorithmName = ReadNullTerminatedString(stream);
stream.Read(buffer, 0, 2);
KeySize = BitConverter.ToUInt16(buffer, 0);
BlockSize = GetBlockSize(AlgorithmName);
var cipherModeAsString = ReadNullTerminatedString(stream);
CipherMode cipherMode;
if (Enum.TryParse<CipherMode>(cipherModeAsString, out cipherMode))
CipherMode = cipherMode;
KeyGeneratorName = ReadNullTerminatedString(stream);
if (KeyGeneratorUsesSalt)
{
var saltSize = ((byte)stream.ReadByte()) - 1;
Salt = new byte[saltSize];
stream.Read(Salt, 0, saltSize);
}
CheckSumAlgorithmName = ReadNullTerminatedString(stream);
if (HasInitialisationVector)
{
InitialisationVector = new byte[BlockSize / 8];
stream.Read(InitialisationVector, 0, BlockSize / 8);
}
int read = 0;
byte[] remainingData = null;
using (MemoryStream mem = new MemoryStream())
{
while ((read = stream.Read(buffer, 0, buffer.Length)) != 0)
{
mem.Write(buffer, 0, read);
remainingData = mem.ToArray();
}
}
EncryptedData = remainingData;
}
密钥生成
密钥生成器算法在标头中指定,默认情况下,MCrypt格式为mcrypt-sha1。查看mcrypt源,该密钥是使用mhash库生成的。它将密码和盐组合在一起,以生成算法所需字节数的密钥(在我所研究的两种情况下均为32字节)。我将函数_mhash_gen_key_mcrypt从mhash库转换为C#,如下所示-也许它已经在.NET框架中的某个位置,但是如果这样,我找不到它。
public byte[] GenerateKeyMcryptSha1(string passPhrase, byte[] salt, int keySize)
{
byte[] key = new byte[KeySize], digest = null;
int hashSize = 20;
byte[] password = Encoding.ASCII.GetBytes(passPhrase);
int keyBytes = 0;
while (true)
{
byte[] inputData = null;
using (MemoryStream stream = new MemoryStream())
{
if (Salt != null)
stream.Write(salt, 0, salt.Length);
stream.Write(password, 0, password.Length);
if (keyBytes > 0)
stream.Write(key, 0, keyBytes);
inputData = stream.ToArray();
}
using (var sha1 = new SHA1Managed())
digest = sha1.ComputeHash(inputData);
if (keySize > hashSize)
{
Buffer.BlockCopy(digest, 0, key, keyBytes, hashSize);
keySize -= hashSize;
keyBytes += hashSize;
}
else
{
Buffer.BlockCopy(digest, 0, key, keyBytes, keySize);
break;
}
}
return key;
}
解密
我们可以使用标准的.NET加密类进行大多数解密,传入通过对密码短语和salt进行哈希处理而生成的32字节密钥,并在此基于128位或256位格式使用标头中的算法名称。我们分配通过rijndael.IV = InitialisationVector;从标题读取的初始化向量(IV)。
/// <summary>
/// Decrypt using Rijndael
/// </summary>
/// <param name="key">Key to use for decryption that was generated from passphrase + salt</param>
/// <param name="keySize">Algo key size, e.g. 128 bit, 256 bit</param>
/// <returns>Unencrypted data</returns>
private byte[] DecryptRijndael(byte[] key, int keySize)
{
using (RijndaelManaged rijndael = GetRijndael(key, keySize))
{
rijndael.IV = InitialisationVector;
using (MemoryStream unencryptedStream = new MemoryStream())
using (MemoryStream encryptedStream = new MemoryStream(EncryptedData))
{
using (var cs = new CryptoStream(encryptedStream, rijndael.CreateDecryptor(), CryptoStreamMode.Read))
cs.CopyTo(unencryptedStream);
byte[] unencryptedData = RemovePaddingAndCheckSum(unencryptedStream.ToArray(), GetCheckSumLen());
return unencryptedData;
}
}
}
/// <summary>
/// Set algorithm mode/settings
/// </summary>
/// <param name="key">Key to use for decryption that was generated from passphrase + salt</param>
/// <param name="keySize">Algo key size, e.g. 128 bit, 256 bit</param>
/// <returns>Instance ready to decrypt</returns>
private RijndaelManaged GetRijndael(byte[] key, int keySize)
{
var rijndael = new RijndaelManaged()
{
Mode = CipherMode, // e.g. CBC
KeySize = keySize, // e.g. 256 bits
Key = key, // e.g. 32-byte sha-1 hash of passphrase + salt
BlockSize = BlockSize, // e.g. 256 bits
Padding = PaddingMode.Zeros
};
return rijndael;
}
由于填充样式为零字节,因此在解密期间不会删除这些字节,因为我们当时不知道原始数据的大小,因此解密数据将始终是块大小的倍数。原始数据的大小。它还将校验和附加到末尾。我们可以简单地从解密块的尾部删除所有零字节,但是如果校验和和原始数据确实以零字节结尾,则可能会破坏其校验和。
因此,我们可以一次从尾部开始向后一个字节,并使用校验和来验证何时拥有正确的原始数据。
/// <summary>
/// Remove zero padding by starting at the end of the data block assuming
/// no padding, and using the check sum appended to the end of the data to
/// verify the original data, incrementing padding until we match the
/// check sum or conclude data is corrupt
/// </summary>
/// <param name="data">Decrypted data block, including zero padding and checksum at end</param>
/// <param name="checkSumLen">Length of the checksum appended to the end of the data</param>
/// <returns>Unencrypted original data without padding and without check sum</returns>
private byte[] RemovePaddingAndCheckSum(byte[] data, int checkSumLen)
{
byte[] checkSum = new byte[checkSumLen];
int padding = 0;
while ((data.Length - checkSumLen - padding) > 0)
{
int checkSumStart = data.Length - checkSumLen - padding;
Buffer.BlockCopy(data, checkSumStart, checkSum, 0, checkSumLen);
int dataLength = data.Length - checkSumLen - padding;
byte[] dataClean = new byte[dataLength];
Buffer.BlockCopy(data, 0 , dataClean, 0, dataLength);
if (VerifyCheckSum(dataClean, checkSum))
return dataClean;
padding++;
}
throw new InvalidDataException("Unable to decrypt, check sum does not match");
}
SHA1 20字节校验和可以根据以下数据简单地验证:
private bool VerifySha1Hash(byte[] data, byte[] checkSum)
{
using (SHA1Managed sha1 = new SHA1Managed())
{
var checkSumRedone = sha1.ComputeHash(data);
return checkSumRedone.SequenceEqual(checkSum);
}
}
就是这样,经过3次尝试后使用128位,我们应该获得正确的校验和和相应的原始数据,然后将它们作为未加密的原始数据返回给调用方。
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?