伙计们,关于openssl的另一个问题:
我有以下命令:
openssl enc -aes-192-cbc -pbkdf2 -e -in <infile> -out <outfile> -pass pass:password
现在我只有该命令的密文,并且我知道密码,然后我也知道字符串“ Salted__”之后密文的前8个字节为salt。我也知道openssl作为默认参数需要1000次迭代计数和sha256作为摘要。我的问题是:我该如何返回到派生的键和从C语言派生的iv?
我的代码是这样,但它没有返回正确的值:
void decrypt(unsigned char *ciphertext, int ciphertext_len, unsigned char *plaintext, const char *password, unsigned char* salt){
EVP_CIPHER_CTX *ctx;
int len;
int plaintext_len;
//unsigned char* key = "EF04020D6979FC09CC1859A2BFB832FFFCF57C64BA61F682"; right value
//unsigned char* iv = "722EDDC813763C9AAB96A0A6885CE1DB"; right value
unsigned char key[24], iv[16];
int i;
PKCS5_PBKDF2_HMAC(password, strlen(password), (unsigned char*)salt, strlen(salt), 1000, EVP_sha256(), 16, key);
EVP_BytesToKey(EVP_aes_192_cbc(), EVP_sha256(), (unsigned char*)salt, (unsigned char*)password, strlen(password), 1000, key+16, iv);
printf("Key: "); for(i=0; i < 24; ++i){ printf("%02x", key[i]); } printf("\n");
printf("IV: "); for(i=0; i < 16; ++i){ printf("%02x", iv[i]); } printf("\n\n");
//Create and initialise the context
if(!(ctx = EVP_CIPHER_CTX_new()))
handleErrors();
//Initialise the decryption operation. IMPORTANT - ensure you use a key
//and IV size appropriate for your cipher
if(1 != EVP_DecryptInit_ex(ctx, EVP_aes_192_cbc(), NULL, key, iv))
handleErrors();
//Provide the message to be decrypted, and obtain the plaintext output.
//EVP_DecryptUpdate can be called multiple times if necessary.
if(1 != EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len))
handleErrors();
plaintext_len = len;
//Finalise the decryption. Further plaintext bytes may be written at
//this stage.
if(1 != EVP_DecryptFinal_ex(ctx, plaintext + len, &len))
handleErrors();
plaintext_len += len;
//Clean up
EVP_CIPHER_CTX_free(ctx);
}
正确的值被注释掉,我从终端拿走了...。但是我的C代码没有返回该值。 我认为这取决于我不能很好地翻译-pbkdf2派生密钥的事实...请帮助我
答案 0 :(得分:0)
我在GitHub上的openssl源代码中看到了解决的问题: