英文:
Go equivalent to OpenSSL EVP symmetric EVP_aes_256_cbc
问题
我正在编写一个Go脚本,用于解密使用EVP_aes_256_cbc和RSA公钥加密的一些旧数据。
在C语言中,代码可能是这样的:
key_size = EVP_OpenInit(&ctx, EVP_aes_256_cbc(), evp_key, eklen, iv, pkey);
//...
EVP_OpenUpdate(&ctx, destination, &len_out, buffer_in, buffer_size)
//...
EVP_OpenFinal(&ctx, destination+len_out, &len_out);
我在Go中有等效的evp_key和iv字节数组,但是我必须承认,我对OpenSSL中EVP的工作顺序不太了解(我在C语言方面相当熟练,但是通过查看OpenSSL源代码,我无法理解解密的过程)。
在Go中,我可以做到这一步:
pKey := //rsa.PrivateKey
eklen := 32
evpKey := "//隐藏的32字节数组"
iv := "//隐藏的16字节数组"
c, err := aes.NewCipher(iv)
cbc := cipher.NewCBCDecrypter(c, iv)
这里是我迷失的地方。我有一个evpKey和pKey,但是我不确定如何从这里解密数据。OpenSSL使用RSA_decrypt_old或类似的函数,但是我无法找到它的具体含义。
是否有Go的等效方法,还是我需要使用代价过高的cgo包并自己动手解决?
更新(解决方案):
对于任何想要在Go中复制EVP行为或者只是想知道EVP的工作原理的人,以下是解释。
如果你知道C语言(或Java或其他OpenSSL实现)使用类似以下方式进行加密:
// 伪代码:不要复制粘贴并期望奇迹
EVP_PKEY_assign_RSA(pkey, public_key);
EVP_CIPHER_CTX_init(&ctx);
EVP_SealInit(&ctx, EVP_aes_256_cbc(), &evp_key, &evp_key_len, iv, &pkey, 1);
EVP_SealUpdate(&ctx, buffer_out, &encrypt_len, (unsigned char*)buffer_in, len);
EVP_SealFinal(&ctx, buffer_out+encrypt_len, &encrypt_len);
"Seal"实际上只是使用RSA公钥加密密钥。
在Go中解密类似的内容:
evpKeyBytes := "// rsa.PublicKey编码的evpKey"
evpKey, err := rsa.DecryptPKCS1v15(rand.Reader, PrivateKeyRSA, evpKeyBytes)
c, err := aes.NewCipher(evpKey)
cbc := cipher.NewCBCDecrypter(c, iv)
decryptedDataBytes := make([]bytes, 2048) // 一些消息大小
cbc.CryptBlocks(decryptedDataBytes, encryptedDataBytes)
data = string(decryptedDataBytes)
// data应该包含预期的解密结果。
英文:
I'm writing a Go script that will decrypt some legacy data that is encrypted with EVP_aes_256_cbc and an RSA public key.
In C this would be something like:
key_size = EVP_OpenInit(&ctx, EVP_aes_256_cbc(), evp_key, eklen, iv, pkey);
//...
EVP_OpenUpdate(&ctx, destination, &len_out, buffer_in, buffer_size)
//...
EVP_OpenFinal(&ctx, destination+len_out, &len_out);
I have the evp_key and iv byte array equivalents in Go, but I must confess the order of how EVP works in OpenSSL eludes me (I'm fairly competent in C, but I can't get a grasp on the process by which this decryption happens from looking at the OpenSSL source.)
In Go, I can get this far:
pKey := //rsa.PrivateKey
eklen := 32
evpKey := "// hidden 32 byte array"
iv := "// hidden 16 byte array"
c, err := aes.NewCipher(iv)
cbc := cipher.NewCBCDecrypter(c, iv)
And here's where I get lost. I have an evpKey and the pKey, but I'm not sure how to decrypt the data from here. OpenSSL uses RSA_decrypt_old or something like that, but I'm unable to track down what that actually means.
Is there a Go equivalent or do I need to bust out the much-too-expensive cgo package and roll up my sleeves?
Update (Resolution):
For anyone looking to replicate the EVP behavior in Go or just wondering how EVP works exactly, the following is breakdown.
If you know the C (or Java or whatever OpenSSL implementation) was encrypting with something like:
// pseudo-code: don't copypasta and expect amazing
EVP_PKEY_assign_RSA(pkey, public_key);
EVP_CIPHER_CTX_init(&ctx);
EVP_SealInit(&ctx, EVP_aes_256_cbc(), &evp_key, &evp_key_len, iv, &pkey, 1);
EVP_SealUpdate(&ctx, buffer_out, &encrypt_len, (unsigned char*)buffer_in, len);
EVP_SealFinal(&ctx, buffer_out+encrypt_len, &encrypt_len);
The "Seal" actually just encrypts the key with the RSA public key.
In Go to decrypt something like that:
evpKeyBytes := "// the rsa.PublicKey encoded evpKey"
evpKey, err := rsa.DecryptPKCS1v15(rand.Reader, PrivateKeyRSA, evpKeyBytes)
c, err := aes.NewCipher(evpKey)
cbc := cipher.NewCBCDecrypter(c, iv)
decryptedDataBytes := make([]bytes, 2048) // some message size
cbc.CryptBlocks(decryptedDataBytes, encryptedDataBytes)
data = string(decryptedDataBytes)
// data should have the expected decrypted result.
答案1
得分: 2
NewCipher期望的是密钥而不是初始化向量(iv),由于你传递了一个128位的iv,它将作为aes128cbc工作。
英文:
NewCipher expects the key not the iv, and since you're passing it a 128bit iv it works as aes128cbc.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论