英文:
Golang encryption ciphertext has padding of As in the beginning
问题
我正在尝试使用自定义的初始化向量(IV)进行加密,但结果是一个以A填充开头的密文,如下所示:
AAAAAAAAAAAAAAAAAAAAACbglBtdgH3ajX1jgkOaVAsFYyDxRRI=
我按照https://gist.github.com/manishtpatel/8222606上的示例实现进行了一些修改。你可以在https://play.golang.org/p/2rS6zBwbnF上运行和测试。
我的代码在https://play.golang.org/p/qlx_cU0VPQ。
以下是加密函数的参考代码:
func Encrypt(key []byte, text string) string {
// key := []byte(keyText)
plaintext := []byte(text)
block, err := aes.NewCipher(key)
if err != nil {
panic(err)
}
// IV需要是唯一的,但不需要是安全的。因此,通常将其包含在密文的开头。
ciphertext := make([]byte, aes.BlockSize+len(plaintext))
iv := commonIV
stream := cipher.NewCFBEncrypter(block, iv)
stream.XORKeyStream(ciphertext[aes.BlockSize:], plaintext)
// 转换为base64
return base64.URLEncoding.EncodeToString(ciphertext)
}
希望对你有帮助!
英文:
I'm trying to use a custom IV for encryption but it results in a ciphertext with padding of As in the beginning like
AAAAAAAAAAAAAAAAAAAAACbglBtdgH3ajX1jgkOaVAsFYyDxRRI=
I followed the sample implementation at https://gist.github.com/manishtpatel/8222606 with a few changes. The go playground to run and test https://play.golang.org/p/2rS6zBwbnF
My code is at
https://play.golang.org/p/qlx_cU0VPQ
Here is the encrypt function for references as well
func Encrypt(key []byte, text string) string {
// key := []byte(keyText)
plaintext := []byte(text)
block, err := aes.NewCipher(key)
if err != nil {
panic(err)
}
// The IV needs to be unique, but not secure. Therefore it's common to
// include it at the beginning of the ciphertext.
ciphertext := make([]byte, aes.BlockSize+len(plaintext))
iv := commonIV
stream := cipher.NewCFBEncrypter(block, iv)
stream.XORKeyStream(ciphertext[aes.BlockSize:], plaintext)
// convert to base64
return base64.URLEncoding.EncodeToString(ciphertext)
}
答案1
得分: 3
请参考以下示例进行Golang AES加密。如果您不需要特定使用AES CFB,可以将加密函数替换为GCM。简而言之,从此链接中复制并粘贴您的加密代码,而不是从Stack Overflow上获取。
https://github.com/gtank/cryptopasta/blob/master/encrypt.go
如果您只是在学习,请观看相关的讲座并阅读链接的代码;如果您真的要使用此加密,请使用链接中的代码。
顺便说一句,我不是专家,但是您的iv应该每次都是随机的,对吗?要修复您上面的代码,您需要使用类似以下的方式将iv/nonce复制进去:
copy(ciphertext[:aes.BlockSize], iv[:])
这样,唯一的随机nonce就位于ciphertext的开头,并用于解密(所以commonIV不应该存在),这样可以防止它对于相同的明文产生相同的输出。请注意,修复后的代码每次都会产生相同的输出-这是不好的。
但是请不要从Stack Overflow上获取加密的建议,尤其不要从我这里获取。请改为查看这里的链接并遵循说明。这些东西太难通过试错来解决。
英文:
See this example for golang aes encryption, if you don't need to use AES CFB specifically you could just swap out your encrypt function and use GCM instead. TL;DR- Copy & paste your crypto code from this link instead of Stack Overflow.
https://github.com/gtank/cryptopasta/blob/master/encrypt.go
If you're just learning watch the associated talk and read the code linked, if you're actually encrypting with this, use the linked code.
PS I'm no expert but your iv should be random each time shouldn't it? To fix your code above you need to copy the iv/nonce in with something like:
copy(ciphertext[:aes.BlockSize], iv[:])
the idea is the unique random nonce is at the start of ciphertext, and used to decrypt (so commonIV shouldn't exist) this stops it producing the same output for the same cleartext. Note how your code when fixed produces the same output each time - that's bad.
But please, don't use advice from people on stack overflow for crypto, and certainly not from me, see the links here instead, and heed the instructions. This stuff is too hard to work out by trial and error.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论