从Ruby进行AES-256-GCM加密,使用Golang进行解密

huangapple go评论97阅读模式
英文:

AES-256-GCM Encryption from Ruby & Decryption with Golang

问题

我可以帮你翻译这段代码。以下是翻译的结果:

我在Ruby中使用aes-256-gcm进行加密。

require 'openssl'
key = "972ec8dd995743d981417981ac2f30db"
iv = "6a825c25ea74"
auth_data = "73f6828fc5be"
plaintext = "John Doe play foo bar"

cipher = OpenSSL::Cipher.new('aes-256-gcm')
cipher.encrypt
cipher.iv = iv
cipher.key = key
cipher.auth_data = auth_data
cipherText = cipher.update(plaintext) + cipher.final
authTag = cipher.auth_tag
hexString = (cipherText + iv + authTag).unpack('H*').first

hexString的结果如下:

fa03a24cad007ceaadc34c22edff943cb58fe514ed36613832356332356561373425f6bc5724b956daae151c8d78a21263

我想在Go中对其进行解密。

key := "972ec8dd995743d981417981ac2f30db"
iv := "6a825c25ea74"
authData := "73f6828fc5be"
hexString, _ := hex.DecodeString("fa03a24cad007ceaadc34c22edff943cb58fe514ed36613832356332356561373425f6bc5724b956daae151c8d78a21263")

block, err := aes.NewCipher([]byte(key))
if err != nil {
    panic(err.Error())
}

aesgcm, err := cipher.NewGCM(block)
if err != nil {
    panic(err.Error())
}

plaintext, err := aesgcm.Open(nil, []byte(iv), hexString, []byte(authData))
if err != nil {
    panic(err.Error())
}

我得到了cipher: message authentication failed的错误。我也不明白在Go语言中的authData是什么意思,在这个链接https://golang.org/pkg/crypto/cipher/#NewGCM 中找不到相关信息。

英文:

I have an encryption in Ruby with aes-256-gcm

require 'openssl'
key = "972ec8dd995743d981417981ac2f30db"
iv = "6a825c25ea74"
auth_data = "73f6828fc5be"
plaintext = "John Doe play foo bar"

cipher = OpenSSL::Cipher.new('aes-256-gcm')
cipher.encrypt
cipher.iv = iv
cipher.key = key
cipher.auth_data = auth_data
cipherText = cipher.update(plaintext) + cipher.final
authTag = cipher.auth_tag
hexString = (cipherText + iv + authTag).unpack('H*').first

the hextString result looks like

fa03a24cad007ceaadc34c22edff943cb58fe514ed36613832356332356561373425f6bc5724b956daae151c8d78a21263

I want to decrypt it in Go

key := "972ec8dd995743d981417981ac2f30db"
iv := "6a825c25ea74"
authData := "73f6828fc5be"
hexString, _ := hex.DecodeString("fa03a24cad007ceaadc34c22edff943cb58fe514ed36613832356332356561373425f6bc5724b956daae151c8d78a21263")

block, err := aes.NewCipher([]byte(key))
if err != nil {
    panic(err.Error())
}

aesgcm, err := cipher.NewGCM(block)
if err != nil {
	panic(err.Error())
}

plaintext, err := aesgcm.Open(nil, []byte(iv), hexString, []byte(authData))
if err != nil {
	panic(err.Error())
}

I got cipher: message authentication failed.
and Also I don't get the point about authData in golang, I can't fine it in here https://golang.org/pkg/crypto/cipher/#NewGCM

答案1

得分: 4

随机数(iv)不应该出现在密文的中间。你想要的十六进制编码输出只是cipherText + authTag。由于随机数必须与密文一起发送,通常在密文前面加上随机数前缀,但在解密消息之前必须将其去掉(还要注意,你的keyivauth_data值似乎是十六进制字符串,但它们被用作原始字节,这可能导致一些混淆)。

将消息的字节重新排列以在随机数前面添加前缀,得到以下示例:https://play.golang.org/p/YV5FugSyM5_G

key := []byte("972ec8dd995743d981417981ac2f30db")
authData := []byte("73f6828fc5be")

msg, err := hex.DecodeString("366138323563323565613734fa03a24cad007ceaadc34c22edff943cb58fe514ed25f6bc5724b956daae151c8d78a21263")

block, err := aes.NewCipher([]byte(key))
if err != nil {
    log.Fatal(err)
}

aesgcm, err := cipher.NewGCM(block)
if err != nil {
    log.Fatal(err)
}

sz := aesgcm.NonceSize()
nonce, cipherText := msg[:sz], msg[sz:]

pt, err := aesgcm.Open(nil, nonce, cipherText, authData)
if err != nil {
    log.Fatal(err)
}

fmt.Printf("%q\n", pt)

// 输出: "John Doe play foo bar"

希望对你有所帮助!

英文:

The nonce (iv) does not belong in the middle of the ciphertext. The hex-encoded output you want here from the ruby example is only the cipherText + authTag. Since the nonce must be sent along with the ciphertext, it is common to prefix the ciphertext with the nonce if you so choose, but you must trim that off before deciphering the message. (Also note that your key, iv and auth_data values appear to be hex strings, but they are being used as raw bytes which may be adding to some of the confusion).

Re-arranging the bytes of the message to prepend the nonce, gives us this example: https://play.golang.org/p/YV5FugSyM5_G

key := []byte("972ec8dd995743d981417981ac2f30db")
authData := []byte("73f6828fc5be")

msg, err := hex.DecodeString("366138323563323565613734fa03a24cad007ceaadc34c22edff943cb58fe514ed25f6bc5724b956daae151c8d78a21263")

block, err := aes.NewCipher([]byte(key))
if err != nil {
	log.Fatal(err)
}

aesgcm, err := cipher.NewGCM(block)
if err != nil {
	log.Fatal(err)
}

sz := aesgcm.NonceSize()
nonce, cipherText := msg[:sz], msg[sz:]

pt, err := aesgcm.Open(nil, nonce, cipherText, authData)
if err != nil {
	log.Fatal(err)
}

fmt.Printf("%q\n", pt)

> "John Doe play foo bar"

答案2

得分: 0

这是对我有效的方法。我最初使用attr_encrypted gem来加密信息。

package main

import (
	"crypto/aes"
	"crypto/cipher"
	"encoding/base64"
	"fmt"
	"log"
)

func main() {
  // data: "7621276423"
  // encrypted_data: "Hz1HXFTfSyucPvy3iDoY1F4O5YmAx2skRa4="
  // encrypted_data_iv: "Ezk8f3+944gs4x5E"
  // license_key: "iUPGMBmppYA92kbciS5fIUe7gRcx6G025haOeAmEjU4="

  cipherText, err := base64.StdEncoding.DecodeString("Hz1HXFTfSyucPvy3iDoY1F4O5YmAx2skRa4=")
  nonce, err := base64.StdEncoding.DecodeString("Ezk8f3+944gs4x5E")
  key, err := base64.StdEncoding.DecodeString("iUPGMBmppYA92kbciS5fIUe7gRcx6G025haOeAmEjU4=")

	block, err := aes.NewCipher([]byte(key))
	if err != nil {
		log.Fatal(err)
	}

	aesgcm, err := cipher.NewGCM(block)
	if err != nil {
		log.Fatal(err)
	}

	pt, err := aesgcm.Open(nil, nonce, cipherText, nil)
	if err != nil {
		log.Fatal(err)
	}

	fmt.Printf("%q\n", pt)
}

// "123456789";
英文:

This is what worked for me. I originally used the attr_encrypted gem to encrypt the information.

package main

import (
	"crypto/aes"
	"crypto/cipher"
    "encoding/base64"
	"fmt"
	"log"
)

func main() {
  // data: "7621276423"
  // encrypted_data: "Hz1HXFTfSyucPvy3iDoY1F4O5YmAx2skRa4="
  // encrypted_data_iv: "Ezk8f3+944gs4x5E"
  // license_key: "iUPGMBmppYA92kbciS5fIUe7gRcx6G025haOeAmEjU4="

  cipherText, err := base64.StdEncoding.DecodeString("Hz1HXFTfSyucPvy3iDoY1F4O5YmAx2skRa4=")
  nonce, err := base64.StdEncoding.DecodeString("Ezk8f3+944gs4x5E")
  key, err := base64.StdEncoding.DecodeString("iUPGMBmppYA92kbciS5fIUe7gRcx6G025haOeAmEjU4=")

	block, err := aes.NewCipher([]byte(key))
	if err != nil {
		log.Fatal(err)
	}

	aesgcm, err := cipher.NewGCM(block)
	if err != nil {
		log.Fatal(err)
	}

	pt, err := aesgcm.Open(nil, nonce, cipherText, nil)
	if err != nil {
		log.Fatal(err)
	}

	fmt.Printf("%q\n", pt)
}

// "123456789"

huangapple
  • 本文由 发表于 2021年6月19日 04:04:31
  • 转载请务必保留本文链接:https://go.coder-hub.com/68040875.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定