如何解码 aes-256-cfb?

huangapple go评论131阅读模式
英文:

How I can decode aes-256-cfb

问题

我可以帮你翻译这段代码。以下是翻译的结果:

package main

import (
	"crypto/aes"
	"crypto/cipher"
	"crypto/sha256"
	"log"
	"os"
)

func main() {
	fiencpkg, err := os.ReadFile("encpkg")
	if err != nil {
		log.Println(err)
		os.Exit(1)
	}

	fiencpass, err := os.ReadFile("encpass")
	if err != nil {
		log.Println(err)
		os.Exit(1)
	}

	keyb := sha256.Sum256(fiencpass)
	block, err := aes.NewCipher(keyb[:])
	if err != nil {
		panic(err)
	}

	if len(fiencpkg) < aes.BlockSize {
		panic("data too short")
	}

	iv := fiencpkg[:aes.BlockSize]
	decdata := fiencpkg[aes.BlockSize:]
	stream := cipher.NewCFBDecrypter(block, iv)

	stream.XORKeyStream(decdata, fiencpkg[aes.BlockSize:])
	os.WriteFile("x_go.txz", decdata, 0777)

}

希望对你有帮助!

英文:

How I can decode aes-256-cfb?

I have file encoded by aes-256-cfb, when I use openssl command

openssl enc -d -aes-256-cfb -salt -pbkdf2 -pass file:encpass -out x.txz -in encpkg

this file is decrypted without any problem,but when I try to decrypt this file by golang, I always get incorrect file, I don't know what my problem is and I hope to find help

my code:

package main

import (
	&quot;crypto/aes&quot;
	&quot;crypto/cipher&quot;
	&quot;crypto/sha256&quot;
	&quot;log&quot;
	&quot;os&quot;
)

func main() {
	fiencpkg, err := os.ReadFile(&quot;encpkg&quot;)
	if err != nil {
		log.Println(err)
		os.Exit(1)
	}

	fiencpass, err := os.ReadFile(&quot;encpass&quot;)
	if err != nil {
		log.Println(err)
		os.Exit(1)
	}

	keyb := sha256.Sum256(fiencpass)
	block, err := aes.NewCipher(keyb[:])
	if err != nil {
		panic(err)
	}

	if len(fiencpkg) &lt; aes.BlockSize {
		panic(&quot;data too short&quot;)
	}

	iv := fiencpkg[:aes.BlockSize]
	decdata := fiencpkg[aes.BlockSize:]
	stream := cipher.NewCFBDecrypter(block, iv)

	stream.XORKeyStream(decdata, fiencpkg[aes.BlockSize:])
	os.WriteFile(&quot;x_go.txz&quot;, decdata, 0777)

}

答案1

得分: 1

在OpenSSL语句中,-pbkdf2选项会导致使用PBKDF2密钥派生算法:
在加密过程中,会生成一个随机的8字节盐值,并且使用该密钥派生算法来确定密钥和初始化向量(IV),该过程使用密码和盐值作为输入。
由于解密过程需要盐值,OpenSSL语句会将盐值和密文连接在一起,并在前缀中使用Salted__进行标识。

因此,在解密过程中,首先需要将盐值和密文分开:

salt := fiencpkg[8:16]
ciphertext := fiencpkg[16:]

然后可以使用PBKDF2来派生密钥和初始化向量,例如使用pbkdf2包

keyIv := pbkdf2.Key(fiencpass, salt, 10000, 48, sha256.New)
key := keyIv[0:32]
iv := keyIv[32:48]

注意,默认的迭代次数和摘要算法是OpenSSL的默认值,即10000次迭代和SHA256摘要算法。由于加密使用的是AES-256-CFB算法,因此需要生成48字节的数据(32字节用于密钥,16字节用于初始化向量)。

确定了密钥和初始化向量之后,可以像通常一样进行解密操作。


完整代码:

package main

import (
	"crypto/aes"
	"crypto/cipher"
	"crypto/sha256"
	"log"
	"os"
	
	"golang.org/x/crypto/pbkdf2"
)

func main() {
	fiencpkg, err := os.ReadFile("encpkg")
	if err != nil {
		log.Println(err)
		os.Exit(1)
	}

	salt := fiencpkg[8:16]
	ciphertext := fiencpkg[16:]

	fiencpass, err := os.ReadFile("encpass")
	if err != nil {
		log.Println(err)
		os.Exit(1)
	}

	keyIv := pbkdf2.Key(fiencpass, salt, 10000, 48, sha256.New)
	key := keyIv[0:32]
	iv := keyIv[32:48]

	block, err := aes.NewCipher(key)
	if err != nil {
		panic(err)
	}

	stream := cipher.NewCFBDecrypter(block, iv)
	stream.XORKeyStream(ciphertext, ciphertext)
	os.WriteFile("x_go.txz", ciphertext, 0777)
}
英文:

The -pbkdf2 option in the OpenSSL statement causes the PBKDF2 key derivation to be used:<br>
During encryption, a random 8 bytes salt is generated, and together with the password, the key and IV are determined using this key derivation.<br>
Since the salt is needed for decryption, the OpenSSL statement concatenates salt and ciphertext and indicates this with the prefix Salted__.

Thus, during decryption, salt and ciphertext must first be separated:

salt := fiencpkg[8:16]
ciphertext := fiencpkg[16:]

Then key and IV can be derived via PBKDF2 using e.g. the pbkdf2 package:

keyIv := pbkdf2.Key(fiencpass, salt, 10000, 48, sha256.New)
key := keyIv[0:32]
iv := keyIv[32:48]

Note the OpenSSL default values 10000 and SHA256 for iteration count and digest. Since the encryption was done with AES-256-CFB 48 bytes have to be generated (32 bytes for the key, 16 bytes for the IV).

After determining key and IV, decryption can be performed as usual.


Full code:

package main

import (
	&quot;crypto/aes&quot;
	&quot;crypto/cipher&quot;
	&quot;crypto/sha256&quot;
	&quot;log&quot;
	&quot;os&quot;
	
	&quot;golang.org/x/crypto/pbkdf2&quot;
)

func main() {
	fiencpkg, err := os.ReadFile(&quot;encpkg&quot;)
	if err != nil {
		log.Println(err)
		os.Exit(1)
	}

	salt := fiencpkg[8:16]
	ciphertext := fiencpkg[16:]

	fiencpass, err := os.ReadFile(&quot;encpass&quot;)
	if err != nil {
		log.Println(err)
		os.Exit(1)
	}

	keyIv := pbkdf2.Key(fiencpass, salt, 10000, 48, sha256.New)
	key := keyIv[0:32]
	iv := keyIv[32:48]

	block, err := aes.NewCipher(key)
	if err != nil {
		panic(err)
	}

	stream := cipher.NewCFBDecrypter(block, iv)
	stream.XORKeyStream(ciphertext, ciphertext)
	os.WriteFile(&quot;x_go.txz&quot;, ciphertext, 0777)
}

huangapple
  • 本文由 发表于 2022年8月24日 02:19:02
  • 转载请务必保留本文链接:https://go.coder-hub.com/73463435.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定