英文:
PBKDF2 key is decrypting AES without the same salt?
问题
以下是翻译好的部分:
在不保存和重复使用PBKDF2的盐的情况下,如何实现以下操作?
这是我用于加密文件的操作:
openssl aes-256-cbc -pbkdf2 -in secret.txt -out secret.enc -a -kfile kfile.file
其中,secret.txt = "秘密消息",
kfile.file = "密码"`
然后,我运行以下命令以解密刚刚加密的文件:
openssl aes-256-cbc -pbkdf2 -d -in secret.enc -out secret.decrypted -a -kfile kfile.file
解密后的文件结果是 secret.decrypted = "秘密消息"
据我所知,我需要初始用于PBKDF2的盐来派生相同的解密密钥,为什么在这种情况下明显不需要呢?
运行 openssl aes-256-cbc -help
时,默认情况下指出KDF中使用了盐。
英文:
How is the following possible without saving and reusing the salt from PBKDF2?
Here's what I'm doing to encrypt a file:
openssl aes-256-cbc -pbkdf2 -in secret.txt -out secret.enc -a -kfile kfile.file
Where secret.txt = "secret message"
, and kfile.file = "password"
I then run the following to decrypt the just encrypted file:
openssl aes-256-cbc -pbkdf2 -d -in secret.enc -out secret.decrypted -a -kfile kfile.file
The decrypted file results secret.decrypted = "secret message"
As far as I know, I would have needed the initial salt used for the PBKDF2 to derive the same key for decryption, why is this clearly not the case here?
When running openssl aes-256-cbc -help
it states that a salt is used in the KDF by default.
答案1
得分: 2
<Salted__的ASCII编码>|<8字节盐值>|<密文>
-a
选项会导致结果被Base64编码。由于固定的前缀Salted__
,数据始终以U2FsdGVkX1
开头。
英文:
The (implicitly generated) random 8 bytes salt and the ciphertext are automatically concatenated. In addition, the ASCII encoding of Salted__
is prepended:
<ASCII encoding of Salted__>|<8 bytes salt>|<ciphertext>
The -a
option causes the result to be Base64 encoded. Because of the fixed prefix Salted__
the data therefore always starts with U2FsdGVkX1
.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论