AES 256 CBC Openssl的加密解密在C#
我是密码学一个新手。我的要求是解密/加密加密文本使用的OpenSSL /解密。我们所使用的算法是AES-256-CBC在OpenSSL。
所以,我想实现我的应用程序相同的功能。到目前为止,经过大量谷歌上搜索所有我能够做的就是..
I am a newbie to cryptography. My requirement is to decrypt/encrypt the text that is encrypted/decrypted using openssl. The algorithm that we are using is aes-256-cbc in the Openssl. So, I am trying to implement the same functionality in my application. so far after a lot of googling all i was able to do is..
private static string Encryptor(string TextToEncrypt)
{
//Turn the plaintext into a byte array.
byte[] PlainTextBytes = System.Text.ASCIIEncoding.ASCII.GetBytes(TextToEncrypt);
//Setup the AES providor for our purposes.
AesCryptoServiceProvider aesProvider = new AesCryptoServiceProvider();
aesProvider.BlockSize = 128;
aesProvider.KeySize = 256;
//My key and iv that i have used in openssl
aesProvider.Key = System.Text.Encoding.ASCII.GetBytes(strKey);
aesProvider.IV = System.Text.Encoding.ASCII.GetBytes(strIV);
aesProvider.Padding = PaddingMode.PKCS7;
aesProvider.Mode = CipherMode.CBC;
ICryptoTransform cryptoTransform = aesProvider.CreateEncryptor(aesProvider.Key, aesProvider.IV);
byte[] EncryptedBytes = cryptoTransform.TransformFinalBlock(PlainTextBytes, 0, PlainTextBytes.Length);
return Convert.ToBase64String(EncryptedBytes);
}
private static string Decryptor(string TextToDecrypt)
{
byte[] EncryptedBytes = Convert.FromBase64String(TextToDecrypt);
//Setup the AES provider for decrypting.
AesCryptoServiceProvider aesProvider = new AesCryptoServiceProvider();
//aesProvider.Key = System.Text.Encoding.ASCII.GetBytes(strKey);
//aesProvider.IV = System.Text.Encoding.ASCII.GetBytes(strIV);
aesProvider.BlockSize = 128;
aesProvider.KeySize = 256;
//My key and iv that i have used in openssl
aesProvider.Key = System.Text.Encoding.ASCII.GetBytes(strKey);
aesProvider.IV = System.Text.Encoding.ASCII.GetBytes(strIV);
aesProvider.Padding = PaddingMode.PKCS7;
aesProvider.Mode = CipherMode.CBC;
ICryptoTransform cryptoTransform = aesProvider.CreateDecryptor(aesProvider.Key, aesProvider.IV);
byte[] DecryptedBytes = cryptoTransform.TransformFinalBlock(EncryptedBytes, 0, EncryptedBytes.Length);
return System.Text.Encoding.ASCII.GetString(DecryptedBytes);
}
我的OpenSSL的命令是
My openssl command is
openssl aes-256-cbc -e -nosalt -a -in inputfile.txt -out output.txt -k key -iv ivkey
我的密钥长度是32digits和IV是16digits
My key length is 32digits and iv is 16digits
日Thnx ...
首先,请阅读男人ENC
OpenSSL的。 -IV
当使用 -k
被忽略。你可能需要的资本 -K
。二,关键和IV与OpenSSL的工具使用时的值是十六进制的,如果你的C#使用相同的字符串命令行,那么你需要做的适当的转换,而不是 Encoding.ASCII.GetBytes
(7位编码是从未反正正确答案)。
First, read man enc
for openssl. -iv
is ignored when -k
is used. You probably want capital -K
. Second, the key and iv values are hexadecimal when used with the openssl tool, if your C# is using the same string as the command line then you need to do appropriate conversions rather than Encoding.ASCII.GetBytes
(a 7 bit encoding is never the right answer anyway).
有关您的纯文本,你还不如用 Encoding.UTF8.GetBytes / GetString的
,因为它是与ASCII向后兼容。
For your plain text, you might as well use Encoding.UTF8.GetBytes/GetString
since it is backwards compatible with ASCII.
如果你真的想使用小写某些原因 -k
,一个密码来生成密钥和IV,即作为OpenSSL的使用它自己的密钥推导方案困难得多。此外,它是危险与 -nosalt
标记使用。
If for some reason you actually want to use lowercase -k
, a password to generate both the key and iv, that is much more difficult as openssl uses it's own key derivation scheme. Also, it is dangerous to use with the -nosalt
flag.
-nosalt 强>:
不处于密钥导出例程使用的盐。这个选项应该
不只是用于测试目的或与OpenSSL和SSLeay的古
版本兼容使用。
-nosalt: doesn't use a salt in the key derivation routines. This option SHOULD NOT be used except for test purposes or compatibility with ancient versions of OpenSSL and SSLeay.
其中的一个原因,这是危险的,是由于这样的事实,IV的不应该是可预见的或AES-CBC重复使用,如果你不使用盐时,密码总是会产生与打开相同的IV相同的密钥您几个攻击和可能泄漏关于明文的信息。
One of the reasons this is dangerous, is due to the fact that IV's should not be predictable or reused for AES-CBC and if you don't use a salt, the passphrase will always produce the same key with the same IV that opens you up to several attacks and can leak info about the plaintext.
您可以找到如何从密码派生,相同的密钥和IV为OpenSSL的,从这个博客帖子解密的OpenSSL AES在C#文件,虽然它是专门为AES-128的评论导致你如何为AES-256,修改的男人EVP_BytesToKey
:
You can find out how to derive from passphrase, the same key and IV as openssl from this blog post Decrypting OpenSSL AES files in C# although it is specifically for AES-128 the comments lead you to how to modify for aes-256, from man EVP_BytesToKey
:
Hash0 = ''
Hash1 = MD5(Hash0 + Password + Salt)
Hash2 = MD5(Hash1 + Password + Salt)
Hash3 = MD5(Hash2 + Password + Salt)
Key = Hash1 + Hash2
IV = Hash3