大家好,关于 openssl 的另一个问题:
我有这个命令:
openssl enc -aes-192-cbc -pbkdf2 -e -in <infile> -out <outfile> -pass pass:password
现在我只有这个命令的密文,并且我知道密码,然后我还知道盐,即字符串“Salted__”之后密文的前 8 个字节。我还知道 openssl 作为默认参数采用 1000 次迭代计数和 sha256 作为摘要。我的问题是:我如何从c语言返回派生 key 和派生iv?
我的代码是这样的,但它没有返回正确的值:
void decrypt(unsigned char *ciphertext, int ciphertext_len, unsigned char *plaintext, const char *password, unsigned char* salt){
EVP_CIPHER_CTX *ctx;
int len;
int plaintext_len;
//unsigned char* key = "EF04020D6979FC09CC1859A2BFB832FFFCF57C64BA61F682"; right value
//unsigned char* iv = "722EDDC813763C9AAB96A0A6885CE1DB"; right value
unsigned char key[24], iv[16];
int i;
PKCS5_PBKDF2_HMAC(password, strlen(password), (unsigned char*)salt, strlen(salt), 1000, EVP_sha256(), 16, key);
EVP_BytesToKey(EVP_aes_192_cbc(), EVP_sha256(), (unsigned char*)salt, (unsigned char*)password, strlen(password), 1000, key+16, iv);
printf("Key: "); for(i=0; i < 24; ++i){ printf("%02x", key[i]); } printf("\n");
printf("IV: "); for(i=0; i < 16; ++i){ printf("%02x", iv[i]); } printf("\n\n");
//Create and initialise the context
if(!(ctx = EVP_CIPHER_CTX_new()))
handleErrors();
//Initialise the decryption operation. IMPORTANT - ensure you use a key
//and IV size appropriate for your cipher
if(1 != EVP_DecryptInit_ex(ctx, EVP_aes_192_cbc(), NULL, key, iv))
handleErrors();
//Provide the message to be decrypted, and obtain the plaintext output.
//EVP_DecryptUpdate can be called multiple times if necessary.
if(1 != EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len))
handleErrors();
plaintext_len = len;
//Finalise the decryption. Further plaintext bytes may be written at
//this stage.
if(1 != EVP_DecryptFinal_ex(ctx, plaintext + len, &len))
handleErrors();
plaintext_len += len;
//Clean up
EVP_CIPHER_CTX_free(ctx);
}
正确的值已被注释,我从终端获取它......但我的 c 代码不返回该值。 我认为这取决于我没有很好地翻译 -pbkdf2 派生 key ...请帮助我
最佳答案
我解决了这个问题,在GitHub上的openssl源代码中看到:
关于c++ - 如何用c语言翻译openssl命令pbkdf2?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58835731/