openssl 未知选项错误

Question

我在下面运行了这个脚本：

#!/bin/bash

keyFile=video.key
openssl rand 16 > $keyFile
encryptionKey=$(cat $keyFile | hexdump -e '16/1 "%02x"')

splitFilePrefix=stream
encryptedSplitFilePrefix=enc/${splitFilePrefix}

numberOfTsFiles=$(ls ${splitFilePrefix}*.ts | wc -l)

for (( i=1; i<$numberOfTsFiles; i++ ))
 do
 initializationVector=printf '%032x' $i
 openssl aes-128-cbc -e -in ${splitFilePrefix}$i.ts -out ${encryptedSplitFilePrefix}$i.ts -nosalt -iv $initializationVector -K $encryptionKey
 done

执行后，bash 给了我一个错误：

./script.sh: line 14: fg: no job control
unknown option '9d268d620c68938b4578c3f299c91a1a'
options are
-in <file>     input file
-out <file>    output file
-pass <arg>    pass phrase source
-e             encrypt
-d             decrypt
-a/-base64     base64 encode/decode, depending on encryption flag
-k             passphrase is the next argument
-kfile         passphrase is the first line of the file argument
-md            the next argument is the md to use to create a key
                 from a passphrase.  One of md2, md5, sha or sha1
-S             salt in hex is the next argument
-K/-iv         key/iv in hex is the next argument
-[pP]          print the iv/key (then exit if -P)
-bufsize <n>   buffer size
-nopad         disable standard block padding
-engine e      use engine e, possibly a hardware device.
Cipher Types
-aes-128-cbc               -aes-128-cbc-hmac-sha1     -aes-128-cfb
-aes-128-cfb1              -aes-128-cfb8              -aes-128-ctr
-aes-128-ecb               -aes-128-gcm               -aes-128-ofb
-aes-128-xts               -aes-192-cbc               -aes-192-cfb
-aes-192-cfb1              -aes-192-cfb8              -aes-192-ctr
-aes-192-ecb               -aes-192-gcm               -aes-192-ofb
-aes-256-cbc               -aes-256-cbc-hmac-sha1     -aes-256-cfb
-aes-256-cfb1              -aes-256-cfb8              -aes-256-ctr
-aes-256-ecb               -aes-256-gcm               -aes-256-ofb
-aes-256-xts               -aes128                    -aes192
-aes256                    -bf                        -bf-cbc
-bf-cfb                    -bf-ecb                    -bf-ofb
-blowfish                  -camellia-128-cbc          -camellia-128-cfb
-camellia-128-cfb1         -camellia-128-cfb8         -camellia-128-ecb
-camellia-128-ofb          -camellia-192-cbc          -camellia-192-cfb
-camellia-192-cfb1         -camellia-192-cfb8         -camellia-192-ecb
-camellia-192-ofb          -camellia-256-cbc          -camellia-256-cfb
-camellia-256-cfb1         -camellia-256-cfb8         -camellia-256-ecb
-camellia-256-ofb          -camellia128               -camellia192
-camellia256               -cast                      -cast-cbc
-cast5-cbc                 -cast5-cfb                 -cast5-ecb
-cast5-ofb                 -des                       -des-cbc
-des-cfb                   -des-cfb1                  -des-cfb8
-des-ecb                   -des-ede                   -des-ede-cbc
-des-ede-cfb               -des-ede-ofb               -des-ede3
-des-ede3-cbc              -des-ede3-cfb              -des-ede3-cfb1
-des-ede3-cfb8             -des-ede3-ofb              -des-ofb
-des3                      -desx                      -desx-cbc
-id-aes128-GCM             -id-aes192-GCM             -id-aes256-GCM
-rc2                       -rc2-40-cbc                -rc2-64-cbc
-rc2-cbc                   -rc2-cfb                   -rc2-ecb
-rc2-ofb                   -rc4                       -rc4-40
-rc4-hmac-md5              -seed                      -seed-cbc
-seed-cfb                  -seed-ecb                  -seed-ofb

我阅读了 openssl 手册并认为 -K 或 -iv 部分是错误的，但无法弄清楚哪个选项以及为什么错误

Answer 1

你的问题是这一行：

initializationVector=printf '%032x' $i

应该是这样的：

initializationVector=$(printf '%032x' $i)

它使initializationVector 为空。

如果您在顶部添加set -x，您可以找到它，然后查看您尝试运行的命令行到底是什么。

在修复之前是这样的：

openssl aes-128-cbc -e -in stream1.ts -out enc/stream1.ts -nosalt -iv -K 7aeb2faae0289b9828b2994f50a4cc3a

这使得openssl 命令认为-K 是-iv 选项的值，而密钥本身是另一个命令选项。
因此出现错误：unknown option '7aeb2faae0289b9828b2994f50a4cc3a'（在我的情况下）。

Answer 2

do
  initializationVector=printf '%032x' $i
  openssl aes-128-cbc -e -in ${splitFilePrefix}$i.ts -out ${encryptedSplitFilePrefix}$i.ts \
      -nosalt -iv $initializationVector -K $encryptionKey
 done

您缺少密码中的前导破折号。请改用-aes-128-cbc。来自enc(1) 文档：

SYNOPSIS

openssl enc -ciphername [-in filename] [-out filename] [-pass arg] [-e] [-d] [-a/-base64] [-A]
[-k password] [-kfile filename] [-K key] [-iv IV] [-S salt] [-salt] [-nosalt] [-z] [-md] [-p]
[-P] [-bufsize number] [-nopad] [-debug] [-none] [-engine id]