【发布时间】:2018-09-23 10:27:07
【问题描述】:
首先。我在这里如履薄冰!
我有一个从 php.ini 获取的加密文件。我正在尝试用 golang 解密它。
php 应用程序使用公共 RSA 密钥来加密用于使用 aes-256-cbc 进行加密的密钥。
我已经创建了一些概念验证代码,但我做错了。尽管 key 和 iv 在两边看起来都是正确的,但有些东西是不正确的。结果只是垃圾。我怀疑一些编码不匹配(期望 base64,获取字符串字节......)或者我误解了一些概念。
加密:
<?php
$cipher = "AES-256-CBC";
$ivLength = openssl_cipher_iv_length($cipher="AES-256-CBC");
echo "iv len: " . $ivLength . "\n";
$iv = openssl_random_pseudo_bytes($ivLength);
$key = "1234567890abcdef";
$ciphertext = openssl_encrypt("hello world", $cipher, $key, 0, $iv);
$publicKey = openssl_pkey_get_public(file_get_contents("some-public-key.pub"));
if (!$publicKey) {
die("OpenSSL: Unable to get public key for encryption. Is the location correct? Does this key require a password?");
}
$ok = openssl_public_encrypt($key, $encryptedKey, $publicKey);
if (!$ok) {
die("Encryption failed. Ensure you are using a PUBLIC key.");
}
echo "key unencrypted: " . $key . "\n";
echo "iv: " . base64_encode($iv) . "\n";
echo "ciphertext: " . $ciphertext . "\n";
echo "ciphertext binary: " . (base64_decode($ciphertext)) . "\n";
echo "combined: " . ($iv . $ciphertext) . "\n";
file_put_contents("key.enc", $encryptedKey);
file_put_contents("content.enc", $iv . $ciphertext);
file_put_contents("content.dec", openssl_decrypt($ciphertext, $cipher, $key, 0, $iv));
openssl_free_key($publicKey);
?>
解密:
package main
import (
"crypto/aes"
"crypto/cipher"
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"encoding/base64"
"encoding/hex"
"encoding/pem"
"fmt"
"io"
"io/ioutil"
"log"
)
func main() {
// Read the input file
in, err := ioutil.ReadFile("key.enc")
if err != nil {
log.Fatalf("input file: %s", err)
}
// Read the private key
pemData, err := ioutil.ReadFile("some-private-key")
if err != nil {
log.Fatalf("read key file: %s", err)
}
// Extract the PEM-encoded data block
block, _ := pem.Decode(pemData)
if block == nil {
log.Fatalf("bad key data: %s", "not PEM-encoded")
}
if got, want := block.Type, "RSA PRIVATE KEY"; got != want {
log.Fatalf("unknown key type %q, want %q", got, want)
}
// Decode the RSA private key
priv, err := x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
log.Fatalf("bad private key: %s", err)
}
// Decrypt the data
cipherKey, err := rsa.DecryptPKCS1v15(rand.Reader, priv, in)
if err != nil {
log.Fatalf("decrypt: %s", err)
}
fmt.Println("Key decrypted:", string(cipherKey))
// Read encrypted content file
content, err := ioutil.ReadFile("content.enc")
if err != nil {
log.Fatalf("input file: %s", err)
}
fmt.Println("Cipherkey: ", string(cipherKey))
cipherText := content
cipherBlock, err := aes.NewCipher(cipherKey)
if err != nil {
panic(err)
}
iv := cipherText[:aes.BlockSize]
fmt.Println("iv:", base64.StdEncoding.EncodeToString(iv))
fmt.Println("ciphertext:", string(cipherText[aes.BlockSize:]))
cipherText, _ = base64.StdEncoding.DecodeString(string(cipherText[aes.BlockSize:]))
fmt.Println("ciphertext binary: ", string(cipherText))
// CBC mode always works in whole blocks.
if len(cipherText)%aes.BlockSize != 0 {
panic(fmt.Sprintf("ciphertext (len=%d) is not a multiple of the block size (%d)", len(cipherText), aes.BlockSize))
}
mode := cipher.NewCBCDecrypter(cipherBlock, iv)
mode.CryptBlocks(cipherText, cipherText)
fmt.Printf("The result: %s\n", cipherText)
}
这是执行此操作的一些示例输出(首先是 php,然后是 go):
iv len: 16
key unencrypted: 1234567890abcdef
iv: QffXbVRuwyopwwvQXQ8N6g==
ciphertext: Wk8Gv1xQWikp1YryQiywgQ==
ciphertext binary: ZO�\PZ))Պ�B,��
combined: A��mTn�*)�
�Wk8Gv1xQWikp1YryQiywgQ==
-----
Key decrypted: 1234567890abcdef
Cipherkey: 1234567890abcdef
iv: QffXbVRuwyopwwvQXQ8N6g==
ciphertext: Wk8Gv1xQWikp1YryQiywgQ==
ciphertext binary: ZO�\PZ))Պ�B,��
The result: ��2��J���~A�D
【问题讨论】:
-
您正在尝试使用 AES-256 和 a128 位密钥进行加密...我想知道 PHP
openssl_encrypt是如何处理的(可能使用 0 填充)。由于 golang 中似乎没有任何 AES-256 的引用,因此很可能采用 AES-128。 -
@oliv,两者都正确。
-
感谢你们! :-)
-
我在 Freenode 上的 #go-nuts play.golang.org/p/omrrL6SKV5a 获得的示例代码
标签: php go encryption openssl