【发布时间】:2026-02-06 19:20:07
【问题描述】:
我使用 .NET 加密文件。
接下来,我尝试使用 OpenSSL 对其进行解密,但我遇到了一个问题:
bad decrypt
4294956672:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:529:
我已经简化了例子:
- 我不在 .NET 中生成密钥和 iv 并从 OpenSSL 使用它
- 我不使用盐
- 我不使用base64,只使用二进制
所以,
1) 我从 OpenSSL 获得 IV 和密钥
openssl enc -aes-256-cbc -pass pass:myPassword -P -nosalt
key=69BD0330B47FF638C3471005819C28F7B938830888101C9135EF41D8641F2709
iv =71C334727A6C5DE704C21965E9BAC0F8
2) 我加密文件:
调用:
key = new byte[]{0x69, 0xBD, 0x03, 0x30, 0xB4, 0x7F, 0xF6, 0x38, 0xC3, 0x47, 0x10, 0x05, 0x81, 0x9C, 0x28, 0xF7, 0xB9, 0x38, 0x83, 0x08, 0x88, 0x10, 0x1C, 0x91, 0x35, 0xEF, 0x41, 0xD8, 0x64, 0x1F, 0x27, 0x09};
iv = new byte[]{0x71, 0xC3, 0x34, 0x72, 0x7A, 0x6C, 0x5D, 0xE7, 0x04, 0xC2, 0x19, 0x65, 0xE9, 0xBA, 0xC0, 0xF8};
byte[] response = await EncryptString(textWriter.ToString(), key, iv);
功能:
public async Task<byte[]> EncryptString(string plainText, byte[] key, byte[] iv)
{
Aes encryptor = Aes.Create();
encryptor.Mode = CipherMode.CBC;
encryptor.Key = key;
encryptor.Padding = PaddingMode.PKCS7;
encryptor.BlockSize = 128;
encryptor.IV = iv;
encryptor.KeySize = 256;
// Convert the plainText string into a byte array
byte[] plainBytes = Encoding.ASCII.GetBytes(plainText);
using (MemoryStream memoryStream = new MemoryStream())
{
ICryptoTransform aesEncryptor = encryptor.CreateEncryptor();
using (CryptoStream cryptoStream = new CryptoStream(memoryStream, aesEncryptor, CryptoStreamMode.Write))
{
await cryptoStream.WriteAsync(plainBytes, 0, plainBytes.Length);
}
return memoryStream.ToArray();
}
}
3) 我将字节数组写入文件(我必须使用 FTP)
public async Task UploadFileAsync(Uri uri, string login, string password, byte[] content)
{
FtpWebRequest ftpRequest = (FtpWebRequest)WebRequest.Create(uri);
ftpRequest.Method = WebRequestMethods.Ftp.UploadFile;
ftpRequest.UseBinary = true;
ftpRequest.UsePassive = true;
ftpRequest.KeepAlive = true;
SetFtpCredentials(ftpRequest, login, password);
using (var stream = new BinaryWriter(ftpRequest.GetRequestStream()))
{
stream.Write(content,0,content.Length);
}
using (var ftpResponse = (FtpWebResponse)ftpRequest.GetResponse())
{
using (Stream ftpStream = ftpResponse.GetResponseStream())
{
}
}
}
4) 我尝试解密文件
openssl.exe aes-256-cbc -in input.xml -d -out output.xml -md sha256 -nosalt -debug -K 69BD0330B47FF638C3471005819C28F7B938830888101C9135EF41D8641F2709 -iv 71C334727A6C5DE704C21965E9BAC0F8
回应:
BIO[0x600060ee0]: ctrl(108) - FILE pointer
BIO[0x600060ee0]: ctrl return 1
BIO[0x600060f60]: ctrl(108) - FILE pointer
BIO[0x600060f60]: ctrl return 1
BIO[0x600061080]: ctrl(6) - cipher
BIO[0x600060f60]: ctrl(6) - FILE pointer
BIO[0x600060f60]: ctrl return 0
BIO[0x600061080]: ctrl return 0
BIO[0x600060ee0]: read(0,8192) - FILE pointer
BIO[0x600060ee0]: read return 1328
BIO[0x600061080]: write(0,1328) - cipher
BIO[0x600060f60]: write(0,1312) - FILE pointer
BIO[0x600060f60]: write return 1312
BIO[0x600061080]: write return 1328
BIO[0x600060ee0]: read(0,8192) - FILE pointer
BIO[0x600060ee0]: read return 0
BIO[0x600061080]: ctrl(11) - cipher
BIO[0x600061080]: ctrl return 0
bad decrypt
4294956672:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:529:
BIO[0x600060ee0]: Free - FILE pointer
BIO[0x600060f60]: Free - FILE pointer
BIO[0x600061080]: Free - cipher
我应该解决什么问题?
【问题讨论】:
-
如何将字节编码为 xml 文件?
-
为类似问题提供的答案可能会奏效:*.com/questions/43366842/…
-
@DavidKemp,我已经在文件中添加了方法。
-
@Matze,我试图改变 FlushFinalBlock();使用简单的构造。但这对我不起作用。我看到,在那个例子中,key 和 IV 是用 SHA256 散列的。我的例子是否正确?
-
@SirHally 正如我已经提到的,我会尝试将
byte[] cipherBytes = memoryStream.ToArray();移动到外部使用块中,因为对FlushFinalBlock的调用不会强制将所有字节写入底层流。
标签: c# .net openssl aes cbc-mode