如果您查看相关网站的页面源代码,您会发现它使用了gibberish-aes javascript 库。要了解您必须做些什么才能使其发挥作用,您必须研究它的作用。
查看其source code,它似乎使用随机盐进行加密。前面加上字符串 Salted__ 构成密文的开头,然后再进行 base64 编码。
randArr = function(num) {
var result = [], i;
for (i = 0; i < num; i++) {
result = result.concat(Math.floor(Math.random() * 256));
}
return result;
},
和
enc = function(string, pass, binary) {
// string, password in plaintext
var salt = randArr(8),
pbe = openSSLKey(s2a(pass, binary), salt),
key = pbe.key,
iv = pbe.iv,
cipherBlocks,
saltBlock = [[83, 97, 108, 116, 101, 100, 95, 95].concat(salt)];
string = s2a(string, binary);
cipherBlocks = rawEncrypt(string, key, iv);
// Spells out 'Salted__'
cipherBlocks = saltBlock.concat(cipherBlocks);
return Base64.encode(cipherBlocks);
},
对于解密,它使用 base64 解码后从密文开头挑选盐的随机部分(第一个 slice 运算符):
dec = function(string, pass, binary) {
// string, password in plaintext
var cryptArr = Base64.decode(string),
salt = cryptArr.slice(8, 16),
pbe = openSSLKey(s2a(pass, binary), salt),
key = pbe.key,
iv = pbe.iv;
cryptArr = cryptArr.slice(16, cryptArr.length);
// Take off the Salted__ffeeddcc
string = rawDecrypt(cryptArr, key, iv, binary);
return string;
},
现在缺少的是openSSLkey 函数:
openSSLKey = function(passwordArr, saltArr) {
// Number of rounds depends on the size of the AES in use
// 3 rounds for 256
// 2 rounds for the key, 1 for the IV
// 2 rounds for 128
// 1 round for the key, 1 round for the IV
// 3 rounds for 192 since it's not evenly divided by 128 bits
var rounds = Nr >= 12 ? 3: 2,
key = [],
iv = [],
md5_hash = [],
result = [],
data00 = passwordArr.concat(saltArr),
i;
md5_hash[0] = GibberishAES.Hash.MD5(data00);
result = md5_hash[0];
for (i = 1; i < rounds; i++) {
md5_hash[i] = GibberishAES.Hash.MD5(md5_hash[i - 1].concat(data00));
result = result.concat(md5_hash[i]);
}
key = result.slice(0, 4 * Nk);
iv = result.slice(4 * Nk, 4 * Nk + 16);
return {
key: key,
iv: iv
};
},
所以基本上你必须将 openSSLKey 函数翻译成 Python 并输入你的密码和盐。这将创建一个 (key, iv) 元组。使用它们来加密您的数据。在使用 base64 对其进行编码之前,将字符串 Salted__ 和盐添加到密文中。那么它应该可以工作,我想。