我有一个 CryptoAPI 代码来加密/解密使用 AES-128 的给定数据和使用 SHA-256 从密码派生的 key 。

如何编写 OpenSSL 等效实现,以便能够用它加密数据,然后用 CryptoAPI 解密它,反之亦然?

尝试将 EVP_BytesToKey 与 EVP_aes_128_cbc() 和 EVP_sha256() 一起使用并没有“按原样”工作。
(“不起作用”我的意思是 - 无法解密 CryptoAPI 生成的加密数据,反之亦然。这确实适用于解密 OpenSSL 的加密数据)。

任何想法或好的引用?

先感谢您。

这是 Windows CryptoAPI 代码:

// Get the handle to the default provider.
      if(CryptAcquireContext(
                   &hCryptProv,
                   NULL,
                   MS_ENH_RSA_AES_PROV,
                   PROV_RSA_AES,
                   CRYPT_VERIFYCONTEXT))
          {
                   _tprintf(
                             TEXT("A cryptographic provider has been acquired. \n"));
          }
          else
          {
                   goto Exit_PrepareCAPI;
          }
          // Create a hash object.
          if(!CryptCreateHash(
                   hCryptProv,
                   HASH_ALGORITHM,
                   0,
                   0,
                   &hHash))
          {
                   goto Exit_PrepareCAPI;
          }
          // Hash in the password data.
          if(!CryptHashData(
                   hHash,
                   (BYTE*) strPassword.c_str(),
                   strPassword.length(),
                   (DWORD)0))
          {
                   goto Exit_PrepareCAPI;
          }
          // Derive a session key from the hash object.
          if(!CryptDeriveKey(
                   hCryptProv,
                   ENCRYPT_ALGORITHM,
                   hHash,
                    0x00800000 /*128 bit*/,
                   &hKey))
          {
                   goto Exit_PrepareCAPI;
          }
          DWORD cryptMode = CRYPT_MODE_CBC;

          if(!CryptSetKeyParam(
                   hKey,
                   KP_MODE,
                   (BYTE*)&cryptMode,
                   0))
          {
                   goto Exit_PrepareCAPI;
          }

                   if(!CryptGetHashParam(
                   hHash,
                   HP_HASHSIZE,
                   (BYTE *)&dwHashLen,
                   &dwHashLenSize,
                   0))
          {
                   goto Exit_PrepareCAPI;
          }

          pbHash = new BYTE[dwHashLen];

          if(!CryptGetHashParam(
                   hHash,
                   HP_HASHVAL,
                   pbHash,
                   &dwHashLen,
                   0))
          {
                   goto Exit_PrepareCAPI;
          }

          SecureZeroMemory( ivBuff, sizeof(ivBuff) );

          for(DWORD i = 16, j = 0 ; i < dwHashLen ; i++, j++)
          {
                   ivBuff[j] = pbHash[i];
          }

          if(!CryptSetKeyParam(
                   hKey,
                   KP_IV,
                   ivBuff,
                   0))
          {
                   goto Exit_PrepareCAPI;
          }
          //
          // Read the data into pre-allocated pbBuffer
          //
// Encrypt data.           if(!CryptEncrypt(
                    hKey,
                    NULL,
                    fEOF,
                    0,
                    pbBuffer,
                    &dwCount,
                    dwBufferLen))
{
                    goto Exit_MyEncryptFile;
          }
Exit_MyEncryptFile:
          // Cleanup allocated objects

最佳答案

毕竟,这段代码有效:

int generateKey(const string& strSecter)
{
SHA256_CTX sha256Ctx;
unsigned char hash[SHA256_DIGEST_LENGTH];
SecureZeroMemory(hash, sizeof hash);
SHA256_Init(&sha256Ctx);
SHA256_Update(&sha256Ctx, strSecter.c_str(), strSecter.length());
SHA256_Final(hash, &sha256Ctx);
memcpy(Key, hash, AES_BLOCK_SIZE);
memcpy(IV, hash + AES_BLOCK_SIZE, AES_BLOCK_SIZE);

return 0;
}

希望这会帮助某人。

10-06 03:53