我有一个 CryptoAPI 代码来加密/解密使用 AES-128 的给定数据和使用 SHA-256 从密码派生的 key 。
如何编写 OpenSSL 等效实现,以便能够用它加密数据,然后用 CryptoAPI 解密它,反之亦然?
尝试将 EVP_BytesToKey 与 EVP_aes_128_cbc() 和 EVP_sha256() 一起使用并没有“按原样”工作。
(“不起作用”我的意思是 - 无法解密 CryptoAPI 生成的加密数据,反之亦然。这确实适用于解密 OpenSSL 的加密数据)。
任何想法或好的引用?
先感谢您。
这是 Windows CryptoAPI 代码:
// Get the handle to the default provider.
if(CryptAcquireContext(
&hCryptProv,
NULL,
MS_ENH_RSA_AES_PROV,
PROV_RSA_AES,
CRYPT_VERIFYCONTEXT))
{
_tprintf(
TEXT("A cryptographic provider has been acquired. \n"));
}
else
{
goto Exit_PrepareCAPI;
}
// Create a hash object.
if(!CryptCreateHash(
hCryptProv,
HASH_ALGORITHM,
0,
0,
&hHash))
{
goto Exit_PrepareCAPI;
}
// Hash in the password data.
if(!CryptHashData(
hHash,
(BYTE*) strPassword.c_str(),
strPassword.length(),
(DWORD)0))
{
goto Exit_PrepareCAPI;
}
// Derive a session key from the hash object.
if(!CryptDeriveKey(
hCryptProv,
ENCRYPT_ALGORITHM,
hHash,
0x00800000 /*128 bit*/,
&hKey))
{
goto Exit_PrepareCAPI;
}
DWORD cryptMode = CRYPT_MODE_CBC;
if(!CryptSetKeyParam(
hKey,
KP_MODE,
(BYTE*)&cryptMode,
0))
{
goto Exit_PrepareCAPI;
}
if(!CryptGetHashParam(
hHash,
HP_HASHSIZE,
(BYTE *)&dwHashLen,
&dwHashLenSize,
0))
{
goto Exit_PrepareCAPI;
}
pbHash = new BYTE[dwHashLen];
if(!CryptGetHashParam(
hHash,
HP_HASHVAL,
pbHash,
&dwHashLen,
0))
{
goto Exit_PrepareCAPI;
}
SecureZeroMemory( ivBuff, sizeof(ivBuff) );
for(DWORD i = 16, j = 0 ; i < dwHashLen ; i++, j++)
{
ivBuff[j] = pbHash[i];
}
if(!CryptSetKeyParam(
hKey,
KP_IV,
ivBuff,
0))
{
goto Exit_PrepareCAPI;
}
//
// Read the data into pre-allocated pbBuffer
//
// Encrypt data. if(!CryptEncrypt(
hKey,
NULL,
fEOF,
0,
pbBuffer,
&dwCount,
dwBufferLen))
{
goto Exit_MyEncryptFile;
}
Exit_MyEncryptFile:
// Cleanup allocated objects
最佳答案
毕竟,这段代码有效:
int generateKey(const string& strSecter)
{
SHA256_CTX sha256Ctx;
unsigned char hash[SHA256_DIGEST_LENGTH];
SecureZeroMemory(hash, sizeof hash);
SHA256_Init(&sha256Ctx);
SHA256_Update(&sha256Ctx, strSecter.c_str(), strSecter.length());
SHA256_Final(hash, &sha256Ctx);
memcpy(Key, hash, AES_BLOCK_SIZE);
memcpy(IV, hash + AES_BLOCK_SIZE, AES_BLOCK_SIZE);
return 0;
}
希望这会帮助某人。