问题描述
$ echo 'this is text' > text.1
$ openssl enc -aes-256-cbc -a -k "thisisapassword" -in text.1 -out text.enc
$ openssl enc -d -aes-256-cbc -a -k "thisisapassword" -in text.enc -out text.2
$ cat text.2
this is text
我可以使用openssl做到这一点.现在,我该如何在m2crypto中执行相同的操作.文档缺少此功能.我看了看snv测试用例,那里还是一无所有.我找到了一个示例, http://passingcuriosity.com/2009/aes-encryption-in-python-with-m2crypto/(更改为aes_256_cbc),它将对自己的字符串进行加密/解密,但是它无法解密使用openssl制作的任何内容,并且加密的内容也无法从openssl.
I can do this with openssl. Now, how do I do the same in m2crypto. Documentation is lacking this. I looked at the snv test cases, still nothing there. I found one sample, http://passingcuriosity.com/2009/aes-encryption-in-python-with-m2crypto/ (changed to aes_256_cbc), and it will encrypted/descrypt it's own strings, but it cannot decrypt anything made with openssl, and anything it encrypts isn't decryptable from openssl.
我需要能够使用aes-256-cbc进行enc/dec,因为已经使用该文件加密了许多文件,并且我们还有许多其他系统也可以很好地处理aes-256-cbc的输出.
I need to be able enc/dec with aes-256-cbc as have many files already encrypted with this and we have many other systems in place that also handle the aes-256-cbc output just fine.
我们仅使用密码短语,没有IV.因此将IV设置为\ 0 * 16是有意义的,但是我不确定这是否也是问题的一部分.
We use password phrases only, with no IV. So setting the IV to \0 * 16 makes sense, but I'm not sure if this is also part of the problem.
任何人都可以进行与m2crypto兼容的AES 256工作样本吗?
Anyone have any working samples of doing AES 256 that is compatible with m2crypto?
我还将尝试其他一些库,看看它们是否更好用.
I will also be trying some additional libraries and seeing if they work any better.
推荐答案
部分问题是,openssl创建的文件包含16字节的前置盐信息Salted__xxxxxxxx.因此,必须先提取这些内容,然后才能进行解密.下一个问题是获取原始密码,撒上盐,然后从中获取生成的密钥,并制作密钥/iv对进行解密.我已经能够使他们的第一轮键入哈希值,但是由于是256位的,因此需要两轮才能成功.问题在于创建第二轮哈希.
Part of the problem is that the openssl created file contains 16 bytes of prepended salt information Salted__xxxxxxxx. So, these must be extracted first, then decryption may occur. The next problem is to take original password, sprinkle in the salt, and take the generated key from that and make the key/iv pair for decryption. I have been able to make the first round of they key in hash, but being 256 bit, it needs two rounds to be successful. The problem is creating the second round of hash.
还应该提及的是,我们被锁定在python 2.4中,因此将来引入的某些关键例程对我们不起作用.
It should also be mentioned that we are locked into python 2.4 so some of the future key routines that are introduced do not work for us.
这篇关于m2crypto aes-256-cbc对编码的openssl文件不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!