問題
我希望能夠在 Go 中解密在 Python 中加密的內容。加密/解密函式分別在每種語言中作業,但當我在 Python 中加密和在 Go 中解密時,我猜編碼有問題,因為我得到亂碼輸出:
Rx????d??I?K|?ap???k??B%F???UV?~d3h??????|?????>?B??B?
Python中的加密/解密
def encrypt(plaintext, key=config.SECRET, key_salt='', no_iv=False):
"""Encrypt shit the right way"""
# sanitize inputs
key = SHA256.new((key key_salt).encode()).digest()
if len(key) not in AES.key_size:
raise Exception()
if isinstance(plaintext, string_types):
plaintext = plaintext.encode('utf-8')
# pad plaintext using PKCS7 padding scheme
padlen = AES.block_size - len(plaintext) % AES.block_size
plaintext = (chr(padlen) * padlen).encode('utf-8')
# generate random initialization vector using CSPRNG
if no_iv:
iv = ('\0' * AES.block_size).encode()
else:
iv = get_random_bytes(AES.block_size)
log.info(AES.block_size)
# encrypt using AES in CFB mode
ciphertext = AES.new(key, AES.MODE_CFB, iv).encrypt(plaintext)
# prepend iv to ciphertext
if not no_iv:
ciphertext = iv ciphertext
# return ciphertext in hex encoding
log.info(ciphertext)
return ciphertext.hex()
def decrypt(ciphertext, key=config.SECRET, key_salt='', no_iv=False):
"""Decrypt shit the right way"""
# sanitize inputs
key = SHA256.new((key key_salt).encode()).digest()
if len(key) not in AES.key_size:
raise Exception()
if len(ciphertext) % AES.block_size:
raise Exception()
try:
ciphertext = codecs.decode(ciphertext, 'hex')
except TypeError:
log.warning("Ciphertext wasn't given as a hexadecimal string.")
# split initialization vector and ciphertext
if no_iv:
iv = '\0' * AES.block_size
else:
iv = ciphertext[:AES.block_size]
ciphertext = ciphertext[AES.block_size:]
# decrypt ciphertext using AES in CFB mode
plaintext = AES.new(key, AES.MODE_CFB, iv).decrypt(ciphertext).decode()
# validate padding using PKCS7 padding scheme
padlen = ord(plaintext[-1])
if padlen < 1 or padlen > AES.block_size:
raise Exception()
if plaintext[-padlen:] != chr(padlen) * padlen:
raise Exception()
plaintext = plaintext[:-padlen]
return plaintext
Go中的加密/解密
// PKCS5Padding adds padding to the plaintext to make it a multiple of the block size
func PKCS5Padding(src []byte, blockSize int) []byte {
padding := blockSize - len(src)%blockSize
padtext := bytes.Repeat([]byte{byte(padding)}, padding)
return append(src, padtext...)
}
// Encrypt encrypts the plaintext,the input salt should be a random string that is appended to the plaintext
// that gets fed into the one-way function that hashes it.
func Encrypt(plaintext) string {
h := sha256.New()
h.Write([]byte(os.Getenv("SECRET")))
key := h.Sum(nil)
plaintextBytes := PKCS5Padding([]byte(plaintext), aes.BlockSize)
block, err := aes.NewCipher(key)
if err != nil {
panic(err)
}
// The IV needs to be unique, but not secure. Therefore it's common to
// include it at the beginning of the ciphertext.
ciphertext := make([]byte, aes.BlockSize len(plaintextBytes))
iv := ciphertext[:aes.BlockSize]
if _, err := io.ReadFull(rand.Reader, iv); err != nil {
panic(err)
}
stream := cipher.NewCFBEncrypter(block, iv)
stream.XORKeyStream(ciphertext[aes.BlockSize:], plaintextBytes)
// return hexadecimal representation of the ciphertext
return hex.EncodeToString(ciphertext)
}
func PKCS5UnPadding(src []byte) []byte {
length := len(src)
unpadding := int(src[length-1])
return src[:(length - unpadding)]
}
func Decrypt(ciphertext string) string {
h := sha256.New()
// have to check if the secret is hex encoded
h.Write([]byte(os.Getenv("SECRET")))
key := h.Sum(nil)
ciphertext_bytes := []byte(ciphertext)
block, err := aes.NewCipher(key)
if err != nil {
panic(err)
}
log.Print(aes.BlockSize)
// The IV needs to be unique, but not secure. Therefore it's common to
// include it at the beginning of the ciphertext.
iv := ciphertext_bytes[:aes.BlockSize]
if len(ciphertext) < aes.BlockSize {
panic("ciphertext too short")
}
ciphertext_bytes = ciphertext_bytes[aes.BlockSize:]
stream := cipher.NewCFBDecrypter(block, iv)
stream.XORKeyStream(ciphertext_bytes, ciphertext_bytes)
plaintext := PKCS5UnPadding(ciphertext_bytes)
return string(plaintext)
}
uj5u.com熱心網友回復:
CFB 模式使用與每個加密步驟加密的位相對應的段大小,請參閱CFB。
Go 僅支持 128 位 (CFB128) 的段大小,至少無需進行更深入的修改(s. here和here)。相比之下,PyCryptodome 中的段大小是可配置的,默認為 8 位 (CFB8),s。在這里。貼出來的 Python 代碼使用這個默認值,所以這兩個代碼是不兼容的。由于分段大小在 Go 代碼中不可調整,因此必須在 Python 代碼中設定為 CFB128:
cipher = AES.new(key, AES.MODE_CFB, iv, segment_size=128)
此外,密文在 Python 代碼中是十六進制編碼的,所以它必須在 Go 代碼中進行十六進制解碼,這在發布的代碼中還沒有發生。
通過這兩項更改,可以解密使用 Python 代碼生成的密文。
以下 Go 代碼中的密文是使用 Python 代碼使用 128 位的段大小和密碼創建的my passphrase,并成功解密:
package main
import (
"crypto/aes"
"crypto/cipher"
"crypto/sha256"
"encoding/hex"
"fmt"
)
func main() {
ciphertextHex := "546ddf226c4c556c7faa386940f4fff9b09f7e3a2ccce2ed26f7424cf9c8cd743e826bc8a2854bb574df9f86a94e7b2b1e63886953a6a3eb69eaa5fa03d69ba5" // Fix 1: Apply CFB128 on the Python side
fmt.Println(Decrypt(ciphertextHex)) // The quick brown fox jumps over the lazy dog
}
func PKCS5UnPadding(src []byte) []byte {
length := len(src)
unpadding := int(src[length-1])
return src[:(length - unpadding)]
}
func Decrypt(ciphertext string) string {
h := sha256.New()
//h.Write([]byte(os.Getenv("SECRET")))
h.Write([]byte("my passphrase")) // Apply passphrase from Python side
key := h.Sum(nil)
//ciphertext_bytes := []byte(ciphertext)
ciphertext_bytes, _ := hex.DecodeString(ciphertext) // Fix 2. Hex decode ciphertext
block, err := aes.NewCipher(key)
if err != nil {
panic(err)
}
iv := ciphertext_bytes[:aes.BlockSize]
if len(ciphertext) < aes.BlockSize {
panic("ciphertext too short")
}
ciphertext_bytes = ciphertext_bytes[aes.BlockSize:]
stream := cipher.NewCFBDecrypter(block, iv)
stream.XORKeyStream(ciphertext_bytes, ciphertext_bytes)
plaintext := PKCS5UnPadding(ciphertext_bytes)
return string(plaintext)
}
安全:
- 使用摘要作為密鑰派生函式是不安全的。應用專用的密鑰派生函式,如 PBKDF2。
- 靜態或丟失的鹽也是不安全的。為每次加密使用隨機生成的鹽。將非秘密鹽與密文(類似于 IV)連接起來,例如
salt|IV|ciphertext. - 該變體
no_iv=True應用靜態 IV(零 IV),這是不安全的,不應使用。使用變體描述正確的方法no_iv=False。 - CFB 是一種流密碼模式,因此不需要填充/取消填充,因此可以在兩側洗掉。
轉載請註明出處,本文鏈接:https://www.uj5u.com/qianduan/463403.html
