- c - 在位数组中找到第一个零
- linux - Unix 显示有关匹配两种模式之一的文件的信息
- 正则表达式替换多个文件
- linux - 隐藏来自 xtrace 的命令
我的目标是创建一个 C/C++ 程序来加密/解密与标准 OpenSSL 二进制实用程序兼容的数据(到文件)。理想情况下,管理员可以使用命令 "/usr/bin/openssl enc -aes-128-cbc -in input.txt -k password -a "
...然后C/C++ 程序能够解密 base64 哈希。
遗憾的是,使用 OpenSSL 进行 AES 加密的示例非常少,并且不清楚使用/usr/bin/openssl 实用程序时的默认参数是什么。我发现的唯一 aes 加密示例是这个 ( http://saju.net.in/blog/?p=36 ),但我无法让它产生与/usr/bin/openssl 相同的输出。
有什么线索吗?我应该查看 openssl 实用程序的源代码吗?
谢谢!
最佳答案
Unfortunately, there are very few examples of AES encryption with OpenSSL
您可能应该学习类似 OpenSSL 示例的内容 EVP Symmetric Encryption and Decryption第一的。它更容易理解,并且进行了一些技术编辑以确保它比我见过的许多不好的例子更正确。
isn't clear what the default parameters are when using the /usr/bin/openssl
您会在 enc.c
中找到它。我相信所有子命令(如 enc
、dec
、s_client
和 s_server
)都有一个附带的源文件。您可以在 apps
文件夹中找到它:openssl-1.0.1e\apps\enc.c
。如果您想查看密码是如何破解的,请遵循 EVP_read_pw_string
。
int MAIN(int argc, char **argv)
{
static const char magic[]="Salted__";
char mbuf[sizeof magic-1];
char *strbuf=NULL;
unsigned char *buff=NULL,*bufsize=NULL;
int bsize=BSIZE,verbose=0;
int ret=1,inl;
int nopad = 0;
unsigned char key[EVP_MAX_KEY_LENGTH],iv[EVP_MAX_IV_LENGTH];
unsigned char salt[PKCS5_SALT_LEN];
char *str=NULL, *passarg = NULL, *pass = NULL;
char *hkey=NULL,*hiv=NULL,*hsalt = NULL;
char *md=NULL;
int enc=1,printkey=0,i,base64=0;
#ifdef ZLIB
int do_zlib=0;
BIO *bzl = NULL;
#endif
int debug=0,olb64=0,nosalt=0;
const EVP_CIPHER *cipher=NULL,*c;
EVP_CIPHER_CTX *ctx = NULL;
char *inf=NULL,*outf=NULL;
BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
#define PROG_NAME_SIZE 39
char pname[PROG_NAME_SIZE+1];
#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
#endif
const EVP_MD *dgst=NULL;
int non_fips_allow = 0;
apps_startup();
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
/* first check the program name */
program_name(argv[0],pname,sizeof pname);
if (strcmp(pname,"base64") == 0)
base64=1;
#ifdef ZLIB
if (strcmp(pname,"zlib") == 0)
do_zlib=1;
#endif
cipher=EVP_get_cipherbyname(pname);
#ifdef ZLIB
if (!do_zlib && !base64 && (cipher == NULL)
&& (strcmp(pname,"enc") != 0))
#else
if (!base64 && (cipher == NULL) && (strcmp(pname,"enc") != 0))
#endif
{
BIO_printf(bio_err,"%s is an unknown cipher\n",pname);
goto bad;
}
argc--;
argv++;
while (argc >= 1)
{
if (strcmp(*argv,"-e") == 0)
enc=1;
else if (strcmp(*argv,"-in") == 0)
{
if (--argc < 1) goto bad;
inf= *(++argv);
}
else if (strcmp(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
outf= *(++argv);
}
else if (strcmp(*argv,"-pass") == 0)
{
if (--argc < 1) goto bad;
passarg= *(++argv);
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
#endif
else if (strcmp(*argv,"-d") == 0)
enc=0;
else if (strcmp(*argv,"-p") == 0)
printkey=1;
else if (strcmp(*argv,"-v") == 0)
verbose=1;
else if (strcmp(*argv,"-nopad") == 0)
nopad=1;
else if (strcmp(*argv,"-salt") == 0)
nosalt=0;
else if (strcmp(*argv,"-nosalt") == 0)
nosalt=1;
else if (strcmp(*argv,"-debug") == 0)
debug=1;
else if (strcmp(*argv,"-P") == 0)
printkey=2;
else if (strcmp(*argv,"-A") == 0)
olb64=1;
else if (strcmp(*argv,"-a") == 0)
base64=1;
else if (strcmp(*argv,"-base64") == 0)
base64=1;
#ifdef ZLIB
else if (strcmp(*argv,"-z") == 0)
do_zlib=1;
#endif
else if (strcmp(*argv,"-bufsize") == 0)
{
if (--argc < 1) goto bad;
bufsize=(unsigned char *)*(++argv);
}
else if (strcmp(*argv,"-k") == 0)
{
if (--argc < 1) goto bad;
str= *(++argv);
}
else if (strcmp(*argv,"-kfile") == 0)
{
static char buf[128];
FILE *infile;
char *file;
if (--argc < 1) goto bad;
file= *(++argv);
infile=fopen(file,"r");
if (infile == NULL)
{
BIO_printf(bio_err,"unable to read key from '%s'\n",
file);
goto bad;
}
buf[0]='\0';
if (!fgets(buf,sizeof buf,infile))
{
BIO_printf(bio_err,"unable to read key from '%s'\n",
file);
goto bad;
}
fclose(infile);
i=strlen(buf);
if ((i > 0) &&
((buf[i-1] == '\n') || (buf[i-1] == '\r')))
buf[--i]='\0';
if ((i > 0) &&
((buf[i-1] == '\n') || (buf[i-1] == '\r')))
buf[--i]='\0';
if (i < 1)
{
BIO_printf(bio_err,"zero length password\n");
goto bad;
}
str=buf;
}
else if (strcmp(*argv,"-K") == 0)
{
if (--argc < 1) goto bad;
hkey= *(++argv);
}
else if (strcmp(*argv,"-S") == 0)
{
if (--argc < 1) goto bad;
hsalt= *(++argv);
}
else if (strcmp(*argv,"-iv") == 0)
{
if (--argc < 1) goto bad;
hiv= *(++argv);
}
else if (strcmp(*argv,"-md") == 0)
{
if (--argc < 1) goto bad;
md= *(++argv);
}
else if (strcmp(*argv,"-non-fips-allow") == 0)
non_fips_allow = 1;
else if ((argv[0][0] == '-') &&
((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL))
{
cipher=c;
}
else if (strcmp(*argv,"-none") == 0)
cipher=NULL;
else
{
BIO_printf(bio_err,"unknown option '%s'\n",*argv);
bad:
BIO_printf(bio_err,"options are\n");
BIO_printf(bio_err,"%-14s input file\n","-in <file>");
BIO_printf(bio_err,"%-14s output file\n","-out <file>");
BIO_printf(bio_err,"%-14s pass phrase source\n","-pass <arg>");
BIO_printf(bio_err,"%-14s encrypt\n","-e");
BIO_printf(bio_err,"%-14s decrypt\n","-d");
BIO_printf(bio_err,"%-14s base64 encode/decode, depending on encryption flag\n","-a/-base64");
BIO_printf(bio_err,"%-14s passphrase is the next argument\n","-k");
BIO_printf(bio_err,"%-14s passphrase is the first line of the file argument\n","-kfile");
BIO_printf(bio_err,"%-14s the next argument is the md to use to create a key\n","-md");
BIO_printf(bio_err,"%-14s from a passphrase. One of md2, md5, sha or sha1\n","");
BIO_printf(bio_err,"%-14s salt in hex is the next argument\n","-S");
BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
BIO_printf(bio_err,"%-14s disable standard block padding\n","-nopad");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");
#endif
BIO_printf(bio_err,"Cipher Types\n");
OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
show_ciphers,
bio_err);
BIO_printf(bio_err,"\n");
goto end;
}
argc--;
argv++;
}
#ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
#endif
if (md && (dgst=EVP_get_digestbyname(md)) == NULL)
{
BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
goto end;
}
if (dgst == NULL)
{
dgst = EVP_md5();
}
if (bufsize != NULL)
{
unsigned long n;
for (n=0; *bufsize; bufsize++)
{
i= *bufsize;
if ((i <= '9') && (i >= '0'))
n=n*10+i-'0';
else if (i == 'k')
{
n*=1024;
bufsize++;
break;
}
}
if (*bufsize != '\0')
{
BIO_printf(bio_err,"invalid 'bufsize' specified.\n");
goto end;
}
/* It must be large enough for a base64 encoded line */
if (base64 && n < 80) n=80;
bsize=(int)n;
if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize);
}
strbuf=OPENSSL_malloc(SIZE);
buff=(unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize));
if ((buff == NULL) || (strbuf == NULL))
{
BIO_printf(bio_err,"OPENSSL_malloc failure %ld\n",(long)EVP_ENCODE_LENGTH(bsize));
goto end;
}
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL))
{
ERR_print_errors(bio_err);
goto end;
}
if (debug)
{
BIO_set_callback(in,BIO_debug_callback);
BIO_set_callback(out,BIO_debug_callback);
BIO_set_callback_arg(in,(char *)bio_err);
BIO_set_callback_arg(out,(char *)bio_err);
}
if (inf == NULL)
{
#ifndef OPENSSL_NO_SETVBUF_IONBF
if (bufsize != NULL)
setvbuf(stdin, (char *)NULL, _IONBF, 0);
#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
BIO_set_fp(in,stdin,BIO_NOCLOSE);
}
else
{
if (BIO_read_filename(in,inf) <= 0)
{
perror(inf);
goto end;
}
}
if(!str && passarg) {
if(!app_passwd(bio_err, passarg, NULL, &pass, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
str = pass;
}
if ((str == NULL) && (cipher != NULL) && (hkey == NULL))
{
for (;;)
{
char buf[200];
BIO_snprintf(buf,sizeof buf,"enter %s %s password:",
OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
(enc)?"encryption":"decryption");
strbuf[0]='\0';
i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc);
if (i == 0)
{
if (strbuf[0] == '\0')
{
ret=1;
goto end;
}
str=strbuf;
break;
}
if (i < 0)
{
BIO_printf(bio_err,"bad password read\n");
goto end;
}
}
}
if (outf == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifndef OPENSSL_NO_SETVBUF_IONBF
if (bufsize != NULL)
setvbuf(stdout, (char *)NULL, _IONBF, 0);
#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outf) <= 0)
{
perror(outf);
goto end;
}
}
rbio=in;
wbio=out;
#ifdef ZLIB
if (do_zlib)
{
if ((bzl=BIO_new(BIO_f_zlib())) == NULL)
goto end;
if (enc)
wbio=BIO_push(bzl,wbio);
else
rbio=BIO_push(bzl,rbio);
}
#endif
if (base64)
{
if ((b64=BIO_new(BIO_f_base64())) == NULL)
goto end;
if (debug)
{
BIO_set_callback(b64,BIO_debug_callback);
BIO_set_callback_arg(b64,(char *)bio_err);
}
if (olb64)
BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);
if (enc)
wbio=BIO_push(b64,wbio);
else
rbio=BIO_push(b64,rbio);
}
if (cipher != NULL)
{
/* Note that str is NULL if a key was passed on the command
* line, so we get no salt in that case. Is this a bug?
*/
if (str != NULL)
{
/* Salt handling: if encrypting generate a salt and
* write to output BIO. If decrypting read salt from
* input BIO.
*/
unsigned char *sptr;
if(nosalt) sptr = NULL;
else {
if(enc) {
if(hsalt) {
if(!set_hex(hsalt,salt,sizeof salt)) {
BIO_printf(bio_err,
"invalid hex salt value\n");
goto end;
}
} else if (RAND_pseudo_bytes(salt, sizeof salt) < 0)
goto end;
/* If -P option then don't bother writing */
if((printkey != 2)
&& (BIO_write(wbio,magic,
sizeof magic-1) != sizeof magic-1
|| BIO_write(wbio,
(char *)salt,
sizeof salt) != sizeof salt)) {
BIO_printf(bio_err,"error writing output file\n");
goto end;
}
} else if(BIO_read(rbio,mbuf,sizeof mbuf) != sizeof mbuf
|| BIO_read(rbio,
(unsigned char *)salt,
sizeof salt) != sizeof salt) {
BIO_printf(bio_err,"error reading input file\n");
goto end;
} else if(memcmp(mbuf,magic,sizeof magic-1)) {
BIO_printf(bio_err,"bad magic number\n");
goto end;
}
sptr = salt;
}
EVP_BytesToKey(cipher,dgst,sptr,
(unsigned char *)str,
strlen(str),1,key,iv);
/* zero the complete buffer or the string
* passed from the command line
* bug picked up by
* Larry J. Hughes Jr. <hughes@indiana.edu> */
if (str == strbuf)
OPENSSL_cleanse(str,SIZE);
else
OPENSSL_cleanse(str,strlen(str));
}
if ((hiv != NULL) && !set_hex(hiv,iv,sizeof iv))
{
BIO_printf(bio_err,"invalid hex iv value\n");
goto end;
}
if ((hiv == NULL) && (str == NULL)
&& EVP_CIPHER_iv_length(cipher) != 0)
{
/* No IV was explicitly set and no IV was generated
* during EVP_BytesToKey. Hence the IV is undefined,
* making correct decryption impossible. */
BIO_printf(bio_err, "iv undefined\n");
goto end;
}
if ((hkey != NULL) && !set_hex(hkey,key,sizeof key))
{
BIO_printf(bio_err,"invalid hex key value\n");
goto end;
}
if ((benc=BIO_new(BIO_f_cipher())) == NULL)
goto end;
/* Since we may be changing parameters work on the encryption
* context rather than calling BIO_set_cipher().
*/
BIO_get_cipher_ctx(benc, &ctx);
if (non_fips_allow)
EVP_CIPHER_CTX_set_flags(ctx,
EVP_CIPH_FLAG_NON_FIPS_ALLOW);
if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
{
BIO_printf(bio_err, "Error setting cipher %s\n",
EVP_CIPHER_name(cipher));
ERR_print_errors(bio_err);
goto end;
}
if (nopad)
EVP_CIPHER_CTX_set_padding(ctx, 0);
if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
{
BIO_printf(bio_err, "Error setting cipher %s\n",
EVP_CIPHER_name(cipher));
ERR_print_errors(bio_err);
goto end;
}
if (debug)
{
BIO_set_callback(benc,BIO_debug_callback);
BIO_set_callback_arg(benc,(char *)bio_err);
}
if (printkey)
{
if (!nosalt)
{
printf("salt=");
for (i=0; i<(int)sizeof(salt); i++)
printf("%02X",salt[i]);
printf("\n");
}
if (cipher->key_len > 0)
{
printf("key=");
for (i=0; i<cipher->key_len; i++)
printf("%02X",key[i]);
printf("\n");
}
if (cipher->iv_len > 0)
{
printf("iv =");
for (i=0; i<cipher->iv_len; i++)
printf("%02X",iv[i]);
printf("\n");
}
if (printkey == 2)
{
ret=0;
goto end;
}
}
}
/* Only encrypt/decrypt as we write the file */
if (benc != NULL)
wbio=BIO_push(benc,wbio);
for (;;)
{
inl=BIO_read(rbio,(char *)buff,bsize);
if (inl <= 0) break;
if (BIO_write(wbio,(char *)buff,inl) != inl)
{
BIO_printf(bio_err,"error writing output file\n");
goto end;
}
}
if (!BIO_flush(wbio))
{
BIO_printf(bio_err,"bad decrypt\n");
goto end;
}
ret=0;
if (verbose)
{
BIO_printf(bio_err,"bytes read :%8ld\n",BIO_number_read(in));
BIO_printf(bio_err,"bytes written:%8ld\n",BIO_number_written(out));
}
end:
ERR_print_errors(bio_err);
if (strbuf != NULL) OPENSSL_free(strbuf);
if (buff != NULL) OPENSSL_free(buff);
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free_all(out);
if (benc != NULL) BIO_free(benc);
if (b64 != NULL) BIO_free(b64);
#ifdef ZLIB
if (bzl != NULL) BIO_free(bzl);
#endif
if(pass) OPENSSL_free(pass);
apps_shutdown();
OPENSSL_EXIT(ret);
}
关于c++ - 与/usr/bin/openssl 输出相同的 C/C++ 程序,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/6903942/
我正在使用源代码中的Postgres 13(Rel_13_STRATE分支),并且我使用的是来自apachea/age源代码的(Release/PG13/1.3.0分支)中的1.3.0版的Apache
/usr/bin/ld: cannot find -ldlib /usr/bin/ld: cannot find -lcblas /usr/bin/ld: cannot find -llapack 在
我正在尝试运行 project 。但它给出了一个错误 fs.js:666 return binding.readdir(pathModule._makeLong(path));
我的新 CentOS7 中有两个目录: Work_Folder1/my_project/linux_dev.cfg Work_Folder2/my_project/linux_dev.cfg 如果我尝
我正在读这个thread和 PostgreSQL 9.4 的手册。我跑 ps auxw | grep postgres | grep -- -D 但是得到 postgres 17340 0.0
我想在我的 shell 中使用系统服务,但该服务的 bin 路径在不同的机器上是不同的(/usr/sbin/myservice 或/usr/local/sbin/myservice)。 那么,我怎样才
我正在为 centos 制定 RPM 规范,如果 arch 是 64 位的,它需要将共享库安装到/usr/lib64,否则需要安装到/usr/lib? 最佳答案 这不是它应该的工作方式。决定库去向的不
我使用 gem install watchr 在 OS X (10.8.3) 上安装了 watchr。它安装在 /usr/bin/watchr $ which watchr /usr/bin/watc
在linux下我们经常用到的四个应用程序的目录是:/bin、/sbin、/usr/bin、/usr/sbin bin: bin为binary的简写主要放置一些系统的必备执行档例如:cat、cp
我在 Pop_OS 下使用 PyCharm 2020.2.3 和 Python 3.8.6! 20.10(你可以像我使用 Ubuntu 20.10 一样)无法在 /usr/bin 或 /usr/lib
我在新的 MacBook 中使用 OS X Yosemite。刚刚安装了 Homebrew 和一些基本的软件包,最近搬到了这台新电脑上。 我注意到,当我安装新的 brew 包时,偶尔会出现链接错误。出
我到 gcc 的链接行连续包含以下两个条目: -lrt -lpam 这似乎扩展为: /usr/lib64/librt.so /usr/lib/libpam.so 为什么 rt 解析为 lib64 而
我有一个大型捆绑软件发行版的错误 Makefile。在某些时候,编译器总是“忘记”我想在 32 位程序中编译。这导致部分程序具有 64 位库,而其他程序具有 32 位库。 如何在每次运行 gcc 时强
如果我安装了Go发行版软件包,则会在/usr/lib/golang/pkg中看到很多文件,在/usr/lib/golang/src中看到非常相似的文件集。这两组之间有什么关系? pkg是从src中的源
我在安装 python 2.7.6 时犯了一个错误,没有使用 home brew,现在我的 python 设置为 /usr/local/bin/python 中的 python(这是 2.7.6)。
我是一名见习程序员,有时我的头脑浮在云端.. 我的同事通过 ssh 连接来搞乱我的专业计算机。其中一位告诉我,防止这种情况发生的最佳方法是保护我的计算机。为了做到这一点,我不小心更改了/usr 目录的
我在 ubuntu 16.04 上尝试编译 fbthrift ( https://github.com/facebook/fbthrift ) 时遇到奇怪的错误 make[4]: Entering d
我遇到了这个奇怪的问题 ag: /usr/lib64/liblzma.so.5: no version information available (required by ag) 由于某种原因,预装
我用的是 ubuntu。 我发现安装的许多 Python 库都在 /usr/lib/python 和 /usr/lib64/python 中。 当我打印一个模块对象时,模块路径显示该模块位于/usr/
在 Linux 上,特别是 Debian Jessie,我应该使用 /usr/bin/python 还是应该在 /usr/local/bin 中安装另一个副本? 据我所知,前者是系统版本,随着操作系统
我是一名优秀的程序员,十分优秀!