java - 使用openssl解密用java加密的aes-gcm

Question

我在 Java 中有以下代码:

public static void deriveKeyAndIV(String password)
            throws Exception
    {
        SecureRandom random = new SecureRandom();
        if (salt == null)
        {
            salt = new byte[HASH_BYTE_SIZE / 8]; // use salt size at least as long as hash
            random.nextBytes(salt);
        }
        if (ivBytes == null)
        {
            ivBytes = new byte[HASH_BYTE_SIZE / 8];
            random.nextBytes(ivBytes);
        }

        PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, PBKDF2_ITERATIONS, HASH_BYTE_SIZE);
        SecretKeyFactory skf = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
        keyBytes = skf.generateSecret(spec).getEncoded();
    }
public static byte[] encrypt(byte[] message) 
            throws Exception
    {
        // wrap key data in Key/IV specs to pass to cipher
        SecretKeySpec key = new SecretKeySpec(keyBytes, "AES");
        //IvParameterSpec ivSpec = new IvParameterSpec(ivBytes);
        // create the cipher with the algorithm you choose
        // see javadoc for Cipher class for more info, e.g.
        Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5Padding");

        GCMParameterSpec gps = new GCMParameterSpec(128, ivBytes);

        cipher.init(Cipher.ENCRYPT_MODE, key, gps);
        byte[] encrypted = new byte[cipher.getOutputSize(message.length)];
        int enc_len = cipher.update(message, 0, message.length, encrypted, 0);
        enc_len += cipher.doFinal(encrypted, enc_len);
        return encrypted;
    }
public static byte[] decrypt(byte[] cipher_text) 
            throws Exception
    {
        // wrap key data in Key/IV specs to pass to cipher
        SecretKeySpec key = new SecretKeySpec(keyBytes, "AES");
        // create the cipher with the algorithm you choose
        // see javadoc for Cipher class for more info, e.g.
        Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5Padding");

        GCMParameterSpec gps = new GCMParameterSpec(128, ivBytes);

        cipher.init(Cipher.DECRYPT_MODE, key, gps);
        byte[] decrypted = new byte[cipher.getOutputSize(cipher_text.length)];
        int dec_len = cipher.update(cipher_text, 0, cipher_text.length, decrypted, 0);
        dec_len += cipher.doFinal(decrypted, dec_len);
        return decrypted;
    }
public static void main(String[] args) {
        String pass = "hello";
        try {
            deriveKeyAndIV(pass);
            byte[] tmp = encrypt("world!".getBytes());
            System.out.println(new String(Base64.getEncoder().encode(tmp)));
            System.out.println(new String(tmp));
            System.out.println("encrypted:\t" + bytesToHex(tmp));
            System.out.println("key:\t" + bytesToHex(keyBytes));
            System.out.println("iv:\t" + bytesToHex(ivBytes));
            tmp = decrypt(tmp);

            System.out.println("decrypted:\t" + bytesToHex(tmp));
        } catch (Exception e) {
            e.printStackTrace();
        }

    }

示例输出:

5xwfm037nXfGS06V5OKgW/oo6WDuow==
��M��w�KN���[�(�`�
encrypted:  E71C1F9B4DFB9D77C64B4E95E4E2A05BFA28E960EEA3
key:    6D525D38BFF7F70AD25205E97368C197
iv: 060374643557ED8E2F6A215F1B6DBD0E
decrypted:  776F726C6421

我将 Base64 输出复制到一个文件中(测试)，并尝试使用以下命令对其进行解密:

openssl enc -d -base64 -id-aes128-GCM -K 6D525D38BFF7F70AD25205E97368C197  -in ~/Desktop/test-in -out ~/Desktop/test-out -iv 060374643557ED8E2F6A215F1B6DBD0E

我收到一条bad decrypt 错误消息(退出代码:1)。尝试不同的模式(id-aes192-GCM 和 id-aes256-GCM)结果相同。

我做错了什么？

Answer 1

I copied the Base64 output into a file (test-in), and tried decrypting it using the following command ...

经过身份验证的加密模式在命令行工具中不起作用。来自openssl enc man page :

The enc program does not support authenticated encryption modes like CCM and GCM. The utility does not store or retrieve the authentication tag.

我知道最近(大约 2014 年 5 月或 6 月)使用上述声明更新了文档。触发它的邮件列表消息是 v1.0.1g command line gcm error .

我不知道较新版本的工具(例如 1.0.2 或 1.1.0 中的 openssl enc)是否提供了有意义的错误消息，或者您是否只是得到 错误的解密。

---

What I'm doing wrong?

没有。