delphi - Lockbox3 加密字符串 : same string gives different encrypted result

Question

我用 Delphi XE10 尝试了 lockbox3。我想加密用户的输入字符串并将其与值进行比较以进行验证。但每次相同的输入字符串都会给出不同的加密结果。请问我有什么错吗？

这里是给出此错误的示例代码

<UNIT CODE START>
unit Unit21;

interface

uses
  Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
  Vcl.Controls, Vcl.Forms, Vcl.Dialogs, TPLB3.Codec, TPLB3.BaseNonVisualComponent, TPLB3.CryptographicLibrary,
  Vcl.StdCtrls;

type
  TForm21 = class(TForm)
    Button1: TButton;
    CryptographicLibrary1: TCryptographicLibrary;
    Codec1: TCodec;
    Label1: TLabel;
    procedure Button1Click(Sender: TObject);
  private
    { Private declarations }
  public
    { Public declarations }
  end;

var
  Form21: TForm21;

implementation

{$R *.dfm}

procedure TForm21.Button1Click(Sender: TObject);
var s0,s1 : string;
begin
    codec1.Password := 'ou[asdl[kn';
    s0 := 'asdfghjkl';
    codec1.EncryptString(s0,s1);
    label1.caption := s1;
end;

end.
<UNIT CODE END>

<FORM CODE START>

object Form21: TForm21
  Left = 0
  Top = 0
  Caption = 'Form21'
  ClientHeight = 299
  ClientWidth = 635
  Color = clBtnFace
  Font.Charset = DEFAULT_CHARSET
  Font.Color = clWindowText
  Font.Height = -11
  Font.Name = 'Tahoma'
  Font.Style = []
  OldCreateOrder = False
  PixelsPerInch = 96
  TextHeight = 13
  object Label1: TLabel
    Left = 168
    Top = 72
    Width = 31
    Height = 13
    Caption = 'Label1'
  end
  object Button1: TButton
    Left = 32
    Top = 72
    Width = 75
    Height = 25
    Caption = 'Button1'
    TabOrder = 0
    OnClick = Button1Click
  end
  object CryptographicLibrary1: TCryptographicLibrary
    Left = 192
    Top = 136
  end
  object Codec1: TCodec
    AsymetricKeySizeInBits = 512
    AdvancedOptions2 = []
    CryptoLibrary = CryptographicLibrary1
    Left = 200
    Top = 192
    StreamCipherId = 'native.StreamToBlock'
    BlockCipherId = 'native.AES-256'
    ChainId = 'native.CBC'
  end
end
<FORM CODE END>

Answer 1

乍一看，问题似乎是您正在使用 AES 的CBC(密码 block 链接)模式。

这实际上不是问题，问题在于 CBC 模式的设计工作方式。

查看这篇维基百科文章，了解有关 Block cipher mode of operation 的更多详细信息。

In cryptography, a mode of operation is an algorithm that uses a block cipher to provide an information service such as confidentiality or authenticity. A block cipher by itself is only suitable for the secure cryptographic transformation (encryption or decryption) of one fixed-length group of bits called a block. A mode of operation describes how to repeatedly apply a cipher's single-block operation to securely transform amounts of data larger than a block.

...

In CBC mode, each block of plaintext is XORed with the previous ciphertext block before being encrypted. This way, each ciphertext block depends on all plaintext blocks processed up to that point. To make each message unique, an initialization vector must be used in the first block.

<小时/>

如果您希望某些纯文本始终收到相同的密文，您可以切换到基本 ECB ( Electronic Codebook ) 模式(例如，更改 ChainId = 'native .CBC' 到 ChainId = 'native.ECB')。

但不建议这样做，因为它会使您的密文容易受到某些攻击。对称密码不应用于使用相同 key 多次加密相同的明文。

这就是引入链接操作模式的原因。它们用于“生成”一系列派生 key (基于您提供的 key - 在您的情况下它本身基于密码)，而不是基本 key 。

请务必阅读此问题:

• How to choose an AES encryption mode (CBC ECB CTR OCB CFB)?

<小时/>

如果您正在设计一个现实世界的系统(将由您以外的其他人使用)，并且您需要为其任何部分提供安全性，请投入一些时间来了解有关密码学的更多信息。

一个好的开始是学习类似的密码学类(class):Cryptography I (免费)