使用AESEngine和PKCS7填充的bouncycastle的PaddedBufferedBlockCipher的等效密码是什么?

时间:2022-04-06 15:11:33

I want to decrypt AES-256 encrypted string using nodejs. I am using crypto module for that.

我想使用nodejs解密AES-256加密字符串。我正在使用加密模块。

The string is encrypted using Bouncy castle java library. In Java the cipher is intialsed using:

该字符串使用Bouncy castle java库加密。在Java中,密码使用以下内容进行初始化:

PaddedBufferedBlockCipher cipher = new PaddedBufferedBlockCipher(new AESEngine(), new PKCS7Padding());

PaddedBufferedBlockCipher cipher = new PaddedBufferedBlockCipher(new AESEngine(),new PKCS7Padding());

crypto module of nodejs uses openssl's list of ciphers for intialising it, like:

nodejs的crypto模块使用openssl的密码列表进行初始化,例如:

var decipher = crypto.createDecipher('aes-256-cbc',key);

var decipher = crypto.createDecipher('aes-256-cbc',key);

Which algorithm should I use?

我应该使用哪种算法?

Here is the list of algorithms to choose from:

以下是可供选择的算法列表:

-bash-4.1$ openssl list-cipher-algorithms|grep AES-256 AES-256-CBC AES-256-CFB AES-256-CFB1 AES-256-CFB8 AES-256-CTR AES-256-ECB AES-256-OFB AES-256-XTS AES256 => AES-256-CBC aes256 => AES-256-CBC

-bash-4.1 $ openssl list-cipher-algorithms | grep AES-256 AES-256-CBC AES-256-CFB AES-256-CFB1 AES-256-CFB8 AES-256-CTR AES-256-ECB AES-256- OFB AES-256-XTS AES256 => AES-256-CBC aes256 => AES-256-CBC

2 个解决方案

#1


1  

If you encrypt something with a block cipher, you need

如果使用分组密码加密某些内容,则需要

  • the block cipher which can take a single block of input and mangle it into a single block of output (for AES the block size is 16 bytes),
  • 块密码可以占用单个输入块并将其分解为单个输出块(对于AES,块大小为16个字节),
  • the mode of operation which enables you to encrypt more than one block in a structured fashion
  • 操作模式,使您能够以结构化方式加密多个块
  • the padding which enables you to encrypt something that is not exactly as long as a multiple of the block size.
  • 填充,使您可以加密与块大小的倍数不同的东西。

The PaddedBufferedBlockCipher that you've shown only has two of them. The mode of operation is implied to be ECB mode, because it simply consists of applying the block cipher to each block separately.

您显示的PaddedBufferedBlockCipher只有两个。操作模式暗示为ECB模式,因为它仅包括将块密码分别应用于每个块。

You'll get the same behavior in node.js with:

您将在node.js中获得相同的行为:

var decipher = crypto.createDecipheriv('aes-xxx-ecb', key, '');

Exchange the xxx for the size of your key in bits. Valid sizes are 128 bit, 192 bit and 256 bit. Everything else will not work. Also, make sure that you get the encoding of your key right.

将xxx替换为密钥的大小。有效大小为128位,192位和256位。其他一切都行不通。此外,请确保您获得正确的密钥编码。

In case you're wondering why createDecipheriv is used here instead of createDecipher, I suggest that you carefully compare the documentation to both of those functions. createDecipher expects a password and not a key.

如果您想知道为什么在这里使用createDecipheriv而不是createDecipher,我建议您仔细比较这两个函数的文档。 createDecipher需要密码而不是密钥。


Other considerations:

其他考虑:

Never use ECB mode. It's deterministic and therefore not semantically secure. You should at the very least use a randomized mode like CBC or CTR. It is better to authenticate your ciphertexts so that attacks like a padding oracle attack are not possible. This can be done with authenticated modes like GCM or EAX, or with an encrypt-then-MAC scheme.

切勿使用ECB模式。它是确定性的,因此在语义上不安全。您应该至少使用CBC或CTR等随机模式。最好对您的密文进行身份验证,以便无法进行填充oracle攻击等攻击。这可以通过GCM或EAX等经过身份验证的模式或使用加密然后MAC方案来完成。

#2


0  

Decrypt the data with AES-256-ECB (I don't see any CBC or other modes.).

使用AES-256-ECB解密数据(我没有看到任何CBC或其他模式。)。

Call decipher.setAutoPadding(true) for using PKCS padding.

调用decipher.setAutoPadding(true)以使用PKCS填充。

#1


1  

If you encrypt something with a block cipher, you need

如果使用分组密码加密某些内容,则需要

  • the block cipher which can take a single block of input and mangle it into a single block of output (for AES the block size is 16 bytes),
  • 块密码可以占用单个输入块并将其分解为单个输出块(对于AES,块大小为16个字节),
  • the mode of operation which enables you to encrypt more than one block in a structured fashion
  • 操作模式,使您能够以结构化方式加密多个块
  • the padding which enables you to encrypt something that is not exactly as long as a multiple of the block size.
  • 填充,使您可以加密与块大小的倍数不同的东西。

The PaddedBufferedBlockCipher that you've shown only has two of them. The mode of operation is implied to be ECB mode, because it simply consists of applying the block cipher to each block separately.

您显示的PaddedBufferedBlockCipher只有两个。操作模式暗示为ECB模式,因为它仅包括将块密码分别应用于每个块。

You'll get the same behavior in node.js with:

您将在node.js中获得相同的行为:

var decipher = crypto.createDecipheriv('aes-xxx-ecb', key, '');

Exchange the xxx for the size of your key in bits. Valid sizes are 128 bit, 192 bit and 256 bit. Everything else will not work. Also, make sure that you get the encoding of your key right.

将xxx替换为密钥的大小。有效大小为128位,192位和256位。其他一切都行不通。此外,请确保您获得正确的密钥编码。

In case you're wondering why createDecipheriv is used here instead of createDecipher, I suggest that you carefully compare the documentation to both of those functions. createDecipher expects a password and not a key.

如果您想知道为什么在这里使用createDecipheriv而不是createDecipher,我建议您仔细比较这两个函数的文档。 createDecipher需要密码而不是密钥。


Other considerations:

其他考虑:

Never use ECB mode. It's deterministic and therefore not semantically secure. You should at the very least use a randomized mode like CBC or CTR. It is better to authenticate your ciphertexts so that attacks like a padding oracle attack are not possible. This can be done with authenticated modes like GCM or EAX, or with an encrypt-then-MAC scheme.

切勿使用ECB模式。它是确定性的,因此在语义上不安全。您应该至少使用CBC或CTR等随机模式。最好对您的密文进行身份验证,以便无法进行填充oracle攻击等攻击。这可以通过GCM或EAX等经过身份验证的模式或使用加密然后MAC方案来完成。

#2


0  

Decrypt the data with AES-256-ECB (I don't see any CBC or other modes.).

使用AES-256-ECB解密数据(我没有看到任何CBC或其他模式。)。

Call decipher.setAutoPadding(true) for using PKCS padding.

调用decipher.setAutoPadding(true)以使用PKCS填充。