I'd like to use the OpenSSL library to decrypt some AES data. The code has access to the key. This project already uses libopenssl for something else, so I'd like to stick to this library.
我想使用OpenSSL库来解密一些AES数据。代码可以访问密钥。这个项目已经将libopenssl用于其他方面了,所以我想坚持使用这个库。
I went looking directly into /usr/include/openssl/aes.h since the OpenSSL site is light on documentation. The only decrypt function is this one:
我直接查看了/usr/include/openssl/aes.h,因为OpenSSL网站对文档很轻松。唯一的解密功能就是这个:
void AES_decrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key);
Unfortunately, this doesn't have a way to specify the length of the in pointer, so I'm not sure how that would work.
不幸的是,这没有办法指定in指针的长度,所以我不确定它是如何工作的。
There are several other functions which I believe take a numeric parm to differentiate between encryption and decryption. For example:
我认为还有其他一些功能可以用数字参数来区分加密和解密。例如:
void AES_ecb_encrypt(*in, *out, *key, enc);
void AES_cbc_encrypt(*in, *out, length, *key, *ivec, enc);
void AES_cfb128_encrypt(*in, *out, length, *key, *ivec, *num, enc);
void AES_cfb1_encrypt(*in, *out, length, *key, *ivec, *num, enc);
void AES_cfb8_encrypt(*in, *out, length, *key, *ivec, *num, enc);
void AES_cfbr_encrypt_block(*in, *out, nbits, *key, *ivec, enc);
void AES_ofb128_encrypt(*in, *out, length, *key, *ivec, *num);
void AES_ctr128_encrypt(*in, *out, length, *key, ivec[], ecount_buf[], *num);
void AES_ige_encrypt(*in, *out, length, *key, *ivec, enc);
void AES_bi_ige_encrypt(*in, *out, length, *key, *key2, *ivec, enc);
From what I understand using Google, the enc parm gets set to AES_ENCRYPT or AES_DECRYPT to specify which action needs to take place.
根据我的理解,使用Google,enc parm设置为AES_ENCRYPT或AES_DECRYPT以指定需要执行的操作。
Which brings me to my 2 questions:
这让我想到了两个问题:
- What do these names mean? What is ecb, cbc, cfb128, etc..., and how do I decide which one I should be using?
- 这些名字是什么意思?什么是ecb,cbc,cfb128等...,我如何决定应该使用哪一个?
- What is the
unsigned char *ivecparm needed for most of these, and where do I get it from? - 什么是大多数这些需要的unsigned char * ivec parm,我从哪里获得它?
1 个解决方案
#1
18
There's no size given because the block sizes for AES are fixed
based on the key size
; you've found the ECB mode implementation, which isn't suitable for direct use (except as a teaching tool).
由于AES的块大小是根据密钥大小固定的,因此没有给出大小;你已经找到了ECB模式实现,它不适合直接使用(除了作为教学工具)。
ECB, CBC, CFB128, etc, are all short names for the modes of operation that are in common use. They have different properties, but if you never touch ECB mode, you should be alright.
ECB,CBC,CFB128等都是常用的操作模式的简称。它们具有不同的属性,但如果您从未触摸过ECB模式,那么您应该没问题。
I suggest staying further away from the low-level code; use the EVP_* interfaces instead, if you can, and you can move some of these decisions into a text configuration file, so your users could easily select between the different ciphers, block sizes, and modes of operation if there should ever be a good reason to change away from the defaults.
我建议远离低级代码;如果可以,请使用EVP_ *接口,并且您可以将其中一些决策移动到文本配置文件中,这样您的用户就可以轻松地在不同的密码,块大小和操作模式之间进行选择(如果有的话)有理由改变默认值。
My sympathies, OpenSSL documentation feels worse than it is, and it isn't that great. You may find Network Security with OpenSSL a useful book. I wish I had found it sooner the last time I needed to use OpenSSL. (Don't let the silly title fool you -- it should have been titled just "OpenSSL". Oh well.)
我的同情心,OpenSSL文档感觉比现在更糟糕,而且它并不是那么好。您可能会发现使用OpenSSL的Network Security是一本有用的书。我希望我最后一次使用OpenSSL时发现它。 (不要让这个愚蠢的标题欺骗你 - 它应该只是标题为“OpenSSL”。哦。好吧。)
Edit I forgot to mention the initialization vectors. They are used to make sure that if you encrypt the same data using the same key, the ciphertext won't be identical. You need the IV to decrypt the data, but you don't need to keep the IV secret. You should either generate one randomly for each session (and send it along with an RSA or El Gamal or DH-encrypted session key) or generate it identically on both endpoints, or store it locally with the file, something like that.
编辑我忘了提到初始化向量。它们用于确保如果使用相同的密钥加密相同的数据,则密文将不相同。您需要IV来解密数据,但您不需要保密IV。您应该为每个会话随机生成一个(并将其与RSA或El Gamal或DH加密的会话密钥一起发送)或在两个端点上相同地生成它,或者将其与文件本地存储在一起,就像这样。
#1
18
There's no size given because the block sizes for AES are fixed
based on the key size
; you've found the ECB mode implementation, which isn't suitable for direct use (except as a teaching tool).
由于AES的块大小是根据密钥大小固定的,因此没有给出大小;你已经找到了ECB模式实现,它不适合直接使用(除了作为教学工具)。
ECB, CBC, CFB128, etc, are all short names for the modes of operation that are in common use. They have different properties, but if you never touch ECB mode, you should be alright.
ECB,CBC,CFB128等都是常用的操作模式的简称。它们具有不同的属性,但如果您从未触摸过ECB模式,那么您应该没问题。
I suggest staying further away from the low-level code; use the EVP_* interfaces instead, if you can, and you can move some of these decisions into a text configuration file, so your users could easily select between the different ciphers, block sizes, and modes of operation if there should ever be a good reason to change away from the defaults.
我建议远离低级代码;如果可以,请使用EVP_ *接口,并且您可以将其中一些决策移动到文本配置文件中,这样您的用户就可以轻松地在不同的密码,块大小和操作模式之间进行选择(如果有的话)有理由改变默认值。
My sympathies, OpenSSL documentation feels worse than it is, and it isn't that great. You may find Network Security with OpenSSL a useful book. I wish I had found it sooner the last time I needed to use OpenSSL. (Don't let the silly title fool you -- it should have been titled just "OpenSSL". Oh well.)
我的同情心,OpenSSL文档感觉比现在更糟糕,而且它并不是那么好。您可能会发现使用OpenSSL的Network Security是一本有用的书。我希望我最后一次使用OpenSSL时发现它。 (不要让这个愚蠢的标题欺骗你 - 它应该只是标题为“OpenSSL”。哦。好吧。)
Edit I forgot to mention the initialization vectors. They are used to make sure that if you encrypt the same data using the same key, the ciphertext won't be identical. You need the IV to decrypt the data, but you don't need to keep the IV secret. You should either generate one randomly for each session (and send it along with an RSA or El Gamal or DH-encrypted session key) or generate it identically on both endpoints, or store it locally with the file, something like that.
编辑我忘了提到初始化向量。它们用于确保如果使用相同的密钥加密相同的数据,则密文将不相同。您需要IV来解密数据,但您不需要保密IV。您应该为每个会话随机生成一个(并将其与RSA或El Gamal或DH加密的会话密钥一起发送)或在两个端点上相同地生成它,或者将其与文件本地存储在一起,就像这样。