在Python的CFB模式下用AES加密的Go解密
在Python的CFB模式下用AES加密的Go解密
提问于 2022-04-24 09:43:32
问题
我希望能够在Go中解密用Python加密的内容。加密/解密功能在每种语言中分别工作,但当我用Python加密和Go解密时,我猜编码有问题,因为我得到的输出是乱七八糟的:
Rx����d��I�K|�ap���k��B%F���UV�~d3h�Ñ����|�����>�B��B�Python中的加密/解密
def encrypt(plaintext, key=config.SECRET, key_salt='', no_iv=False):
"""Encrypt shit the right way"""
# sanitize inputs
key = SHA256.new((key + key_salt).encode()).digest()
if len(key) not in AES.key_size:
raise Exception()
if isinstance(plaintext, string_types):
plaintext = plaintext.encode('utf-8')
# pad plaintext using PKCS7 padding scheme
padlen = AES.block_size - len(plaintext) % AES.block_size
plaintext += (chr(padlen) * padlen).encode('utf-8')
# generate random initialization vector using CSPRNG
if no_iv:
iv = ('\0' * AES.block_size).encode()
else:
iv = get_random_bytes(AES.block_size)
log.info(AES.block_size)
# encrypt using AES in CFB mode
ciphertext = AES.new(key, AES.MODE_CFB, iv).encrypt(plaintext)
# prepend iv to ciphertext
if not no_iv:
ciphertext = iv + ciphertext
# return ciphertext in hex encoding
log.info(ciphertext)
return ciphertext.hex()
def decrypt(ciphertext, key=config.SECRET, key_salt='', no_iv=False):
"""Decrypt shit the right way"""
# sanitize inputs
key = SHA256.new((key + key_salt).encode()).digest()
if len(key) not in AES.key_size:
raise Exception()
if len(ciphertext) % AES.block_size:
raise Exception()
try:
ciphertext = codecs.decode(ciphertext, 'hex')
except TypeError:
log.warning("Ciphertext wasn't given as a hexadecimal string.")
# split initialization vector and ciphertext
if no_iv:
iv = '\0' * AES.block_size
else:
iv = ciphertext[:AES.block_size]
ciphertext = ciphertext[AES.block_size:]
# decrypt ciphertext using AES in CFB mode
plaintext = AES.new(key, AES.MODE_CFB, iv).decrypt(ciphertext).decode()
# validate padding using PKCS7 padding scheme
padlen = ord(plaintext[-1])
if padlen < 1 or padlen > AES.block_size:
raise Exception()
if plaintext[-padlen:] != chr(padlen) * padlen:
raise Exception()
plaintext = plaintext[:-padlen]
return plaintextGo中的加密/解密
// PKCS5Padding adds padding to the plaintext to make it a multiple of the block size
func PKCS5Padding(src []byte, blockSize int) []byte {
padding := blockSize - len(src)%blockSize
padtext := bytes.Repeat([]byte{byte(padding)}, padding)
return append(src, padtext...)
}
// Encrypt encrypts the plaintext,the input salt should be a random string that is appended to the plaintext
// that gets fed into the one-way function that hashes it.
func Encrypt(plaintext) string {
h := sha256.New()
h.Write([]byte(os.Getenv("SECRET")))
key := h.Sum(nil)
plaintextBytes := PKCS5Padding([]byte(plaintext), aes.BlockSize)
block, err := aes.NewCipher(key)
if err != nil {
panic(err)
}
// The IV needs to be unique, but not secure. Therefore it's common to
// include it at the beginning of the ciphertext.
ciphertext := make([]byte, aes.BlockSize+len(plaintextBytes))
iv := ciphertext[:aes.BlockSize]
if _, err := io.ReadFull(rand.Reader, iv); err != nil {
panic(err)
}
stream := cipher.NewCFBEncrypter(block, iv)
stream.XORKeyStream(ciphertext[aes.BlockSize:], plaintextBytes)
// return hexadecimal representation of the ciphertext
return hex.EncodeToString(ciphertext)
}
func PKCS5UnPadding(src []byte) []byte {
length := len(src)
unpadding := int(src[length-1])
return src[:(length - unpadding)]
}
func Decrypt(ciphertext string) string {
h := sha256.New()
// have to check if the secret is hex encoded
h.Write([]byte(os.Getenv("SECRET")))
key := h.Sum(nil)
ciphertext_bytes := []byte(ciphertext)
block, err := aes.NewCipher(key)
if err != nil {
panic(err)
}
log.Print(aes.BlockSize)
// The IV needs to be unique, but not secure. Therefore it's common to
// include it at the beginning of the ciphertext.
iv := ciphertext_bytes[:aes.BlockSize]
if len(ciphertext) < aes.BlockSize {
panic("ciphertext too short")
}
ciphertext_bytes = ciphertext_bytes[aes.BlockSize:]
stream := cipher.NewCFBDecrypter(block, iv)
stream.XORKeyStream(ciphertext_bytes, ciphertext_bytes)
plaintext := PKCS5UnPadding(ciphertext_bytes)
return string(plaintext)
}回答 1
Stack Overflow用户
回答已采纳
发布于 2022-04-24 14:39:48
CFB模式使用与每个加密步骤加密的位相对应的段大小,请参见循环流化床。
Go只支持128位的段大小(CFB128),至少没有更深层次的修改(s. 这里和这里)。相反,PyCryptodome中的段大小是可配置的,默认为8位(CFB8),s. 这里。发布的Python代码使用这个默认值,因此这两种代码是不兼容的。由于段大小在Go代码中不可调整,因此必须在Python中将其设置为CFB128:
cipher = AES.new(key, AES.MODE_CFB, iv, segment_size=128) 而且,密文是在Python代码中编码的十六进制,所以必须在Go代码中解码它,这在发布的代码中还没有发生。
通过这两种更改,可以解密由Python代码生成的密文。
下面的Go代码中的密文是用Python代码创建的,使用128位的段大小和密码my passphrase,并成功解密:
package main
import (
"crypto/aes"
"crypto/cipher"
"crypto/sha256"
"encoding/hex"
"fmt"
)
func main() {
ciphertextHex := "546ddf226c4c556c7faa386940f4fff9b09f7e3a2ccce2ed26f7424cf9c8cd743e826bc8a2854bb574df9f86a94e7b2b1e63886953a6a3eb69eaa5fa03d69ba5" // Fix 1: Apply CFB128 on the Python side
fmt.Println(Decrypt(ciphertextHex)) // The quick brown fox jumps over the lazy dog
}
func PKCS5UnPadding(src []byte) []byte {
length := len(src)
unpadding := int(src[length-1])
return src[:(length - unpadding)]
}
func Decrypt(ciphertext string) string {
h := sha256.New()
//h.Write([]byte(os.Getenv("SECRET")))
h.Write([]byte("my passphrase")) // Apply passphrase from Python side
key := h.Sum(nil)
//ciphertext_bytes := []byte(ciphertext)
ciphertext_bytes, _ := hex.DecodeString(ciphertext) // Fix 2. Hex decode ciphertext
block, err := aes.NewCipher(key)
if err != nil {
panic(err)
}
iv := ciphertext_bytes[:aes.BlockSize]
if len(ciphertext) < aes.BlockSize {
panic("ciphertext too short")
}
ciphertext_bytes = ciphertext_bytes[aes.BlockSize:]
stream := cipher.NewCFBDecrypter(block, iv)
stream.XORKeyStream(ciphertext_bytes, ciphertext_bytes)
plaintext := PKCS5UnPadding(ciphertext_bytes)
return string(plaintext)
}安保:
- 使用摘要作为密钥派生函数是不安全的。应用像PBKDF2这样的专用密钥派生函数。
- 静态或缺失的盐也是不安全的。对每个加密使用随机生成的盐类。将非秘密盐与密文(类似于IV)连接起来,例如
salt|IV|ciphertext。 - 变体
no_iv=True应用静态IV (零IV),这是不安全的,不应该使用。正确的方法是用变体no_iv=False描述的。 - CFB是一种流密码模式,因此不需要填充/解填充,因此可以在两边删除。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/71987196
复制相关文章
相似问题
腾讯云开发者
