AES_set_encrypt_key 如何在 openssl 中使用自定义密钥
How use the custom key in openssl in AES_set_encrypt_key
我尝试使用 openssl 实现编码和解码,using a code how example,但是当我尝试使用自定义密钥时,代码损坏了,设置自定义密钥和要使用的自定义输入的当前形式是什么在 openssl 中(我相信错误出在我在 C 中的逻辑中,而不是在使用 openssl 时)
const char *in = "test";
size_t in_len = strlen(in);
unsigned char aes_input[in_len];
for (size_t i = 0; i != in_len; i++) aes_input[i] = in[i];
//
// const char *my_custom_key = "my_custom_key";
// size_t key_len = strlen(my_custom_key);
// unsigned char aes_key[key_len];
// for (size_t i = 0; i != in_len; i++) aes_input[i] = my_custom_key[i];
//
unsigned char aes_key[] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB,
0xCC,
0xDD, 0xEE, 0xFF};
/* Init vector */
unsigned char iv[AES_BLOCK_SIZE];
memset(iv, 0x00, AES_BLOCK_SIZE);
/* Buffers for Encryption and Decryption */
unsigned char enc_out[sizeof(aes_input)];
unsigned char dec_out[sizeof(aes_input)];
/* AES-128 bit CBC Encryption */
AES_KEY enc_key, dec_key;
AES_set_encrypt_key(aes_key, sizeof(aes_key) * 8, &enc_key);
AES_cbc_encrypt(aes_input, enc_out, sizeof(aes_input), &enc_key, iv, AES_ENCRYPT);
/* AES-128 bit CBC Decryption */
memset(iv, 0x00, AES_BLOCK_SIZE); // don't forget to set iv vector again, else you can't decrypt data properly
AES_set_decrypt_key(aes_key, sizeof(aes_key) * 8, &dec_key); // Size of key is in bits
AES_cbc_encrypt(enc_out, dec_out, sizeof(aes_input), &dec_key, iv, AES_DECRYPT);
上面的代码是有效的,但如果我改为使用我的自定义密钥,它就会中断
const char *my_custom_key = "my_custom_key";
size_t key_len = strlen(my_custom_key);
unsigned char aes_key[key_len];
for (size_t i = 0; i != in_len; i++) aes_input[i] = my_custom_key[i];
// unsigned char aes_key[] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB,
0xCC,
0xDD, 0xEE, 0xFF};
使用文本字符串作为 AES 密钥不是一个好主意,因为:
AES 密钥的大小必须恰好为 AES_KEY_LENGTH 字节。
"my_custom_key",13个字节,太短了。
ASCII文本熵低,会严重降低加密的安全性。
对此的标准解决方案是使用 key derivation function,例如PBKDF2,为了“加强”和填充密钥,使其可用于加密。
如果您只关心密钥大小,那么像 SHA-256 这样的哈希函数就足以将密码转换为正确大小的密钥。
像这样:
std::string pass = "my_custom_key";
unsigned char key[SHA256_DIGEST_LENGTH];
SHA256_CTX sha256;
SHA256_Init(&sha256);
SHA256_Update(&sha256, pass.data(), pass.size());
SHA256_Final(key, &sha256);
我尝试使用 openssl 实现编码和解码,using a code how example,但是当我尝试使用自定义密钥时,代码损坏了,设置自定义密钥和要使用的自定义输入的当前形式是什么在 openssl 中(我相信错误出在我在 C 中的逻辑中,而不是在使用 openssl 时)
const char *in = "test";
size_t in_len = strlen(in);
unsigned char aes_input[in_len];
for (size_t i = 0; i != in_len; i++) aes_input[i] = in[i];
//
// const char *my_custom_key = "my_custom_key";
// size_t key_len = strlen(my_custom_key);
// unsigned char aes_key[key_len];
// for (size_t i = 0; i != in_len; i++) aes_input[i] = my_custom_key[i];
//
unsigned char aes_key[] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB,
0xCC,
0xDD, 0xEE, 0xFF};
/* Init vector */
unsigned char iv[AES_BLOCK_SIZE];
memset(iv, 0x00, AES_BLOCK_SIZE);
/* Buffers for Encryption and Decryption */
unsigned char enc_out[sizeof(aes_input)];
unsigned char dec_out[sizeof(aes_input)];
/* AES-128 bit CBC Encryption */
AES_KEY enc_key, dec_key;
AES_set_encrypt_key(aes_key, sizeof(aes_key) * 8, &enc_key);
AES_cbc_encrypt(aes_input, enc_out, sizeof(aes_input), &enc_key, iv, AES_ENCRYPT);
/* AES-128 bit CBC Decryption */
memset(iv, 0x00, AES_BLOCK_SIZE); // don't forget to set iv vector again, else you can't decrypt data properly
AES_set_decrypt_key(aes_key, sizeof(aes_key) * 8, &dec_key); // Size of key is in bits
AES_cbc_encrypt(enc_out, dec_out, sizeof(aes_input), &dec_key, iv, AES_DECRYPT);
上面的代码是有效的,但如果我改为使用我的自定义密钥,它就会中断
const char *my_custom_key = "my_custom_key";
size_t key_len = strlen(my_custom_key);
unsigned char aes_key[key_len];
for (size_t i = 0; i != in_len; i++) aes_input[i] = my_custom_key[i];
// unsigned char aes_key[] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB,
0xCC,
0xDD, 0xEE, 0xFF};
使用文本字符串作为 AES 密钥不是一个好主意,因为:
AES 密钥的大小必须恰好为
AES_KEY_LENGTH字节。
"my_custom_key",13个字节,太短了。ASCII文本熵低,会严重降低加密的安全性。
对此的标准解决方案是使用 key derivation function,例如PBKDF2,为了“加强”和填充密钥,使其可用于加密。
如果您只关心密钥大小,那么像 SHA-256 这样的哈希函数就足以将密码转换为正确大小的密钥。
像这样:
std::string pass = "my_custom_key";
unsigned char key[SHA256_DIGEST_LENGTH];
SHA256_CTX sha256;
SHA256_Init(&sha256);
SHA256_Update(&sha256, pass.data(), pass.size());
SHA256_Final(key, &sha256);