C# 和 Classic 之间的 Blowfish 结果不同 ASP
Blowfish Results different between C# and Classic ASP
我需要在 C# 中加密一个值,然后在经典 ASP 中解密。我最接近使它起作用的是 Blowfish。但问题是这两种实现产生的结果略有不同,我不确定为什么。
正在使用的实现:
C#: https://defuse.ca/blowfish.htm
vbscript: http://www.di-mgt.com.au/cryptoBlowfishASP.html
C#代码:
var input = "Hello World";
var key = "04B915BA43FEB5B6";
BlowFish b = new BlowFish(key);
string enc, dec;
enc = b.Encrypt_ECB(input);
dec = b.Decrypt_ECB(enc);
vbscript:
Dim aKey()
Dim nKeyLen, szTxtKey, szTxtPlain, szTxtKeyAsString, szTxtCipher, szTxtCipherHex, szTxtCipher64, szTxtDecrypt
szTxtKey = "04B915BA43FEB5B6"
szTxtPlain = "Hello World"
ReDim aKey((Len(szTxtKey) \ 2) - 1)
nKeyLen = bu_HexStr2Bytes(szTxtKey, aKey)
Call blf_Key(aKey, nKeyLen)
szTxtKeyAsString = bu_Bytes2HexStr(aKey, nKeyLen)
szTxtCipher = blf_StringEnc(szTxtPlain)
szTxtCipherHex = bu_Str2Hex(szTxtCipher)
C# 输出:
819dd50a925a5eb83ed723bea6d84984
VBScript 输出:
819DD50A925A5EB8CABE974A654A18A8
前半部分输出相同:“819DD50A925A5EB8”
有趣的是,如果我用 C# 库解密 vbscript 输出,我会得到:
你好世界♣♣♣♣♣
所以...它几乎可以工作,但是有某种填充或其他事情正在发生。不过我不知道如何解决这个问题。
如果您可以 shell 从 VBScript 输出到命令行,则可以使用加密字符串的相同 C# 库创建一个控制台应用程序。有点解决方法,但您将使用相同的库。
作为@artjom-b has ,罪魁祸首是不同的padding。
对不同的填充方法有很好的解释here。
分析 blowfish.cs 文件显示它使用 NULL 填充 (注意文件中的这个片段);
/// <summary>
/// Decrypts a string (ECB)
/// </summary>
/// <param name="ct">hHex string of the ciphertext</param>
/// <returns>Plaintext ascii string</returns>
public string Decrypt_ECB(string ct)
{
return Encoding.ASCII.GetString(Decrypt_ECB(HexToByte(ct))).Replace("[=10=]", "");
}
相比之下,经典 ASP 实现使用 PKCS5 填充 (来自 basBlowfishFns.asp 的片段显示了 PKCS5 方法)
From Using Padding in Encryption
Pad with bytes all of the same value as the number of padding bytes (PKCS5 padding)
' Get # of padding bytes from last char
nPad = Asc(Right(strData, 1))
If nPad > 8 Then nPad = 0 ' In case invalid
strData = Left(strData, nLen - nPad)
解决方法是对 c# 库使用的 NULL 填充应用变通方法。
这里是修改后的basBlowfishFns.asp(只展示修改后的功能);
Public Function blf_StringEnc(strData, padMethod)
' Encrypts plaintext strData after adding RFC 2630 padding
' Returns encrypted string.
' Requires key and boxes to be already set up.
' Version 5. Completely revised.
' The speed improvement here is due to Robert Garofalo.
Dim strIn
Dim strOut
Dim nLen
Dim sPad
Dim nPad
Dim nBlocks
Dim i
Dim j
Dim aBytes(7)
Dim sBlock
Dim iIndex
' Pad data string to multiple of 8 bytes
strIn = PadString(strData, padMethod)
' Calc number of 8-byte blocks
nLen = Len(strIn)
nBlocks = nLen \ 8
' Allocate output string here so we can use Mid($ below
' strOut = String(nLen, " ")
strOut = "" ' Fix for VBScript
' Work through string in blocks of 8 bytes
iIndex = 0
For i = 1 To nBlocks
sBlock = Mid(strIn, iIndex + 1, 8)
' Convert to bytes
' aBytes() = StrConv(sBlock, vbFromUnicode)
Call bu_String2Bytes(sBlock, aBytes)
' Encrypt the block
Call blf_EncryptBytes(aBytes)
' Convert back to a string
' sBlock = StrConv(aBytes(), vbUnicode)
sBlock = bu_Bytes2String(aBytes, 8)
' Copy to output string
' Mid(strOut, iIndex + 1, 8) = sBlock
strOut = strOut & sBlock
iIndex = iIndex + 8
Next
blf_StringEnc = strOut
End Function
Public Function blf_StringDec(strData, padMethod)
' Decrypts ciphertext strData and removes RFC 2630 padding
' Returns decrypted string.
' Requires key and boxes to be already set up.
' Version 5. Completely revised.
' The speed improvement here is due to Robert Garofalo.
Dim strIn
Dim strOut
Dim nLen
Dim sPad
Dim nPad
Dim nBlocks
Dim i
Dim j
Dim aBytes(7)
Dim sBlock
Dim iIndex
strIn = strData
' Calc number of 8-byte blocks
nLen = Len(strIn)
nBlocks = nLen \ 8
' Allocate output string here so we can use Mid($ below
'strOut = String(nLen, " ")
strOut = ""
' Work through string in blocks of 8 bytes
iIndex = 0
For i = 1 To nBlocks
sBlock = Mid(strIn, iIndex + 1, 8)
' Convert to bytes
' aBytes() = StrConv(sBlock, vbFromUnicode)
Call bu_String2Bytes(sBlock, aBytes)
' Encrypt the block
Call blf_DecryptBytes(aBytes)
' Convert back to a string
'sBlock = StrConv(aBytes(), vbUnicode)
sBlock = bu_Bytes2String(aBytes, 8)
' Copy to output string
' Mid(strOut, iIndex + 1, 8) = sBlock
strOut = strOut & sBlock
iIndex = iIndex + 8
Next
' Strip padding, if valid
strOut = UnpadString(strOut, padMethod)
blf_StringDec = strOut
End Function
Public Function PadString(strData, method)
' Pad data string to next multiple of 8 bytes as per RFC 2630
Dim nLen
Dim sPad
Dim nPad
nLen = Len(strData)
nPad = ((nLen \ 8) + 1) * 8 - nLen
Select Case method
Case "PKCS5"
sPad = String(nPad, Chr(nPad)) ' Pad with # of pads (1-8)
Case "NULL"
sPad = String(nPad, Chr(0)) ' Pad with # of NULL characters
End Select
PadString = strData & sPad
End Function
Public Function UnpadString(strData, method)
' Strip RFC 2630-style padding
Dim nLen
Dim nPad
nLen = Len(strData)
If nLen = 0 Then Exit Function
Select Case method
Case "PKCS5"
' Get # of padding bytes from last char
nPad = Asc(Right(strData, 1))
If nPad > 8 Then nPad = 0 ' In case invalid
strData = Left(strData, nLen - nPad)
Case "NULL"
'Remove any NULL characters, obviously, this method isn't ideal if
'the data contains valid NULLs. This shouldn't be an issue with
'ASCII text.
strData = Replace(strData, Chr(0), "")
End Select
UnpadString = strData
End Function
主要修改是 PadString() 和 UnpadString() 函数。我添加了一个参数 method 允许您传递标识符 NULL 或 PKCS5 以确定我们如何填充/取消填充数据。这些函数已经存在,但由于某些原因未被 blf_StringEnc() 和 blf_StringDec() 函数使用,因此为了 DRY principle 的利益,我修改了它们以便使用它们。
通过这些修改 (这只是使代码更灵活的快速尝试) 使用以下代码;
Dim aKey()
Dim nKeyLen, szTxtKey, szTxtPlain, szTxtKeyAsString, szTxtCipher, szTxtCipherHex, szTxtCipher64, szTxtDecrypt
szTxtKey = "04B915BA43FEB5B6"
szTxtPlain = "Hello World"
ReDim aKey((Len(szTxtKey) \ 2) - 1)
nKeyLen = bu_HexStr2Bytes(szTxtKey, aKey)
Call blf_Key(aKey, nKeyLen)
szTxtKeyAsString = bu_Bytes2HexStr(aKey, nKeyLen)
'Encrypt using NULL padding method.
szTxtCipher = blf_StringEnc(szTxtPlain, "NULL")
szTxtCipherHex = bu_Str2Hex(szTxtCipher)
Call Response.Write(szTxtCipherHex)
将导致;
819DD50A925A5EB83ED723BEA6D84984
正如最初预期的那样。
我需要在 C# 中加密一个值,然后在经典 ASP 中解密。我最接近使它起作用的是 Blowfish。但问题是这两种实现产生的结果略有不同,我不确定为什么。
正在使用的实现:
C#: https://defuse.ca/blowfish.htm
vbscript: http://www.di-mgt.com.au/cryptoBlowfishASP.html
C#代码:
var input = "Hello World";
var key = "04B915BA43FEB5B6";
BlowFish b = new BlowFish(key);
string enc, dec;
enc = b.Encrypt_ECB(input);
dec = b.Decrypt_ECB(enc);
vbscript:
Dim aKey()
Dim nKeyLen, szTxtKey, szTxtPlain, szTxtKeyAsString, szTxtCipher, szTxtCipherHex, szTxtCipher64, szTxtDecrypt
szTxtKey = "04B915BA43FEB5B6"
szTxtPlain = "Hello World"
ReDim aKey((Len(szTxtKey) \ 2) - 1)
nKeyLen = bu_HexStr2Bytes(szTxtKey, aKey)
Call blf_Key(aKey, nKeyLen)
szTxtKeyAsString = bu_Bytes2HexStr(aKey, nKeyLen)
szTxtCipher = blf_StringEnc(szTxtPlain)
szTxtCipherHex = bu_Str2Hex(szTxtCipher)
C# 输出:
819dd50a925a5eb83ed723bea6d84984
VBScript 输出:
819DD50A925A5EB8CABE974A654A18A8
前半部分输出相同:“819DD50A925A5EB8”
有趣的是,如果我用 C# 库解密 vbscript 输出,我会得到: 你好世界♣♣♣♣♣
所以...它几乎可以工作,但是有某种填充或其他事情正在发生。不过我不知道如何解决这个问题。
如果您可以 shell 从 VBScript 输出到命令行,则可以使用加密字符串的相同 C# 库创建一个控制台应用程序。有点解决方法,但您将使用相同的库。
作为@artjom-b has
对不同的填充方法有很好的解释here。
分析 blowfish.cs 文件显示它使用 NULL 填充 (注意文件中的这个片段);
/// <summary>
/// Decrypts a string (ECB)
/// </summary>
/// <param name="ct">hHex string of the ciphertext</param>
/// <returns>Plaintext ascii string</returns>
public string Decrypt_ECB(string ct)
{
return Encoding.ASCII.GetString(Decrypt_ECB(HexToByte(ct))).Replace("[=10=]", "");
}
相比之下,经典 ASP 实现使用 PKCS5 填充 (来自 basBlowfishFns.asp 的片段显示了 PKCS5 方法)
From Using Padding in Encryption
Pad with bytes all of the same value as the number of padding bytes (PKCS5 padding)
' Get # of padding bytes from last char
nPad = Asc(Right(strData, 1))
If nPad > 8 Then nPad = 0 ' In case invalid
strData = Left(strData, nLen - nPad)
解决方法是对 c# 库使用的 NULL 填充应用变通方法。
这里是修改后的basBlowfishFns.asp(只展示修改后的功能);
Public Function blf_StringEnc(strData, padMethod)
' Encrypts plaintext strData after adding RFC 2630 padding
' Returns encrypted string.
' Requires key and boxes to be already set up.
' Version 5. Completely revised.
' The speed improvement here is due to Robert Garofalo.
Dim strIn
Dim strOut
Dim nLen
Dim sPad
Dim nPad
Dim nBlocks
Dim i
Dim j
Dim aBytes(7)
Dim sBlock
Dim iIndex
' Pad data string to multiple of 8 bytes
strIn = PadString(strData, padMethod)
' Calc number of 8-byte blocks
nLen = Len(strIn)
nBlocks = nLen \ 8
' Allocate output string here so we can use Mid($ below
' strOut = String(nLen, " ")
strOut = "" ' Fix for VBScript
' Work through string in blocks of 8 bytes
iIndex = 0
For i = 1 To nBlocks
sBlock = Mid(strIn, iIndex + 1, 8)
' Convert to bytes
' aBytes() = StrConv(sBlock, vbFromUnicode)
Call bu_String2Bytes(sBlock, aBytes)
' Encrypt the block
Call blf_EncryptBytes(aBytes)
' Convert back to a string
' sBlock = StrConv(aBytes(), vbUnicode)
sBlock = bu_Bytes2String(aBytes, 8)
' Copy to output string
' Mid(strOut, iIndex + 1, 8) = sBlock
strOut = strOut & sBlock
iIndex = iIndex + 8
Next
blf_StringEnc = strOut
End Function
Public Function blf_StringDec(strData, padMethod)
' Decrypts ciphertext strData and removes RFC 2630 padding
' Returns decrypted string.
' Requires key and boxes to be already set up.
' Version 5. Completely revised.
' The speed improvement here is due to Robert Garofalo.
Dim strIn
Dim strOut
Dim nLen
Dim sPad
Dim nPad
Dim nBlocks
Dim i
Dim j
Dim aBytes(7)
Dim sBlock
Dim iIndex
strIn = strData
' Calc number of 8-byte blocks
nLen = Len(strIn)
nBlocks = nLen \ 8
' Allocate output string here so we can use Mid($ below
'strOut = String(nLen, " ")
strOut = ""
' Work through string in blocks of 8 bytes
iIndex = 0
For i = 1 To nBlocks
sBlock = Mid(strIn, iIndex + 1, 8)
' Convert to bytes
' aBytes() = StrConv(sBlock, vbFromUnicode)
Call bu_String2Bytes(sBlock, aBytes)
' Encrypt the block
Call blf_DecryptBytes(aBytes)
' Convert back to a string
'sBlock = StrConv(aBytes(), vbUnicode)
sBlock = bu_Bytes2String(aBytes, 8)
' Copy to output string
' Mid(strOut, iIndex + 1, 8) = sBlock
strOut = strOut & sBlock
iIndex = iIndex + 8
Next
' Strip padding, if valid
strOut = UnpadString(strOut, padMethod)
blf_StringDec = strOut
End Function
Public Function PadString(strData, method)
' Pad data string to next multiple of 8 bytes as per RFC 2630
Dim nLen
Dim sPad
Dim nPad
nLen = Len(strData)
nPad = ((nLen \ 8) + 1) * 8 - nLen
Select Case method
Case "PKCS5"
sPad = String(nPad, Chr(nPad)) ' Pad with # of pads (1-8)
Case "NULL"
sPad = String(nPad, Chr(0)) ' Pad with # of NULL characters
End Select
PadString = strData & sPad
End Function
Public Function UnpadString(strData, method)
' Strip RFC 2630-style padding
Dim nLen
Dim nPad
nLen = Len(strData)
If nLen = 0 Then Exit Function
Select Case method
Case "PKCS5"
' Get # of padding bytes from last char
nPad = Asc(Right(strData, 1))
If nPad > 8 Then nPad = 0 ' In case invalid
strData = Left(strData, nLen - nPad)
Case "NULL"
'Remove any NULL characters, obviously, this method isn't ideal if
'the data contains valid NULLs. This shouldn't be an issue with
'ASCII text.
strData = Replace(strData, Chr(0), "")
End Select
UnpadString = strData
End Function
主要修改是 PadString() 和 UnpadString() 函数。我添加了一个参数 method 允许您传递标识符 NULL 或 PKCS5 以确定我们如何填充/取消填充数据。这些函数已经存在,但由于某些原因未被 blf_StringEnc() 和 blf_StringDec() 函数使用,因此为了 DRY principle 的利益,我修改了它们以便使用它们。
通过这些修改 (这只是使代码更灵活的快速尝试) 使用以下代码;
Dim aKey()
Dim nKeyLen, szTxtKey, szTxtPlain, szTxtKeyAsString, szTxtCipher, szTxtCipherHex, szTxtCipher64, szTxtDecrypt
szTxtKey = "04B915BA43FEB5B6"
szTxtPlain = "Hello World"
ReDim aKey((Len(szTxtKey) \ 2) - 1)
nKeyLen = bu_HexStr2Bytes(szTxtKey, aKey)
Call blf_Key(aKey, nKeyLen)
szTxtKeyAsString = bu_Bytes2HexStr(aKey, nKeyLen)
'Encrypt using NULL padding method.
szTxtCipher = blf_StringEnc(szTxtPlain, "NULL")
szTxtCipherHex = bu_Str2Hex(szTxtCipher)
Call Response.Write(szTxtCipherHex)
将导致;
819DD50A925A5EB83ED723BEA6D84984
正如最初预期的那样。