使用明文密钥的 3DES 加密
3DES encryption with clear key
我正在尝试使用以下接口编写 Cobol 程序:
Objective
收到明文加密密钥和明文以及 returns 使用 3DES 算法的密文。
输入:
- CLEAR_KEY: 一个 32 个字符的十六进制字符串,用作加密密钥。
- CLEAR_TEXT: 16个字符的字符串。
输出:
- CYPHERED_TEXT: 16个字符的字符串。
我可以访问 DB2 and ICSF callable services。
我尝试了这三种方法:
使用CSNBSYE
77 CSNBSYE PIC X(7) VALUE 'CSNBSYE'.
01 CSNBSYE-PARAMETERS.
02 RETURN-CODE PIC 9(8) COMP.
02 REASON-CODE PIC 9(8) COMP.
02 EXIT-DATA-LENGTH PIC 9(8) COMP.
02 EXIT-DATA PIC X(32).
02 RULE-ARRAY-COUNT PIC 9(8) COMP.
02 RULE-ARRAY PIC X(8).
02 KEY-IDENTIFIER-LENGTH PIC 9(8) COMP.
02 KEY-IDENTIFIER PIC X(32).
02 KEY-PARMS-LENGTH PIC 9(8) COMP.
02 KEY-PARMS PIC X(32).
02 BLOCK-SIZE PIC 9(8) COMP.
02 INIT-VECTOR-LENGTH PIC 9(8) COMP.
02 INIT-VECTOR PIC X(8).
02 CHAIN-DATA-LENGTH PIC 9(8) COMP.
02 CHAIN-DATA PIC X(16).
02 CLEAR-TEXT-LENGTH PIC 9(8) COMP.
02 CLEAR-TEXT PIC X(16).
02 CYPHERED-TEXT-LENGTH PIC 9(8) COMP.
02 CYPHERED-TEXT PIC X(16).
02 OPTIONAL-DATA-LENGTH PIC 9(8) COMP.
02 OPTIONAL-DATA PIC X(32).
INITIALIZE CSNBSYE-PARAMETERS.
MOVE 1 TO RULE-ARRAY-COUNT.
MOVE 'DES ' TO RULE-ARRAY.
MOVE 16 TO KEY-IDENTIFIER-LENGTH.
MOVE '2DF65FD88EA9E17E3C66950387F91DE2' TO KEY-IDENTIFIER.
MOVE 8 TO BLOCK-SIZE
INIT-VECTOR-LENGTH.
MOVE ALL ZEROS TO INIT-VECTOR.
MOVE 16 TO CHAIN-DATA-LENGTH.
MOVE LOW-VALUES TO CHAIN-DATA.
MOVE 16 TO CLEAR-TEXT-LENGTH
CYPHERED-TEXT-LENGTH.
MOVE ALL ZEROS TO CLEAR-TEXT.
CALL CSNBSYE USING RETURN-CODE,
REASON-CODE,
EXIT-DATA-LENGTH,
EXIT-DATA,
RULE-ARRAY-COUNT,
RULE-ARRAY,
KEY-IDENTIFIER-LENGTH,
KEY-IDENTIFIER,
KEY-PARMS-LENGTH,
KEY-PARMS,
BLOCK-SIZE,
INIT-VECTOR-LENGTH,
INIT-VECTOR,
CHAIN-DATA-LENGTH,
CHAIN-DATA,
CLEAR-TEXT-LENGTH,
CLEAR-TEXT,
CYPHERED-TEXT-LENGTH,
CYPHERED-TEXT,
OPTIONAL-DATA-LENGTH,
OPTIONAL-DATA.
使用CSNBECO
77 CSNBECO PIC X(7) VALUE 'CSNBECO'.
01 CSNBECO-PARAMETERS.
02 RETURN-CODE PIC 9(8) COMP.
02 REASON-CODE PIC 9(8) COMP.
02 EXIT-DATA-LENGTH PIC 9(8) COMP.
02 EXIT-DATA PIC X(32).
02 CLEAR-KEY PIC X(32).
02 CLEAR-TEXT PIC X(16).
02 CYPHERED-TEXT PIC X(16).
INITIALIZE CSNBECO-PARAMETERS.
MOVE '2DF65FD88EA9E17E3C66950387F91DE2' TO CLEAR-KEY.
MOVE ALL ZEROS TO CLEAR-TEXT.
CALL CSNBSYE USING RETURN-CODE,
REASON-CODE,
EXIT-DATA-LENGTH,
EXIT-DATA,
CLEAR-KEY,
CLEAR-TEXT,
CYPHERED-TEXT.
使用DB2's ENCRYPT_TDES
01 WS.
02 CLEAR-TEXT PIC X(16).
02 CYPHERED-TEXT PIC X(16).
MOVE ALL ZEROS TO CLEAR-TEXT.
EXEC SQL
SELECT ENCRYPT_TDES(:CLEAR-TEXT, '2DF65FD88EA9E17E3C66950387F91DE2')
INTO :CYPHERED-TEXT
FROM SYSIBM.SYSDUMMY1
END-EXEC.
但是 none 这些方法返回了我预期的结果。我期待的结果与从本网站测试获得的结果相同: http://tripledes.online-domain-tools.com/ ,具有以下数据:
输入类型:文本
输入文本:0000000000000000(十六进制)
函数:3DES
模式:CBC
密钥:2DF65FD88EA9E17E3C66950387F91DE2(十六进制)
初始向量:00 00 00 00 00 00 00 00
加密!
加密文本(结果):87 30 e1 ef 98 3d f2 b4(十六进制)| . 0 á ï = ò ´ (字符串)
我的问题是:如何使用 IBM 提供的任何工具在 Cobol 程序中获得上述结果?
谢谢!
您的大部分困惑似乎来自于您将 hex-strings 误认为 byte-values。例如。您认为您传递 CSNBSYE 一个 '2DF65FD88EA9E17E3C66950387F91DE2'X 的 16 字节密钥,而您传递的是一个以 'F2C4C6F6F5C6C429F8'X 开头的 32 字节字符串 - 即您传递的字符的 EBCDIC-representation。要使用 byte-values 的实际 hex-representation,您必须在文字的结束撇号后附加一个 X。
另请注意,将 ZERO 移动到 PIC X 项会导致 'F0'X,而使用 LOW-VALUE 会导致 '00'。
另一点是,您似乎将网站的 3DES 结果与 CSNBECO 或 CSNBSYE 的 DES 结果进行比较 - 但它们是不同的密码,因此应该 return 不同的结果。
最后但并非最不重要的一点ENCRYPT_TDES:此函数使用 3DES 但它不接受明文密钥。相反,第二个参数是经过哈希处理以获得最终加密密钥的密码。
因此,在您调查的替代方案中,似乎只有 CSNBSYE 符合您的要求,但您必须研究其确切的 parameter-formats 和用法。
我做到了!代码如下:
77 CT-cENC-ROUTINE PIC X(7) VALUE 'CSNBSYE'.
05 WS-ENC.
10 WS-ENC-nRETURN-CODE PIC 9(8) COMP.
10 WS-ENC-nREASON-CODE PIC 9(8) COMP.
10 WS-ENC-nEXIT-DATA-LENGTH PIC 9(8) COMP.
10 WS-ENC-cEXIT-DATA PIC X(4).
10 WS-ENC-nRULE-ARRAY-COUNT PIC 9(8) COMP.
10 WS-ENC-RULE-ARRAY.
15 WS-ENC-cRULE-ALGO PIC X(8).
10 WS-ENC-cKEY-IDENT-LENGTH PIC 9(8) COMP.
10 WS-ENC-cKEY-IDENT PIC X(32).
10 WS-ENC-nKEY-PARMS-LENGTH PIC 9(8) COMP.
10 WS-ENC-nKEY-PARMS PIC X(64).
10 WS-ENC-nBLOCK-SIZE PIC 9(8) COMP.
10 WS-ENC-nINIT-VECTOR-LENGTH PIC 9(8) COMP.
10 WS-ENC-cINIT-VECTOR PIC X(16).
10 WS-ENC-nCHAIN-DATA-LENGTH PIC 9(8) COMP.
10 WS-ENC-cCHAIN-DATA PIC X(32).
10 WS-ENC-nCLEAR-TEXT-LENGTH PIC 9(8) COMP.
10 WS-ENC-cCLEAR-TEXT PIC X(16).
10 WS-ENC-nCYPHER-TEXT-LENGTH PIC 9(8) COMP.
10 WS-ENC-cCYPHER-TEXT PIC X(16).
10 WS-ENC-nOPTIONAL-DATA-LENGTH PIC 9(8) COMP.
10 WS-ENC-cOPTIONAL-DATA PIC X(32).
INITIALIZE WS-ENC
MOVE 1 TO WS-ENC-nRULE-ARRAY-COUNT
MOVE 'DES' TO WS-ENC-cRULE-ALGO
EXEC SQL
SELECT VARCHAR_BIT_FORMAT('2DF65FD88EA9E17E3C66950387F91DE2')
INTO :WS-ENC-cKEY-IDENT
FROM SYSIBM.SYSDUMMY1
END-EXEC
MOVE 16 TO WS-ENC-cKEY-IDENT-LENGTH
MOVE 8 TO WS-ENC-nBLOCK-SIZE
WS-ENC-nINIT-VECTOR-LENGTH
MOVE ALL ZEROS TO WS-ENC-cINIT-VECTOR
MOVE LENGTH OF WS-ENC-cCHAIN-DATA
TO WS-ENC-nCHAIN-DATA-LENGTH
MOVE LOW-VALUES TO WS-ENC-cCHAIN-DATA
MOVE LENGTH OF WS-ENC-cCLEAR-TEXT
TO WS-ENC-nCLEAR-TEXT-LENGTH
WS-ENC-nCYPHER-TEXT-LENGTH
MOVE '0000000000000000' TO WS-ENC-cCLEAR-TEXT
CALL CT-cENC-ROUTINE USING WS-ENC-nRETURN-CODE,
WS-ENC-nREASON-CODE,
WS-ENC-nEXIT-DATA-LENGTH,
WS-ENC-cEXIT-DATA,
WS-ENC-nRULE-ARRAY-COUNT,
WS-ENC-RULE-ARRAY,
WS-ENC-cKEY-IDENT-LENGTH,
WS-ENC-cKEY-IDENT,
WS-ENC-nKEY-PARMS-LENGTH,
WS-ENC-nKEY-PARMS,
WS-ENC-nBLOCK-SIZE,
WS-ENC-nINIT-VECTOR-LENGTH,
WS-ENC-cINIT-VECTOR,
WS-ENC-nCHAIN-DATA-LENGTH,
WS-ENC-cCHAIN-DATA,
WS-ENC-nCLEAR-TEXT-LENGTH,
WS-ENC-cCLEAR-TEXT,
WS-ENC-nCYPHER-TEXT-LENGTH,
WS-ENC-cCYPHER-TEXT
WS-ENC-nOPTIONAL-DATA-LENGTH,
WS-ENC-cOPTIONAL-DATA
因此,缺少的是:1) 将 32 字节的十六进制字符串转换为其 16 字节的字符串表示形式。 2) 链数据大小设为32。
我正在尝试使用以下接口编写 Cobol 程序:
Objective
收到明文加密密钥和明文以及 returns 使用 3DES 算法的密文。
输入:
- CLEAR_KEY: 一个 32 个字符的十六进制字符串,用作加密密钥。
- CLEAR_TEXT: 16个字符的字符串。
输出:
- CYPHERED_TEXT: 16个字符的字符串。
我可以访问 DB2 and ICSF callable services。
我尝试了这三种方法:
使用CSNBSYE
77 CSNBSYE PIC X(7) VALUE 'CSNBSYE'.
01 CSNBSYE-PARAMETERS.
02 RETURN-CODE PIC 9(8) COMP.
02 REASON-CODE PIC 9(8) COMP.
02 EXIT-DATA-LENGTH PIC 9(8) COMP.
02 EXIT-DATA PIC X(32).
02 RULE-ARRAY-COUNT PIC 9(8) COMP.
02 RULE-ARRAY PIC X(8).
02 KEY-IDENTIFIER-LENGTH PIC 9(8) COMP.
02 KEY-IDENTIFIER PIC X(32).
02 KEY-PARMS-LENGTH PIC 9(8) COMP.
02 KEY-PARMS PIC X(32).
02 BLOCK-SIZE PIC 9(8) COMP.
02 INIT-VECTOR-LENGTH PIC 9(8) COMP.
02 INIT-VECTOR PIC X(8).
02 CHAIN-DATA-LENGTH PIC 9(8) COMP.
02 CHAIN-DATA PIC X(16).
02 CLEAR-TEXT-LENGTH PIC 9(8) COMP.
02 CLEAR-TEXT PIC X(16).
02 CYPHERED-TEXT-LENGTH PIC 9(8) COMP.
02 CYPHERED-TEXT PIC X(16).
02 OPTIONAL-DATA-LENGTH PIC 9(8) COMP.
02 OPTIONAL-DATA PIC X(32).
INITIALIZE CSNBSYE-PARAMETERS.
MOVE 1 TO RULE-ARRAY-COUNT.
MOVE 'DES ' TO RULE-ARRAY.
MOVE 16 TO KEY-IDENTIFIER-LENGTH.
MOVE '2DF65FD88EA9E17E3C66950387F91DE2' TO KEY-IDENTIFIER.
MOVE 8 TO BLOCK-SIZE
INIT-VECTOR-LENGTH.
MOVE ALL ZEROS TO INIT-VECTOR.
MOVE 16 TO CHAIN-DATA-LENGTH.
MOVE LOW-VALUES TO CHAIN-DATA.
MOVE 16 TO CLEAR-TEXT-LENGTH
CYPHERED-TEXT-LENGTH.
MOVE ALL ZEROS TO CLEAR-TEXT.
CALL CSNBSYE USING RETURN-CODE,
REASON-CODE,
EXIT-DATA-LENGTH,
EXIT-DATA,
RULE-ARRAY-COUNT,
RULE-ARRAY,
KEY-IDENTIFIER-LENGTH,
KEY-IDENTIFIER,
KEY-PARMS-LENGTH,
KEY-PARMS,
BLOCK-SIZE,
INIT-VECTOR-LENGTH,
INIT-VECTOR,
CHAIN-DATA-LENGTH,
CHAIN-DATA,
CLEAR-TEXT-LENGTH,
CLEAR-TEXT,
CYPHERED-TEXT-LENGTH,
CYPHERED-TEXT,
OPTIONAL-DATA-LENGTH,
OPTIONAL-DATA.
使用CSNBECO
77 CSNBECO PIC X(7) VALUE 'CSNBECO'.
01 CSNBECO-PARAMETERS.
02 RETURN-CODE PIC 9(8) COMP.
02 REASON-CODE PIC 9(8) COMP.
02 EXIT-DATA-LENGTH PIC 9(8) COMP.
02 EXIT-DATA PIC X(32).
02 CLEAR-KEY PIC X(32).
02 CLEAR-TEXT PIC X(16).
02 CYPHERED-TEXT PIC X(16).
INITIALIZE CSNBECO-PARAMETERS.
MOVE '2DF65FD88EA9E17E3C66950387F91DE2' TO CLEAR-KEY.
MOVE ALL ZEROS TO CLEAR-TEXT.
CALL CSNBSYE USING RETURN-CODE,
REASON-CODE,
EXIT-DATA-LENGTH,
EXIT-DATA,
CLEAR-KEY,
CLEAR-TEXT,
CYPHERED-TEXT.
使用DB2's ENCRYPT_TDES
01 WS.
02 CLEAR-TEXT PIC X(16).
02 CYPHERED-TEXT PIC X(16).
MOVE ALL ZEROS TO CLEAR-TEXT.
EXEC SQL
SELECT ENCRYPT_TDES(:CLEAR-TEXT, '2DF65FD88EA9E17E3C66950387F91DE2')
INTO :CYPHERED-TEXT
FROM SYSIBM.SYSDUMMY1
END-EXEC.
但是 none 这些方法返回了我预期的结果。我期待的结果与从本网站测试获得的结果相同: http://tripledes.online-domain-tools.com/ ,具有以下数据:
输入类型:文本
输入文本:0000000000000000(十六进制)
函数:3DES
模式:CBC
密钥:2DF65FD88EA9E17E3C66950387F91DE2(十六进制)
初始向量:00 00 00 00 00 00 00 00
加密!
加密文本(结果):87 30 e1 ef 98 3d f2 b4(十六进制)| . 0 á ï = ò ´ (字符串)
我的问题是:如何使用 IBM 提供的任何工具在 Cobol 程序中获得上述结果?
谢谢!
您的大部分困惑似乎来自于您将 hex-strings 误认为 byte-values。例如。您认为您传递 CSNBSYE 一个 '2DF65FD88EA9E17E3C66950387F91DE2'X 的 16 字节密钥,而您传递的是一个以 'F2C4C6F6F5C6C429F8'X 开头的 32 字节字符串 - 即您传递的字符的 EBCDIC-representation。要使用 byte-values 的实际 hex-representation,您必须在文字的结束撇号后附加一个 X。
另请注意,将 ZERO 移动到 PIC X 项会导致 'F0'X,而使用 LOW-VALUE 会导致 '00'。
另一点是,您似乎将网站的 3DES 结果与 CSNBECO 或 CSNBSYE 的 DES 结果进行比较 - 但它们是不同的密码,因此应该 return 不同的结果。
最后但并非最不重要的一点ENCRYPT_TDES:此函数使用 3DES 但它不接受明文密钥。相反,第二个参数是经过哈希处理以获得最终加密密钥的密码。
因此,在您调查的替代方案中,似乎只有 CSNBSYE 符合您的要求,但您必须研究其确切的 parameter-formats 和用法。
我做到了!代码如下:
77 CT-cENC-ROUTINE PIC X(7) VALUE 'CSNBSYE'.
05 WS-ENC.
10 WS-ENC-nRETURN-CODE PIC 9(8) COMP.
10 WS-ENC-nREASON-CODE PIC 9(8) COMP.
10 WS-ENC-nEXIT-DATA-LENGTH PIC 9(8) COMP.
10 WS-ENC-cEXIT-DATA PIC X(4).
10 WS-ENC-nRULE-ARRAY-COUNT PIC 9(8) COMP.
10 WS-ENC-RULE-ARRAY.
15 WS-ENC-cRULE-ALGO PIC X(8).
10 WS-ENC-cKEY-IDENT-LENGTH PIC 9(8) COMP.
10 WS-ENC-cKEY-IDENT PIC X(32).
10 WS-ENC-nKEY-PARMS-LENGTH PIC 9(8) COMP.
10 WS-ENC-nKEY-PARMS PIC X(64).
10 WS-ENC-nBLOCK-SIZE PIC 9(8) COMP.
10 WS-ENC-nINIT-VECTOR-LENGTH PIC 9(8) COMP.
10 WS-ENC-cINIT-VECTOR PIC X(16).
10 WS-ENC-nCHAIN-DATA-LENGTH PIC 9(8) COMP.
10 WS-ENC-cCHAIN-DATA PIC X(32).
10 WS-ENC-nCLEAR-TEXT-LENGTH PIC 9(8) COMP.
10 WS-ENC-cCLEAR-TEXT PIC X(16).
10 WS-ENC-nCYPHER-TEXT-LENGTH PIC 9(8) COMP.
10 WS-ENC-cCYPHER-TEXT PIC X(16).
10 WS-ENC-nOPTIONAL-DATA-LENGTH PIC 9(8) COMP.
10 WS-ENC-cOPTIONAL-DATA PIC X(32).
INITIALIZE WS-ENC
MOVE 1 TO WS-ENC-nRULE-ARRAY-COUNT
MOVE 'DES' TO WS-ENC-cRULE-ALGO
EXEC SQL
SELECT VARCHAR_BIT_FORMAT('2DF65FD88EA9E17E3C66950387F91DE2')
INTO :WS-ENC-cKEY-IDENT
FROM SYSIBM.SYSDUMMY1
END-EXEC
MOVE 16 TO WS-ENC-cKEY-IDENT-LENGTH
MOVE 8 TO WS-ENC-nBLOCK-SIZE
WS-ENC-nINIT-VECTOR-LENGTH
MOVE ALL ZEROS TO WS-ENC-cINIT-VECTOR
MOVE LENGTH OF WS-ENC-cCHAIN-DATA
TO WS-ENC-nCHAIN-DATA-LENGTH
MOVE LOW-VALUES TO WS-ENC-cCHAIN-DATA
MOVE LENGTH OF WS-ENC-cCLEAR-TEXT
TO WS-ENC-nCLEAR-TEXT-LENGTH
WS-ENC-nCYPHER-TEXT-LENGTH
MOVE '0000000000000000' TO WS-ENC-cCLEAR-TEXT
CALL CT-cENC-ROUTINE USING WS-ENC-nRETURN-CODE,
WS-ENC-nREASON-CODE,
WS-ENC-nEXIT-DATA-LENGTH,
WS-ENC-cEXIT-DATA,
WS-ENC-nRULE-ARRAY-COUNT,
WS-ENC-RULE-ARRAY,
WS-ENC-cKEY-IDENT-LENGTH,
WS-ENC-cKEY-IDENT,
WS-ENC-nKEY-PARMS-LENGTH,
WS-ENC-nKEY-PARMS,
WS-ENC-nBLOCK-SIZE,
WS-ENC-nINIT-VECTOR-LENGTH,
WS-ENC-cINIT-VECTOR,
WS-ENC-nCHAIN-DATA-LENGTH,
WS-ENC-cCHAIN-DATA,
WS-ENC-nCLEAR-TEXT-LENGTH,
WS-ENC-cCLEAR-TEXT,
WS-ENC-nCYPHER-TEXT-LENGTH,
WS-ENC-cCYPHER-TEXT
WS-ENC-nOPTIONAL-DATA-LENGTH,
WS-ENC-cOPTIONAL-DATA
因此,缺少的是:1) 将 32 字节的十六进制字符串转换为其 16 字节的字符串表示形式。 2) 链数据大小设为32。