OpenSSL 3.0 命令无法设置密码
OpenSSL 3.0 command fail to setting cipher
从 OpenSSL 3.0 开始,以下命令(适用于 OpenSSL 1.1)
openssl bf-cbc -d -nopad -bufsize 2048 -K 000102030405060708090A0B0C0D0E0F -iv 0001020304050607 < enc
现在失败
Error setting cipher BF-CBC
40CCA0B4217F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:349:Global default library context, Algorithm (BF-CBC : 13), Properties ()
查看 evp_fetch.c:349 我想我得到了一个 NULL 方法
但是 -help 屏幕不提供任何与指定方法相关的内容
Usage: bf-cbc [options]
General options:
-help Display this summary
-list List ciphers
-ciphers Alias for -list
-e Encrypt
-d Decrypt
-p Print the iv/key
-P Print the iv/key and exit
-engine val Use engine, possibly a hardware device
Input options:
-in infile Input file
-k val Passphrase
-kfile infile Read passphrase from file
Output options:
-out outfile Output file
-pass val Passphrase source
-v Verbose output
-a Base64 encode/decode, depending on encryption flag
-base64 Same as option -a
-A Used with -[base64|a] to specify base64 buffer as a single line
Encryption options:
-nopad Disable standard block padding
-salt Use salt in the KDF (default)
-nosalt Do not use salt in the KDF
-debug Print debug info
-bufsize val Buffer size
-K val Raw key, in hex
-S val Salt, in hex
-iv val IV in hex
-md val Use specified digest to create a key from the passphrase
-iter +int Specify the iteration count and force use of PBKDF2
-pbkdf2 Use password-based key derivation function 2
-none Don't encrypt
-z Compress or decompress encrypted data using zlib
-* Any supported cipher
Random state options:
-rand val Load the given file(s) into the random number generator
-writerand outfile Write random data to the specified file
Provider options:
-provider-path val Provider load path (must be before 'provider' argument if required)
-provider val Provider to load (can be specified multiple times)
-propquery val Property query used when fetching algorithms
根据 wiki,1.1 -> 3.0 迁移应向后兼容
https://wiki.openssl.org/index.php/OpenSSL_3.0#Upgrading_to_OpenSSL_3.0_from_OpenSSL_1.1.1
此外,-debug 标志表明 OpenSSL3.0 甚至无法创建密码
Error setting cipher BF-CBC
407C4A7BB27F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:349:Global default library context, Algorithm (BF-CBC : 13), Properties ()
BIO[0x55a2269514d0]: Free - FILE pointer
BIO[0x55a2269515a0]: Free - FILE pointer
而 OpenSSL 1.1 可以
BIO[0x55d62a675ff0]: ctrl(6) - FILE pointer
BIO[0x55d62a675ff0]: ctrl return 0
BIO[0x55d62a673990]: ctrl return 0
BIO[0x55d62a670ab0]: ctrl(10) - FILE pointer
BIO[0x55d62a670ab0]: ctrl return 0
BIO[0x55d62a670ab0]: ctrl(2) - FILE pointer
BIO[0x55d62a670ab0]: ctrl return 0
BIO[0x55d62a670ab0]: read(0,2048) - FILE pointer
BIO[0x55d62a670ab0]: read return 2048
BIO[0x55d62a673990]: write(0,2048) - cipher
BIO[0x55d62a675ff0]: write(0,2048) - FILE pointer
...
BIO[0x55d62a675ff0]: write return 2048
BIO[0x55d62a673990]: write return 2048
BIO[0x55d62a670ab0]: ctrl(10) - FILE pointer
BIO[0x55d62a670ab0]: ctrl return 0
BIO[0x55d62a670ab0]: ctrl(2) - FILE pointer
BIO[0x55d62a670ab0]: ctrl return 0
BIO[0x55d62a670ab0]: read(0,2048) - FILE pointer
BIO[0x55d62a670ab0]: read return 0
BIO[0x55d62a673990]: ctrl(11) - cipher
BIO[0x55d62a675ff0]: ctrl(11) - FILE pointer
BIO[0x55d62a675ff0]: ctrl return 1
BIO[0x55d62a673990]: ctrl return 1
BIO[0x55d62a670ab0]: Free - FILE pointer
BIO[0x55d62a675ff0]: Free - FILE pointer
BIO[0x55d62a673990]: Free - cipher
我应该提供什么遗漏的参数来使这个新的“方法”上下文起作用?
OpenSSL 3.0 和早期版本之间的一个主要区别是加密算法现在是通过“提供商”提供的。最常用的密码在“默认”提供程序中可用 - 默认情况下加载。您正在尝试使用河豚密码。该密码在“遗留”OpenSSL 3.0 提供程序中实现:
https://www.openssl.org/docs/man3.0/man7/OSSL_PROVIDER-legacy.html
默认情况下不加载旧提供程序。您可以通过在命令行中添加 -provider legacy 来显式加载它,即
openssl bf-cbc -d -nopad -bufsize 2048 -K 000102030405060708090A0B0C0D0E0F -iv 0001020304050607 -provider legacy < enc
从 OpenSSL 3.0 开始,以下命令(适用于 OpenSSL 1.1)
openssl bf-cbc -d -nopad -bufsize 2048 -K 000102030405060708090A0B0C0D0E0F -iv 0001020304050607 < enc
现在失败
Error setting cipher BF-CBC 40CCA0B4217F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:349:Global default library context, Algorithm (BF-CBC : 13), Properties ()
查看 evp_fetch.c:349 我想我得到了一个 NULL 方法
但是 -help 屏幕不提供任何与指定方法相关的内容
Usage: bf-cbc [options]
General options:
-help Display this summary
-list List ciphers
-ciphers Alias for -list
-e Encrypt
-d Decrypt
-p Print the iv/key
-P Print the iv/key and exit
-engine val Use engine, possibly a hardware device
Input options:
-in infile Input file
-k val Passphrase
-kfile infile Read passphrase from file
Output options:
-out outfile Output file
-pass val Passphrase source
-v Verbose output
-a Base64 encode/decode, depending on encryption flag
-base64 Same as option -a
-A Used with -[base64|a] to specify base64 buffer as a single line
Encryption options:
-nopad Disable standard block padding
-salt Use salt in the KDF (default)
-nosalt Do not use salt in the KDF
-debug Print debug info
-bufsize val Buffer size
-K val Raw key, in hex
-S val Salt, in hex
-iv val IV in hex
-md val Use specified digest to create a key from the passphrase
-iter +int Specify the iteration count and force use of PBKDF2
-pbkdf2 Use password-based key derivation function 2
-none Don't encrypt
-z Compress or decompress encrypted data using zlib
-* Any supported cipher
Random state options:
-rand val Load the given file(s) into the random number generator
-writerand outfile Write random data to the specified file
Provider options:
-provider-path val Provider load path (must be before 'provider' argument if required)
-provider val Provider to load (can be specified multiple times)
-propquery val Property query used when fetching algorithms
根据 wiki,1.1 -> 3.0 迁移应向后兼容 https://wiki.openssl.org/index.php/OpenSSL_3.0#Upgrading_to_OpenSSL_3.0_from_OpenSSL_1.1.1
此外,-debug 标志表明 OpenSSL3.0 甚至无法创建密码
Error setting cipher BF-CBC
407C4A7BB27F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:349:Global default library context, Algorithm (BF-CBC : 13), Properties ()
BIO[0x55a2269514d0]: Free - FILE pointer
BIO[0x55a2269515a0]: Free - FILE pointer
而 OpenSSL 1.1 可以
BIO[0x55d62a675ff0]: ctrl(6) - FILE pointer
BIO[0x55d62a675ff0]: ctrl return 0
BIO[0x55d62a673990]: ctrl return 0
BIO[0x55d62a670ab0]: ctrl(10) - FILE pointer
BIO[0x55d62a670ab0]: ctrl return 0
BIO[0x55d62a670ab0]: ctrl(2) - FILE pointer
BIO[0x55d62a670ab0]: ctrl return 0
BIO[0x55d62a670ab0]: read(0,2048) - FILE pointer
BIO[0x55d62a670ab0]: read return 2048
BIO[0x55d62a673990]: write(0,2048) - cipher
BIO[0x55d62a675ff0]: write(0,2048) - FILE pointer
...
BIO[0x55d62a675ff0]: write return 2048
BIO[0x55d62a673990]: write return 2048
BIO[0x55d62a670ab0]: ctrl(10) - FILE pointer
BIO[0x55d62a670ab0]: ctrl return 0
BIO[0x55d62a670ab0]: ctrl(2) - FILE pointer
BIO[0x55d62a670ab0]: ctrl return 0
BIO[0x55d62a670ab0]: read(0,2048) - FILE pointer
BIO[0x55d62a670ab0]: read return 0
BIO[0x55d62a673990]: ctrl(11) - cipher
BIO[0x55d62a675ff0]: ctrl(11) - FILE pointer
BIO[0x55d62a675ff0]: ctrl return 1
BIO[0x55d62a673990]: ctrl return 1
BIO[0x55d62a670ab0]: Free - FILE pointer
BIO[0x55d62a675ff0]: Free - FILE pointer
BIO[0x55d62a673990]: Free - cipher
我应该提供什么遗漏的参数来使这个新的“方法”上下文起作用?
OpenSSL 3.0 和早期版本之间的一个主要区别是加密算法现在是通过“提供商”提供的。最常用的密码在“默认”提供程序中可用 - 默认情况下加载。您正在尝试使用河豚密码。该密码在“遗留”OpenSSL 3.0 提供程序中实现:
https://www.openssl.org/docs/man3.0/man7/OSSL_PROVIDER-legacy.html
默认情况下不加载旧提供程序。您可以通过在命令行中添加 -provider legacy 来显式加载它,即
openssl bf-cbc -d -nopad -bufsize 2048 -K 000102030405060708090A0B0C0D0E0F -iv 0001020304050607 -provider legacy < enc