1

我正在尝试解密存储在文件中的密码短语。加密是使用 Perl::CBC 模块完成的,但我需要为 Python 脚本解密它。坦率地说,我对加密算法知之甚少(或任何东西)。

密码短语被加密如下:

use Crypt::CBC;

my $key = '0123456789';
my $iv  = '$KJh#(}q';

my $cipher = Crypt::CBC->new(
    -key    => $key,
    -cipher => 'Blowfish',
    -header => 'none',
    -iv     => $iv,
);

my $passphrase = 'You have decrypted the passphrase.';
my $hex_encrypted = $cipher->encrypt_hex($passphrase);

它给出了一个加密的密码:9033c838e4418fbdc50a9fc0813745296d195d59954008f94b2b36a8e65dca959686206960a7828a

现在,我需要在 Python 脚本中使用它(使用 Python 2.7)。天真地,我希望这会奏效:

from Crypto.Cipher import Blowfish
from binascii import hexlify, unhexlify

perl_pass =  unhexlify('9033c838e4418fbdc50a9fc0813745296d195d59954008f94b2b36a8e65dca959686206960a7828a')
key = '0123456789'
iv  = '$KJh#(}q'
print Blowfish.new(key, Blowfish.MODE_CBC, iv).decrypt(perl_pass)

但这似乎只会产生一堆无法打印的垃圾。我玩了一些没有成功。我不太确定我需要在这里做什么才能成功解密此密码。

4

1 回答 1

1

您提供给 Crypt::CBC 的“密钥”实际上是一个密码短语,从中生成了一个“文字密钥”;Crypto.Cipher.Blowfish 需要该文字密钥,而不是密码。您可以从 Perl 程序中以十六进制打印生成的密钥,然后在 Python 中使用它:

use Crypt::CBC;

my $key = '0123456789';
my $iv  = '$KJh#(}q';

my $cipher = Crypt::CBC->new(
    -key    => $key,
    -cipher => 'Blowfish',
    -header => 'none',
    -iv     => $iv,
);

my $passphrase = "You have decrypted the passphrase.";
my $hex_encrypted = $cipher->encrypt_hex($passphrase);

print unpack('H*', $cipher->key()), "\n";

-

$ perl perl_crypt_cbc.pl
781e5e245d69b566979b86e28d23f2c78e938564cd1410f0ec1c1781466a6738bab0a6ed984c75ab34c68bbf7558077714043c5bdb959e46

-

from Crypto.Cipher import Blowfish
from binascii import hexlify, unhexlify

perl_pass = unhexlify("9033c838e4418fbdc50a9fc0813745296d195d59954008f94b2b36a8e65dca959686206960a7828a")

key = unhexlify("781e5e245d69b566979b86e28d23f2c78e938564cd1410f0ec1c1781466a6738bab0a6ed984c75ab34c68bbf7558077714043c5bdb959e46")
iv  = '$KJh#(}q'
print Blowfish.new(key, Blowfish.MODE_CBC, iv).decrypt(perl_pass)

-

python python_crypt_cbc.py 
You have decrypted the passphrase.

注意最后会有一些不可打印的字符: Blowfish 加密的字符串必须是 8 字节的倍数,所以 Perl 默默地填充它。它填充的字节是填充的长度:在这种情况下,六个字节的填充,所以它们每个都是 0x06。您可以轻松删除它们:

from Crypto.Cipher import Blowfish
from binascii import hexlify, unhexlify

perl_pass = unhexlify("9033c838e4418fbdc50a9fc0813745296d195d59954008f94b2b36a8e65dca959686206960a7828a")

key = unhexlify("781e5e245d69b566979b86e28d23f2c78e938564cd1410f0ec1c1781466a6738bab0a6ed984c75ab34c68bbf7558077714043c5bdb959e46")
iv  = '$KJh#(}q'
num_padding = ord(Blowfish.new(key, Blowfish.MODE_CBC, iv).decrypt(perl_pass)[-1])

print Blowfish.new(key, Blowfish.MODE_CBC, iv).decrypt(perl_pass)[:(-1*num_padding)]
于 2013-02-13T20:32:58.863 回答