5

Android SSE 程序是一款优秀的跨平台加解密开源程序。他们为其他系统提供客户端(基于他们使用基于 Java 的充气城堡库),但我想知道是否可以使用 openssl 解密。这对我来说主要是一个练习,但如果允许其他人通过向他们发送 openssl 命令运行来解密我的文件,那就太好了。

SSE 是开源的,但这里是生成加密密钥的核心代码:

/** Generate password-base Keys (128, 256, 448 bits) */
private void generatePBKeys448Max(String pw, boolean unicodeAllowed) throws NoSuchAlgorithmException, InvalidKeySpecException 
{
    pw = pw.trim();
    if(unicodeAllowed) pw = convertToCodePoints(pw);

    byte[] shaL1 = getSHA512Hash(pw.getBytes());    
    byte[] shaSalt = getSHA256Hash(Helpers.getSubarray(shaL1, 0, 8));
    byte[] shaIV = getSHA256Hash(Helpers.getSubarray(shaL1, 8, 8));

    PKCS12ParametersGenerator pGen = new PKCS12ParametersGenerator(new SHA1Digest());
    char[] passwordChars = pw.toCharArray();
    final byte[] pkcs12PasswordBytes = PBEParametersGenerator.PKCS12PasswordToBytes(passwordChars);
    pGen.init(pkcs12PasswordBytes, shaSalt, 600);
    CBCBlockCipher aesCBC = new CBCBlockCipher(new AESFastEngine());
    ParametersWithIV aesCBCParams = (ParametersWithIV) pGen.generateDerivedParameters(256, 128);
    aesCBC.init(false, aesCBCParams);       
    byte[] key = ((KeyParameter)aesCBCParams.getParameters()).getKey();

    byte[] k01 = Helpers.getSubarray(key, 0, 16);
    byte[] k02 = Helpers.getSubarray(key, 16, 16);
    keysVault.put("KS256", key);
    keysVault.put("KS128", Helpers.xorit(k01, k02));

    byte[] k31 = Helpers.getSubarray(shaL1, 40, 24);
    byte[] k32 = Helpers.concat(key, k31);
    keysVault.put("KS448", k32);

    String forIV = new String(getMD5Hash(shaIV));   
    PKCS12ParametersGenerator pGenIV = new PKCS12ParametersGenerator(new SHA1Digest());
    char[] ivChars = forIV.toCharArray();
    final byte[] pkcs12IVBytes = PBEParametersGenerator.PKCS12PasswordToBytes(ivChars);
    pGenIV.init(pkcs12IVBytes, getMD5Hash(shaSalt).getBytes(), 100);
    CBCBlockCipher aesCBC2 = new CBCBlockCipher(new AESFastEngine());
    ParametersWithIV aesCBCParams2 = (ParametersWithIV) pGenIV.generateDerivedParameters(256, 128);
    aesCBC2.init(false, aesCBCParams2);     
    byte[] keyIV = ((KeyParameter)aesCBCParams2.getParameters()).getKey();      

    byte[] k11 = Helpers.getSubarray(keyIV, 0, 16);
    byte[] k12 = Helpers.getSubarray(keyIV, 16, 16);
    byte[] ivTemp = Helpers.xorit(k11, k12);
    byte[] k21 = Helpers.getSubarray(ivTemp, 0, 8);
    byte[] k22 = Helpers.getSubarray(ivTemp, 8, 8);
    keysVault.put("IS128", ivTemp);
    keysVault.put("IS64", Helpers.xorit(k21, k22));
 }

到目前为止,我已经完成了(注意 SSE 设置为使用 AES 256 加密)

$ echo "testpass" | openssl sha512 -out shaL1
$ dd count=8 bs=1 if=shaL1 of=shaSalt
$ dd skip=8 count=8 bs=1 if=shaL1 of=shaIV
$ hexdump -ve '1/1 "%.2x"' shaSalt > shaSalt.hex
$ hexdump -ve '1/1 "%.2x"' shaIV > shaIV.hex
$ openssl aes-256-cbc -d -S shaSalt.hex -kfile shaIV.hex -p -in temp.enc -out mydir
bad magic number

我在这里非常初学者,所以我可能会错过很多......:-/

4

0 回答 0