9

我正在尝试在 Ruby 中实现 aes-128-ccm 加密字符串的 SJCL 解密。在阅读了一个类似的问题后,我发现更新版本的 OpenSSL 库应该支持这一点,所以我已经将开发版本从 github 安装到 /opt

执行此操作后,当我运行 /opt/bin/openssl 密码时,我在列表中看不到 aes-128-ccm 密码:

ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:DH-DSS-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DH-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DH-RSA-AES256-SHA256:DH-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DH-RSA-AES256-SHA:DH-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:DH-RSA-CAMELLIA256-SHA:DH-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DH-RSA-DES-CBC3-SHA:DH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:DH-DSS-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DH-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DH-RSA-AES128-SHA256:DH-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DH-RSA-AES128-SHA:DH-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DH-RSA-SEED-SHA:DH-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:DH-RSA-CAMELLIA128-SHA:DH-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:PSK-AES128-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DH-RSA-DES-CBC-SHA:DH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DH-RSA-DES-CBC-SHA:EXP-DH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5

但是如果我运行 /opt/bin/openssl enc -help 2>&1 我会看到“-aes-128-ccm”:

-aes-128-cbc               -aes-128-ccm               -aes-128-cfb              
-aes-128-cfb1              -aes-128-cfb8              -aes-128-ctr              
-aes-128-ecb               -aes-128-gcm               -aes-128-ofb              
-aes-128-xts               -aes-192-cbc               -aes-192-ccm              
-aes-192-cfb               -aes-192-cfb1              -aes-192-cfb8             
-aes-192-ctr               -aes-192-ecb               -aes-192-gcm              
-aes-192-ofb               -aes-256-cbc               -aes-256-ccm              
-aes-256-cfb               -aes-256-cfb1              -aes-256-cfb8             
-aes-256-ctr               -aes-256-ecb               -aes-256-gcm              
-aes-256-ofb               -aes-256-xts               -aes128                   
-aes192                    -aes256                    -bf                       
-bf-cbc                    -bf-cfb                    -bf-ecb                   
-bf-ofb                    -blowfish                  -camellia-128-cbc         
-camellia-128-cfb          -camellia-128-cfb1         -camellia-128-cfb8        
-camellia-128-ecb          -camellia-128-ofb          -camellia-192-cbc         
-camellia-192-cfb          -camellia-192-cfb1         -camellia-192-cfb8        
-camellia-192-ecb          -camellia-192-ofb          -camellia-256-cbc         
-camellia-256-cfb          -camellia-256-cfb1         -camellia-256-cfb8        
-camellia-256-ecb          -camellia-256-ofb          -camellia128              
-camellia192               -camellia256               -cast                     
-cast-cbc                  -cast5-cbc                 -cast5-cfb                
-cast5-ecb                 -cast5-ofb                 -des                      
-des-cbc                   -des-cfb                   -des-cfb1                 
-des-cfb8                  -des-ecb                   -des-ede                  
-des-ede-cbc               -des-ede-cfb               -des-ede-ofb              
-des-ede3                  -des-ede3-cbc              -des-ede3-cfb             
-des-ede3-cfb1             -des-ede3-cfb8             -des-ede3-ofb             
-des-ofb                   -des3                      -desx                     
-desx-cbc                  -gost89                    -gost89-cnt               
-id-aes128-CCM             -id-aes128-GCM             -id-aes192-CCM            
-id-aes192-GCM             -id-aes256-CCM             -id-aes256-GCM            
-idea                      -idea-cbc                  -idea-cfb                 
-idea-ecb                  -idea-ofb                  -rc2                      
-rc2-40-cbc                -rc2-64-cbc                -rc2-cbc                  
-rc2-cfb                   -rc2-ecb                   -rc2-ofb                  
-rc4                       -rc4-40                    -rc4-hmac-md5             
-seed                      -seed-cbc                  -seed-cfb                 
-seed-ecb                  -seed-ofb

我使用以下命令重新安装了 ruby​​ 2.0.0p0 和 rvm:(rvm reinstall 2.0.0 --with-openssl-dir=/opt在上述文章中给出)。然后跑了cipher = OpenSSL::Cipher.new('aes-128-ccm')。返回以下错误:

unsupported cipher algorithm (aes-128-ccm)

我的问题是如何在 Ruby 中添加对 AES-128-CCM 的支持/我在这里做错了什么?

4

1 回答 1

2

好的,我已经成功了,这就是我所做的:

首先从github获取 OpenSSL 源代码:

$ git clone https://github.com/openssl/openssl.git
$ cd openssl/

如果您想要与我使用的完全相同的版本,请执行以下操作:

$ git checkout 5ae8d6bcbaff99423a2608559d738a3fcf7ed6dc -b tmp

现在在某个目录中使用共享库构建 OpenSSL:

$ ./config shared --prefix=/home/jbr/local/openssl
$ make depend
$ make
$ make install

确保您有 ccm 支持:

$ /home/jbr/local/openssl/bin/openssl enc -help  2>&1 | grep "ccm"
-aes-128-ccm               -aes-128-cfb               -aes-128-cfb1             
-aes-192-cbc               -aes-192-ccm               -aes-192-cfb              
-aes-256-ccm               -aes-256-cfb               -aes-256-cfb1

好的,现在使用 rvm 和新版本的 OpenSSL 安装一个命名的 Ruby:

$ rvm install ruby-2.0.0-p195 -n ccm --with-openssl-dir=/home/jbr/local/openssl

此命令为您提供带有 -ccm 后缀的 Ruby 2.0.0 补丁级别 195 版本,它使用您的新 OpenSSL 库。

现在使用新版本的 Ruby:

$ rvm use ruby-2.0.0-p195-ccm

并用 irb 进行测试:

$ irb
2.0.0p195 :001 > require 'openssl'
 => true
2.0.0p195 :005 > OpenSSL::Cipher.ciphers.include? "aes-128-ccm"
 => true

您现在拥有 aes-128-ccm。

于 2013-08-08T13:44:33.437 回答